1. Home
  2. EC-COUNCIL
  3. EC1-349

EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC1-349 Exam Details

  • Exam Code
    :EC1-349
  • Exam Name
    :Computer Hacking Forensic Investigator (CHFI)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :Dec 19, 2024

EC-COUNCIL EC1-349 Online Questions & Answers

  • Question 181:

    When examining a file with a Hex Editor, what space does the file header occupy?

    A. The first several bytes of the file
    B. One byte at the beginning of the file
    C. None, file headers are contained in the FAT
    D. The last several bytes of the file

  • Question 182:

    You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

    A. The firewall failed-open
    B. The firewall failed-closed
    C. The firewall ACL has been purged
    D. The firewall failed-bypass

  • Question 183:

    Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search. link:www.ghttech.net What will this search produce?

    A. All search engines that link to .net domains
    B. All sites that link to ghttech.net
    C. Sites that contain the code: link:www.ghttech.net
    D. All sites that ghttech.net links to

  • Question 184:

    A(n) _____________________ is one that's performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

    A. blackout attack
    B. automated attack
    C. distributed attack
    D. central processing attack

  • Question 185:

    You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want

    to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers.

    What tool should you use?

    A. Dig
    B. Ping sweep
    C. Netcraft
    D. Nmap

  • Question 186:

    The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in Linux. Identify the Apache error log from the following logs.

    A. 127.0.0.1 - frank [10/Oct/2000:13:55:36-0700] "GET /apache_pb.grf HTTP/1.0" 200 2326
    B. [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test
    C. http://victim.com/scripts/..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af ./..%c0%af./../winnt/system32/cmd.exe?/c+di r+c:\wintt\system32\Logfiles\W3SVC1
    D. 127.0.0.1 --[10/Apr/2007:10:39:11 +0300] ] [error] "GET /apache_pb.gif HTTP/1.0' 200 2326

  • Question 187:

    John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

    A. The SID of Hillary network account
    B. The SAM file from Hillary computer
    C. The network shares that Hillary has permissions
    D. Hillary network username and password hash

  • Question 188:

    What is the First Step required in preparing a computer for forensics investigation?

    A. Do not turn the computer off or on, run any programs, or attempt to access data on a computer
    B. Secure any relevant media
    C. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
    D. Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination

  • Question 189:

    Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, "X" represents the _________.

    A. Drive name
    B. Sequential number
    C. Original file name's extension
    D. Original file name

  • Question 190:

    Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the capacity of the described hard drive? 22,164 cylinders/disk 80 heads/cylinder 63 sectors/track

    A. 53.26 GB
    B. 57.19 GB
    C. 11.17 GB
    D. 10 GB

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC1-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.