1. Home
  2. EC-COUNCIL
  3. EC1-349

Computer Hacking Forensic Investigator Exam

Exam Details

  • Exam Code
    :EC1-349
  • Exam Name
    :Computer Hacking Forensic Investigator Exam
  • Certification
    :CHFI
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :May 14, 2024

EC-COUNCIL CHFI EC1-349 Questions & Answers

  • Question 41:

    A mobile operating system manages communication between the mobile device and other compatible devices like computers, televisions, or printers.

    Which mobile operating system architecture is represented here?

    A. webOS System Architecture

    B. Symbian OS Architecture

    C. Android OS Architecture

    D. Windows Phone 7 Architecture

  • Question 42:

    All the Information about the user activity on the network, like details about login and logoff attempts, is collected in the security log of the computer. When a user's login is successful, successful audits generate an entry whereas unsuccessful audits generate an entry for failed login attempts in the logon event ID table.

    In the logon event ID table, which event ID entry (number) represents a successful logging on to a computer?

    A. 528

    B. 529

    C. 530

    D. 531

  • Question 43:

    What is the first step that needs to be carried out to investigate wireless attacks?

    A. Obtain a search warrant

    B. Identify wireless devices at crime scene

    C. Document the scene and maintain a chain of custody

    D. Detect the wireless connections

  • Question 44:

    Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the system?

    A. Net sessions

    B. Net file

    C. Net config

    D. Net share

  • Question 45:

    SMTP (Simple Mail Transfer protocol) receives outgoing mail from clients and validates source and destination addresses, and also sends and receives emails to and from other SMTP servers.

    A. True

    B. False

  • Question 46:

    Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts?

    A. This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date

    B. All forensic teams should wear protective latex gloves which makes them look professional and cool

    C. Local law enforcement agencies compel them to wear latest gloves

    D. It is a part of ANSI 346 forensics standard

  • Question 47:

    The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in Linux. Identify the Apache error log from the following logs.

    A. 127.0.0.1 - frank [10/Oct/2000:13:55:36-0700] "GET /apache_pb.grf HTTP/1.0" 200 2326

    B. [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test

    C. http://victim.com/scripts/..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af ./..% c0%af./../winnt/system32/cmd.exe?/c+di r+c:\wintt\system32\Logfiles\W3SVC1

    D. 127.0.0.1 --[10/Apr/2007:10:39:11 +0300] ] [error] "GET /apache_pb.gif HTTP/1.0' 200 2326

  • Question 48:

    Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of ___________.

    A. 1023

    B. 1020

    C. 1024

    D. 2023

  • Question 49:

    Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time.

    Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network?

    A. Same-platform correlation

    B. Cross-platform correlation

    C. Multiple-platform correlation

    D. Network-platform correlation

  • Question 50:

    Which root folder (hive) of registry editor contains a vast array of configuration information for the system, including hardware settings and software settings?

    A. HKEY_USERS

    B. HKEY_CURRENT_USER

    C. HKEY_LOCAL_MACHINE

    D. HKEY-CURRENT_CONFIG

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC1-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.