1. Home
  2. EC-COUNCIL
  3. EC1-349

EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC1-349 Exam Details

  • Exam Code
    :EC1-349
  • Exam Name
    :Computer Hacking Forensic Investigator (CHFI)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :Dec 19, 2024

EC-COUNCIL EC1-349 Online Questions & Answers

  • Question 171:

    George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

    A. src port 23 and dst port 23
    B. src port 22 and dst port 22
    C. udp port 22 and host 172.16.28.1/24
    D. net port 22

  • Question 172:

    What technique is used by JPEGs for compression?

    A. ZIP
    B. TCD
    C. DCT
    D. TIFF-8

  • Question 173:

    You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network. How would you answer?

    A. IBM Methodology
    B. Microsoft Methodology
    C. Google Methodology
    D. LPT Methodology

  • Question 174:

    When a system is compromised, attackers often try to disable auditing, in Windows 7; modifications to the audit policy are recorded as entries of Event ID____________.

    A. 4902
    B. 3902
    C. 4904
    D. 3904

  • Question 175:

    What feature of Windows is the following command trying to utilize?

    A. White space
    B. AFS
    C. ADS
    D. Slack file

  • Question 176:

    First responder is a person who arrives first at the crime scene and accesses the victim's computer system after the incident. He or She is responsible for protecting, integrating, and preserving the evidence obtained from the crime scene.

    Which of the following is not a role of first responder?

    A. Identify and analyze the crime scene
    B. Protect and secure the crime scene
    C. Package and transport the electronic evidence to forensics lab
    D. Prosecute the suspect in court of law

  • Question 177:

    What is cold boot (hard boot)?

    A. It is the process of starting a computer from a powered-down or off state
    B. It is the process of restarting a computer that is already turned on through the operating system
    C. It is the process of shutting down a computer from a powered-on or on state
    D. It is the process of restarting a computer that is already in sleep mode

  • Question 178:

    What will the following command produce on a website login page?

    SELECT email, passwd, login_id, full_name FROM members

    WHERE email = '[email protected]';

    DROP TABLE members; --'

    A. Retrieves the password for the first user in the members table
    B. This command will not produce anything since the syntax is incorrect
    C. Deletes the entire members table
    D. Inserts the Error! Reference source not found. email address into the members table

  • Question 179:

    In what circumstances would you conduct searches without a warrant?

    A. When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity
    B. Agents may search a place or object without a warrant if he suspect the crime was committed
    C. A search warrant is not required if the crime involves Denial-Of-Service attack over the Internet
    D. Law enforcement agencies located in California under section SB 567 are authorized to seize computers without warrant under all circumstances

  • Question 180:

    Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

    A. Graph-based approach
    B. Neural network-based approach
    C. Rule-based approach
    D. Automated field correlation approach

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC1-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.