1. Home
  2. EC-COUNCIL
  3. EC1-349

EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC1-349 Exam Details

  • Exam Code
    :EC1-349
  • Exam Name
    :Computer Hacking Forensic Investigator (CHFI)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :Dec 19, 2024

EC-COUNCIL EC1-349 Online Questions & Answers

  • Question 411:

    Which of the following statements is not a part of securing and evaluating electronic crime scene checklist?

    A. Locate and help the victim
    B. Transmit additional flash messages to other responding units
    C. Request additional help at the scene if needed
    D. Blog about the incident on the internet

  • Question 412:

    Microsoft Outlook maintains email messages in a proprietary format in what type of file?

    A. .email
    B. .mail
    C. .pst
    D. .doc

  • Question 413:

    You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question whether evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?

    A. make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
    B. make an MD5 hash of the evidence and compare it to the standard database developed by NIST
    C. there is no reason to worry about this possible claim because state labs are certified
    D. sign a statement attesting that the evidence is the same as it was when it entered the lab

  • Question 414:

    What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

    A. IAS account names and passwords
    B. Service account passwords in plain text
    C. Local store PKI Kerberos certificates
    D. Cached password hashes for the past 20 users

  • Question 415:

    What information do you need to recover when searching a victim computer for a crime committed with specific e-mail message?What information do you need to recover when searching a victim? computer for a crime committed with specific e-mail message?

    A. Internet service provider information
    B. E-mail header
    C. Username and password
    D. Firewall log

  • Question 416:

    Why is it a good idea to perform a penetration test from the inside?

    A. It is never a good idea to perform a penetration test from the inside
    B. It is easier to hack from the inside
    C. Because 70% of attacks are from inside the organization
    D. To attack a network from a hacker's perspective

  • Question 417:

    The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

    A. Any data not yet flushed to the system will be lost
    B. All running processes will be lost
    C. The /tmp directory will be flushed
    D. Power interruption will corrupt the pagefile

  • Question 418:

    Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

    A. The data is still present until the original location of the file is used
    B. The data is moved to the Restore directory and is kept there indefinitely
    C. The data will reside in the L2 cache on a Windows computer until it is manually deleted
    D. It is not possible to recover data that has been emptied from the Recycle Bin

  • Question 419:

    Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

    A. Enticement
    B. Entrapment
    C. Intruding into ahoneypot is not illegal
    D. Intruding into a DMZ is not illegal

  • Question 420:

    Which table is used to convert huge word lists (i .e. dictionary files and brute-force lists) into password hashes?

    A. Rainbow tables
    B. Hash tables
    C. Master file tables
    D. Database tables

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC1-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.