EC0-349 Online Practice Questions and Answers

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM files on a computer. Where should Harold navigate on the computer to find the file?

A. %systemroot%\system32\LSA

B. %systemroot%\system32\drivers\etc

C. %systemroot%\repair

D. %systemroot%\LSA

What are the security risks of running a "repair" installation for Windows XP?

A. Pressing Shift+F10gives the user administrative rights

B. Pressing Shift+F1gives the user administrative rights

C. Pressing Ctrl+F10 gives the user administrative rights

D. There are no security risks when running the "repair" installation for Windows XP

How many bits is Source Port Number in TCP Header packet?

A. 16

B. 32

C. 48

D. 64

What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

A. Every byte of the file(s) is given an MD5 hash to match against a master file

B. Every byte of the file(s) is verified using 32-bit CRC

C. Every byte of the file(s) is copied to three different hard drives

D. Every byte of the file(s) is encrypted using three different methods

Where does Encase search to recover NTFS files and folders?

A. MBR

B. MFT

C. Slack space

D. HAL

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

A. 16

B. 32

C. 64

D. 48

The newer Macintosh Operating System is based on: A. OS/2

B. BSD Unix

C. Linux

D. Microsoft Windows

If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

A. true

B. false

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

A. the Microsoft Virtual Machine Identifier

B. the Personal Application Protocol

C. the Globally Unique ID

D. the Individual ASCII String

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

A. EFS uses a 128-bit key that can't be cracked, so you will not be able to recover the information

B. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information.

C. The EFS Revoked Key Agent can be used on the Computer to recover the information

D. When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.