[Dec 23, 2024] EC-COUNCIL EC0-349 Exam Dumps Files, Q1/232: When monitoring for both intrusion and security events between multiple computers, it is essential that

Join the discussion

Question 1/232

When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

A. Universal Time Set

B. Network Time Protocol

C. SyncTime Service

D. Time-Sync Protocol

Add Comments

Other Question (232q): Q1. When monitoring for both intrusion and security events between multiple computers, it is e...; Q2. After passively scanning the network of Department of Defense (DoD), you switch over to ac...; Q3. You are running known exploits against your network to test for possible vulnerabilities. ...; Q4. You are working for a local police department that services a population of 1,000,000 peop...; Q5. Which of the following statements is incorrect related to acquiring electronic evidence at...; Q6. If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in I...; Q7. An on-site incident response team is called to investigate an alleged case of computer tam...; Q8. You have been asked to investigate the possibility of computer fraud in the finance depart...; Q9. A system with a simple logging mechanism has not been given much attention during developm...; Q10. You are carrying out the last round of testing for your new website before it goes live. T...; Q11. When reviewing web logs, you see an entry for resource not found in the HTTP status code f...; Q12. Item 2If you come across a sheepdip machine at your client site, what would you infer?...; Q13. First response to an incident may involve three different groups of people, and each will ...; Q14. The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS...; Q15. What layer of the OSI model do TCP and UDP utilize?...; Q16. You are the security analyst working for a private company out of France. Your current ass...; Q17. What is a good security method to prevent unauthorized users from "tailgating"?...; Q18. Quality of a raster Image is determined by the _________________and the amount of informat...; Q19. Which table is used to convert huge word lists (i .e. dictionary files and brute-force lis...; Q20. An image is an artifact that reproduces the likeness of some subject. These are produced b...; Q21. Software firewalls work at which layer of the OSI model?...; Q22. If you plan to startup a suspect's computer, you must modify the ___________ to ensure tha...; Q23. Cylie is investigating a network breach at a state organization in Florida. She discovers ...; Q24. Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?...; Q25. What will the following URL produce in an unpatched IIS Web Server? http://www.thetargetsi...; Q26. What will the following command accomplish in Linux? fdisk /dev/hda...; Q27. Syslog is a client/server protocol standard for forwarding log messages across an IP netwo...; Q28. Why should you never power on a computer that you need to acquire digital evidence from?...; Q29. How do you define forensic computing?; Q30. When cataloging digital evidence, the primary goal is to...; Q31. Why would you need to find out the gateway of a device when investigating a wireless attac...; Q32. The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Sn...; Q33. This organization maintains a database of hash signatures for known software....; Q34. Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, "X...; Q35. John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizin...; Q36. On an Active Directory network using NTLM authentication, where on the domain controllers ...; Q37. Ron. a computer forensics expert, Is Investigating a case involving corporate espionage. H...; Q38. Billy, a computer forensics expert, has recovered a large number of DBX files during foren...; Q39. Which response organization tracks hoaxes as well as viruses?...; Q40. The use of warning banners helps a company avoid litigation by overcoming an employees ass...; Q41. Jacob is a computer forensics investigator with over 10 years experience in investigations...; Q42. System software password cracking is defined as cracking the operating system and all othe...; Q43. The MD5 program is used to:; Q44. What does ICMP Type 3/Code 13 mean?; Q45. You have been given the task to investigate web attacks on a Windows-based server. Which o...; Q46. Kimberly is studying to be an IT security analyst at a vocational school in her town. The ...; Q47. Heather, a computer forensics investigator, is assisting a group of investigators working ...; Q48. An Expert witness gives an opinion if:; Q49. Harold is a computer forensics investigator working for a consulting firm out of Atlanta G...; Q50. You are working as Computer Forensics investigator and are called by the owner of an accou...; Q51. In a computer forensics investigation, what describes the route that evidence takes from t...; Q52. Log management includes all the processes and techniques used to collect, aggregate, and a...; Q53. In the following directory listing, (Exhibit) Which file should be used to restore archive...; Q54. What type of file is represented by a colon (:) with a name following it in the Master Fil...; Q55. Who is responsible for the following tasks? - Secure the scene and ensure that it is maint...; Q56. Which of the following commands shows you the username and IP address used to access the s...; Q57. The efforts to obtain information before a trail by demanding documents, depositions, ques...; Q58. Web applications provide an Interface between end users and web servers through a set of w...; Q59. In the following directory listing, (Exhibit) which file should be used to restore archive...; Q60. To check for POP3 traffic using Ethereal, what port should an investigator search by?...; Q61. You are assisting in the investigation of a possible Web Server Hack. The company who call...; Q62. Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wa...; Q63. What type of attack occurs when an attacker can force a router to stop forwarding packets ...; Q64. When searching through file headers for picture file formats, what should be searched to f...; Q65. After undergoing an external IT audit, George realizes his network is vulnerable to DDoS a...; Q66. In a virtual test environment, Michael is testing the strength and security of BGP using m...; Q67. While presenting his case to the court, Simon calls many witnesses to the stand to testify...; Q68. Which of the following Wi-Fi chalking methods refers to drawing symbols in public places t...; Q69. When collecting evidence from the RAM, where do you look for data?...; Q70. You are running through a series of tests on your network to check for any security vulner...; Q71. A mobile operating system is the operating system that operates a mobile device like a mob...; Q72. Jacob is a computer forensics investigator with over 10 years experience in investigations...; Q73. A picture file is recovered from a computer under investigation. During the investigation ...; Q74. In Windows 7 system files, which file reads the Boot.ini file and loads Ntoskrnl.exe. Boot...; Q75. TCP/IP (Transmission Control Protocol/Internet Protocol) is a communication protocol used ...; Q76. What is a chain of custody?; Q77. How many sectors will a 125 KB file use in a FAT32 file system?...; Q78. What type of equipment would a forensics investigator store in a StrongHold bag?...; Q79. Paul's company is in the process of undergoing a complete security audit including logical...; Q80. What type of attack sends SYN requests to a target system with spoofed IP addresses?...; Q81. Attacker uses vulnerabilities in the authentication or session management functions such a...; Q82. You are working as an independent computer forensics investigator and receive a call from ...; Q83. Julie is a college student majoring in Information Systems and Computer Science. She is cu...; Q84. Click on the Exhibit Button To test your website for vulnerabilities, you type in a Quotat...; Q85. Which Is a Linux journaling file system?; Q86. What will the following command accomplish? dd if=/dev/xxx of=mbr.backup bs=512 count=1...; Q87. When operating systems mark a cluster as used but not allocated, the cluster is considered...; Q88. Paraben Lockdown device uses which operating system to write hard drive data?...; Q89. You are contracted to work as a computer forensics investigator for a regional bank that h...; Q90. A forensic investigator is a person who handles the complete Investigation process, that i...; Q91. When investigating a network that uses DHCP to assign IP addresses, where would you look t...; Q92. Which of the following reports are delivered under oath to a board of directors/managers/p...; Q93. Study the log given below and answer the following question: Apr 24 14:46:46 [4663]: spp_p...; Q94. Chris has been called upon to investigate a hacking incident reported by one of his client...; Q95. Paul's company is in the process of undergoing a complete security audit including logical...; Q96. Data files from original evidence should be used for forensics analysis...; Q97. Subscriber Identity Module (SIM) is a removable component that contains essential informat...; Q98. In a FAT32 system, a 123 KB file will use how many sectors?...; Q99. Volatile Memory is one of the leading problems for forensics. Worms such as code Red are m...; Q100. Steganography is a technique of hiding a secret message within an ordinary message and ext...; Q101. What is the CIDR from the following screenshot? (Exhibit)...; Q102. When a system is compromised, attackers often try to disable auditing, in Windows 7; modif...; Q103. What type of file is represented by a colon (:) with a name following it in the Master Fil...; Q104. You have compromised a lower-level administrator account on an Active Directory network of...; Q105. Jim performed a vulnerability analysis on his network and found no potential problems. He ...; Q106. Before performing a logical or physical search of a drive in Encase, what must be added to...; Q107. After attending a CEH security seminar, you make a list of changes you would like to perfo...; Q108. What is the following command trying to accomplish? C:\> nmap -sU -p445 192.168.0.0/24...; Q109. Area density refers to:; Q110. You are running through a series of tests on your network to check for any security vulner...; Q111. Which of the following log injection attacks uses white space padding to create unusual lo...; Q112. In handling computer-related incidents, which IT role should be responsible for recovery, ...; Q113. Jason is the security administrator of ACMA metal Corporation. One day he notices the comp...; Q114. Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC ...; Q115. An employee is suspected of stealing proprietary information belonging to your company tha...; Q116. You are trying to locate Microsoft Outlook Web Access Default Portal using Google search o...; Q117. Heather, a computer forensics investigator, is assisting a group of investigators working ...; Q118. What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1...; Q119. Madison is on trial for allegedly breaking into her university internal network. The polic...; Q120. What does mactime, an essential part of the coroner's toolkit do?...; Q121. Which of the following Steganography techniques allows you to encode information that ensu...; Q122. Paul's company is in the process of undergoing a complete security audit including logical...; Q123. Recovery of the deleted partition is the process by which the investigator evaluates and e...; Q124. What is the following command trying to accomplish?...; Q125. The rule of thumb when shutting down a system is to pull the power plug. However, it has c...; Q126. The evolution of web services and their increasing use in business offers new attack vecto...; Q127. You are working on a thesis for your doctorate degree in Computer Science. Your thesis is ...; Q128. E-mail logs contain which of the following information to help you in your investigation? ...; Q129. Windows Security Accounts Manager (SAM) is a registry file which stores passwords in a has...; Q130. Which federal computer crime law specifically refers to fraud and related activity in conn...; Q131. Where is the default location for Apache access logs on a Linux computer?...; Q132. A rogue/unauthorized access point is one that Is not authorized for operation by a particu...; Q133. What method of computer forensics will allow you to trace all ever-established user accoun...; Q134. A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below...; Q135. Harold is finishing up a report on a case of network intrusion, corporate spying, and embe...; Q136. An Expert witness give an opinion if:; Q137. When investigating a wireless attack, what information can be obtained from the DHCP logs?...; Q138. What header field in the TCP/IP protocol stack involves the hacker exploit known as the Pi...; Q139. Which is a standard procedure to perform during all computer forensics investigations?...; Q140. Jason is the security administrator of ACMA metal Corporation. One day he notices the comp...; Q141. A state department site was recently attacked and all the servers had their disks erased. ...; Q142. When monitoring for both intrusion and security events between multiple computers, it is e...; Q143. Tyler is setting up a wireless network for his business that he runs out of his home. He h...; Q144. Which is a standard procedure to perform during all computer forensics investigations?...; Q145. Why should you never power on a computer that you need to acquire digital evidence from?...; Q146. In what circumstances would you conduct searches without a warrant?...; Q147. Which is a standard procedure to perform during all computer forensics investigations?...; Q148. Click on the Exhibit Button Paulette works for an IT security consulting company that is c...; Q149. Harold is a web designer who has completed a website for ghttech.net. As part of the maint...; Q150. A packet is sent to a router that does not have the packet destination address in its rout...; Q151. Why would you need to find out the gateway of a device when investigating a wireless attac...; Q152. What advantage does the tool Evidor have over the built-in Windows search?...; Q153. What technique is used by JPEGs for compression?...; Q154. Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for Images with ...; Q155. Where does Encase search to recover NTFS files and folders?...; Q156. Microsoft Outlook maintains email messages in a proprietary format in what type of file?...; Q157. What method of computer forensics will allow you to trace all ever-established user accoun...; Q158. Harold wants to set up a firewall on his network but is not sure which one would be the mo...; Q159. When examining the log files from a Windows IIS Web Server, how often is a new log file cr...; Q160. File deletion is a way of removing a file from a computer's file system. What happens when...; Q161. You have completed a forensic investigation case. You would like to destroy the data conta...; Q162. When reviewing web logs, you see an entry for esource not found?in the HTTP status code fi...; Q163. When operating systems mark a cluster as used but not allocated, the cluster is considered...; Q164. Identify the attack from following sequence of actions? Step 1: A user logs in to a truste...; Q165. An on-site incident response team is called to investigate an alleged case of computer tam...; Q166. When examining the log files from a Windows IIS Web Server, how often is a new log file cr...; Q167. The rule of thumb when shutting down a system is to pull the power plug. However, it has c...; Q168. How many characters long is the fixed-length MD5 algorithm checksum of a critical system f...; Q169. What header field in the TCP/IP protocol stack involves the hacker exploit known as the Pi...; Q170. Where are files temporarily written in Unix when printing?...; Q171. Daryl, a computer forensics investigator, has just arrived at the house of an alleged comp...; Q172. If you discover a criminal act while investigating a corporate policy abuse, it becomes a ...; Q173. What are the security risks of running a "repair" installation for Windows XP?...; Q174. Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in...; Q175. You are the network administrator for a small bank in Dallas, Texas. To ensure network sec...; Q176. Which of the following attacks allows an attacker to access restricted directories, includ...; Q177. Data acquisition system is a combination of tools or processes used to gather, analyze and...; Q178. Deposition enables opposing counsel to preview an expert witness's testimony at trial. Whi...; Q179. What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1...; Q180. What TCP/UDP port does the toolkit program netstat use?...; Q181. Digital evidence is not fragile in nature.; Q182. If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are norma...; Q183. Harold is a computer forensics investigator working for a consulting firm out of Atlanta G...; Q184. Computer forensics report provides detailed information on complete computer forensics inv...; Q185. The ____________________ refers to handing over the results of private investigations to t...; Q186. Which Intrusion Detection System (IDS) usually produces the most false alarms due to the u...; Q187. The police believe that Mevin Matthew has been obtaining unauthorized access to computers ...; Q188. Which of the following is not a part of disk imaging tool requirements?...; Q189. Email archiving is a systematic approach to save and protect the data contained in emails ...; Q190. Bob has been trying to penetrate a remote production system for the past two weeks. This t...; Q191. In conducting a computer abuse investigation you become aware that the suspect of the inve...; Q192. Data Acquisition is the process of imaging or otherwise obtaining information from a digit...; Q193. Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the cent...; Q194. In the context of file deletion process, which of the following statement holds true?...; Q195. An intrusion detection system (IDS) gathers and analyzes information from within a compute...; Q196. Cyber-crime is defined as any Illegal act involving a gun, ammunition, or its applications...; Q197. If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investig...; Q198. You have used a newly released forensic investigation tool, which doesn't meet the Daubert...; Q199. James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECH...; Q200. The Electronic Serial Number (ESN) is a unique __________ recorded on a secure chip in a m...; Q201. John and Hillary works at the same department in the company. John wants to find out Hilla...; Q202. In the following email header, where did the email first originate from? (Exhibit)...; Q203. Consistency in the investigative report is more important than the exact format in the rep...; Q204. You are assigned to work in the computer forensics lab of a state police agency. While wor...; Q205. Kyle is performing the final testing of an application he developed for the accounting dep...; Q206. Why should you note all cable connections for a computer you want to seize as evidence?...; Q207. John is working as a computer forensics investigator for a consulting firm in Canada. He i...; Q208. What is the first step that needs to be carried out to investigate wireless attacks?...; Q209. You are assisting in the investigation of a possible Web Server hack. The company who call...; Q210. Windows identifies which application to open a file with by examining which of the followi...; Q211. A packet is sent to a router that does not have the packet destination address in its rout...; Q212. You are a security analyst performing reconnaissance on a company you will be carrying out...; Q213. Router log files provide detailed Information about the network traffic on the Internet. I...; Q214. The status of the network interface cards (NICs) connected to a system gives information a...; Q215. After passing her CEH exam, Carol wants to ensure that her network is completely secure. S...; Q216. What is a SCSI (Small Computer System Interface)?...; Q217. When operating systems mark a cluster as used but not allocated, the cluster is considered...; Q218. JPEG is a commonly used method of compressing photographic Images. It uses a compression a...; Q219. You are working as an independent computer forensics investigator and receive a call from ...; Q220. Area density refers to:; Q221. In Linux, what is the smallest possible shellcode?...; Q222. Hash injection attack allows attackers to inject a compromised hash into a local session a...; Q223. Jonathan is a network administrator who is currently testing the internal security of his ...; Q224. In General, __________________ Involves the investigation of data that can be retrieved fr...; Q225. How many characters long is the fixed-length MD5 algorithm checksum of a critical system f...; Q226. What should you do when approached by a reporter about a case that you are working on or h...; Q227. Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM ...; Q228. When setting up a wireless network with multiple access points, why is it important to set...; Q229. Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the cap...; Q230. Event correlation is a procedure that is assigned with a new meaning for a set of events t...; Q231. You should make at least how many bit-stream copies of a suspect drive?...; Q232. Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, a...

Join the discussion

Question 1/232

Add Comments

Download PDF File