EC1-349 Exam Details

  • Exam Code
    :EC1-349
  • Exam Name
    :Computer Hacking Forensic Investigator (CHFI)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :486 Q&As
  • Last Updated
    :Dec 19, 2024

EC-COUNCIL EC1-349 Online Questions & Answers

  • Question 471:

    In the context of file deletion process, which of the following statement holds true?

    A. When files are deleted, the data is overwritten and the cluster marked as available
    B. The longer a disk is in use, the less likely it is that deleted files will be overwritten
    C. While booting, the machine may create temporary files that can delete evidence
    D. Secure delete programs work by completely overwriting the file in one go

  • Question 472:

    On Linux/Unix based Web servers, what privilege should the daemon service be run under?

    A. Something other than root
    B. Root
    C. Guest
    D. You cannot determine what privilege runs the daemon service

  • Question 473:

    One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

    A. the File Allocation Table
    B. the file header
    C. the file footer
    D. the sector map

  • Question 474:

    Netstat is a tool for collecting Information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?

    A. netstat ?ano
    B. netstat ?b
    C. netstat ?r
    D. netstat ?s

  • Question 475:

    Which one of the following is not a consideration in a forensic readiness planning checklist?

    A. Define the business states that need digital evidence
    B. Identify the potential evidence available
    C. Decide the procedure for securely collecting the evidence that meets the requirement fn a forensically sound manner
    D. Take permission from all employees of the organization

  • Question 476:

    Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

    A. A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5 checksum
    B. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file
    C. A simple DOS copy will not include deleted files, file slack and other information
    D. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

  • Question 477:

    Dumpster Diving refers to:

    A. Searching for sensitive information in the user's trash bins and printer trash bins, and searching the user's desk for sticky notes
    B. Looking at either the user's keyboard or screen while he/she is logging in
    C. Convincing people to reveal the confidential information
    D. Creating a set of dictionary words and names, and trying all the possible combinations to crack the password

  • Question 478:

    Hard disk data addressing is a method of allotting addresses to each ___________of data on a hard disk

    A. Physical block
    B. Logical block
    C. Operating system block
    D. Hard disk block

  • Question 479:

    Who is responsible for the following tasks?

    -

    Secure the scene and ensure that it is maintained In a secure state until the Forensic Team advises

    -

    Make notes about the scene that will eventually be handed over to the Forensic Team

    A. Non-Laboratory Staff
    B. System administrators
    C. Local managers or other non-forensic staff
    D. Lawyers

  • Question 480:

    Which is a standard procedure to perform during all computer forensics investigations?

    A. With the hard drive in the suspect PC, check the date and time in the system CMOSWith the hard drive in the suspect PC, check the date and time in the system? CMOS
    B. With the hard drive removed from the suspect PC, check the date and time in the system CMOSWith the hard drive removed from the suspect PC, check the date and time in the system? CMOS
    C. With the hard drive in the suspect PC, check the date and time in the File Allocation Table
    D. With the hard drive removed from the suspect PC, check the date and time in the system RAMWith the hard drive removed from the suspect PC, check the date and time in the system? RAM

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC1-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.