1. Home
  2. EC-COUNCIL
  3. EC1-349

EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC1-349 Exam Details

  • Exam Code
    :EC1-349
  • Exam Name
    :Computer Hacking Forensic Investigator (CHFI)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :Dec 19, 2024

EC-COUNCIL EC1-349 Online Questions & Answers

  • Question 261:

    MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network

    A. 16-bit address
    B. 24-bit address
    C. 32-bit address
    D. 48-bit address

  • Question 262:

    The use of warning banners helps a company avoid litigation by overcoming an employees assumed _________ when connecting to the company intranet, network, or virtual private network (VPN) and will allow the company investigators to monitor, search, and retrievecompany? intranet, network, or virtual private network (VPN) and will allow the company? investigators to monitor, search, and retrieve information stored within the network.

    A. Right to work
    B. Right of free speech
    C. Right to Internet access
    D. Right of privacy

  • Question 263:

    Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?

    A. It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers
    B. Local archives do not have evidentiary value as the email client may alter the message data
    C. Local archives should be stored together with the server storage archives in order to be admissible in a court of law
    D. Server storage archives are the server information and settings stored on a local system whereas the local archives are the local email client information stored on the mail server

  • Question 264:

    Which of the following statements does not support the case assessment?

    A. Review the case investigator's request for service
    B. Identify the legal authority for the forensic examination request
    C. Do not document the chain of custody
    D. Discuss whether other forensic processes need to be performed on the evidence

  • Question 265:

    Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time.

    Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network?

    A. Same-platform correlation
    B. Cross-platform correlation
    C. Multiple-platform correlation
    D. Network-platform correlation

  • Question 266:

    Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details of the incident and should be clear to understand. Which of the following attributes of a forensics report can render it inadmissible in a court of law?

    A. It includes metadata about the incident
    B. It includes relevant extracts referred to In the report that support analysis or conclusions
    C. It is based on logical assumptions about the incident timeline
    D. It maintains a single document style throughout the text

  • Question 267:

    When cataloging digital evidence, the primary goal is to

    A. Make bit-stream images of all hard drives
    B. Preserve evidence integrity
    C. Not remove the evidence from the scene
    D. Not allow the computer to be turned off

  • Question 268:

    What type of flash memory card comes in either Type I or Type II and consumes only five percent of the power required by small hard drives?

    A. SD memory
    B. CF memory
    C. MMC memory
    D. SM memory

  • Question 269:

    You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

    A. 0:1000, 150
    B. 0:1709, 150
    C. 1:1709, 150
    D. 0:1709-1858

  • Question 270:

    Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

    A. %systemroot%\LSA
    B. %systemroot%\system32\drivers\etc
    C. %systemroot%\repair
    D. %systemroot%\system32\LSA

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC1-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.