EC1-349 Exam Details

  • Exam Code
    :EC1-349
  • Exam Name
    :Computer Hacking Forensic Investigator (CHFI)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :Dec 19, 2024

EC-COUNCIL EC1-349 Online Questions & Answers

  • Question 11:

    Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

    A. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media
    B. Prepare the system for acquisition; Connect the target media; Copy the media; Secure the evidence
    C. Connect the target media; Delete the system for acquisition; Secure the evidence; Copy the media
    D. Secure the evidence; Prepare the system for acquisition; Connect the target media; Copy the media

  • Question 12:

    If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

    A. 31402
    B. The zombie will not send a response
    C. 31401
    D. 31399

  • Question 13:

    Quality of a raster Image is determined by the _________________and the amount of information in each pixel.

    A. Total number of pixels
    B. Image file format
    C. Compression method
    D. Image file size

  • Question 14:

    What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 server the course of its lifetime?

    A. forensic duplication of hard drive
    B. analysis of volatile data
    C. comparison of MD5 checksums
    D. review of SIDs in the Registry

  • Question 15:

    Which of the following is not a part of data acquisition forensics Investigation?

    A. Permit only authorized personnel to access
    B. Protect the evidence from extremes in temperature
    C. Work on the original storage medium not on the duplicated copy
    D. Disable all remote access to the system

  • Question 16:

    You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company ITYou have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company? IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

    A. Network
    B. Transport
    C. Data Link
    D. Session

  • Question 17:

    Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the system?

    A. Net sessions
    B. Net file
    C. Net config
    D. Net share

  • Question 18:

    Study the log given below and answer the following question: Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558 Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

    A. Disallow UDP 53 in from outside to DNS server
    B. Allow UDP 53 in from DNS server to outside
    C. Disallow TCP 53 in from secondaries or ISP server to DNS server
    D. Block all UDP traffic

  • Question 19:

    You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

    A. The X509 Address
    B. The SMTP reply Address
    C. The E-mail Header
    D. The Host Domain Name

  • Question 20:

    Before performing a logical or physical search of a drive in Encase, what must be added to the program?

    A. File signatures
    B. Keywords
    C. Hash sets
    D. Bookmarks

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC1-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.