1. Home
  2. EC-COUNCIL
  3. EC1-349

EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC1-349 Exam Details

  • Exam Code
    :EC1-349
  • Exam Name
    :Computer Hacking Forensic Investigator (CHFI)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :Dec 19, 2024

EC-COUNCIL EC1-349 Online Questions & Answers

  • Question 221:

    What is the first step that needs to be carried out to crack the password?

    A. A word list is created using a dictionary generator program or dictionaries
    B. The list of dictionary words is hashed or encrypted
    C. The hashed wordlist is compared against the target hashed password, generally one word at a time
    D. If it matches, that password has been cracked and the password cracker displays the unencrypted version of the password

  • Question 222:

    Windows Security Event Log contains records of login/logout activity or other security-related events specified by the system's audit policy. What does event ID 531 in Windows Security Event Log indicates?

    A. A user successfully logged on to a computer
    B. The logon attempt was made with an unknown user name or a known user name with a bad password
    C. An attempt was made to log on with the user account outside of the allowed time
    D. A logon attempt was made using a disabled account

  • Question 223:

    Jonathan is a network administrator who is currently testing the internal security of his network. He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?

    A. Only FTP traffic can be hijacked
    B. Only an HTTPS session can be hijacked
    C. HTTP protocol does not maintain session
    D. Only DNS traffic can be hijacked

  • Question 224:

    Which is not a part of environmental conditions of a forensics lab?

    A. Large dimensions of the room
    B. Good cooling system to overcome excess heat generated by the work station
    C. Allocation of workstations as per the room dimensions
    D. Open windows facing the public road

  • Question 225:

    Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of ___________.

    A. 1023
    B. 1020
    C. 1024
    D. 2023

  • Question 226:

    You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as other members of your team collect it. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

    A. All forms should be placed in an approved secure container because they are now primary evidence in the case
    B. The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file
    C. All forms should be placed in the report file because they are now primary evidence in the case
    D. The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container

  • Question 227:

    Hash injection attack allows attackers to inject a compromised hash into a local session and use the hash to validate network resources.

    A. True
    B. False

  • Question 228:

    A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= += 03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84 Len: 64 01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................ 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................ 00 00 00 11 00 00 00 00 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= += 03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773 UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104 Len: 1084 47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 G..c............ 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 20 ............... 3A B1 5E E5 00 00 00 09 6C 6F 63 61 6C 68 6F 73 :.^.....localhost =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+ 03/15-20:21:36.539731 211.185.125.124:4450 -> 172.16.1.108:39168 TCP TTL:43 TOS:0x0 ID:31660 IpLen:20 DgmLen:71 DF ***AP*** Seq: 0x9C6D2BFF Ack: 0x59606333 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23679878 2880015 63 64 20 2F 3B 20 75 6E 61 6D 65 20 2D 61 3B 20 cd /; uname -a; 69 64 3B id;

    A. The attacker has conducted a network sweep on port 111
    B. The attacker has scanned and exploited the system using Buffer Overflow
    C. The attacker has used a Trojan on port 32773
    D. The attacker has installed a backdoor

  • Question 229:

    Paul is a computer forensics investigator working for Tyler and Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers? hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

    A. Place PDA, including all devices, in an antistatic bag
    B. Unplug all connected devices
    C. Power off all devices if currently on
    D. Photograph and document the peripheral devices

  • Question 230:

    During the seizure of digital evidence, the suspect can be allowed touch the computer system.

    A. True
    B. False

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC1-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.