This dump is 100% valid to pass EC-COUNCIL CHFI Jan 14,2022 Hotest EC1-349 study guide exam. The only tips is please do not just memorize the questions and answers, you need to get through understanding of it because the question changed a little in the real exam. Follow the instructions in the Geekcert CHFI Hotest EC1-349 QAs Computer Hacking Forensic Investigator Exam PDF and VCEs. All Geekcert materials will help you pass your EC-COUNCIL CHFI exam successfully.
Geekcert – best EC1-349 training and certification computer-based-training online resources. latest EC1-349 exam dumps. get your certification easily- Geekcert. reliable EC1-349 certification exams preparation – latest braindumps at Geekcert. Geekcert provides you the easiest way to pass your EC1-349 certification exam.
We Geekcert has our own expert team. They selected and published the latest EC1-349 preparation materials from EC-COUNCIL Official Exam-Center: https://www.geekcert.com/EC1-349.html
The following are the EC1-349 free dumps. Go through and check the validity and accuracy of our EC1-349 dumps.Real questions from EC1-349 free dumps. Download demo of EC1-349 dumps to check the validity.
Question 1:
Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?computer fraud. What is the term used for Jacob? testimony in this case?
A. Justification
B. Authentication
C. Reiteration
D. Certification
Correct Answer: B
Question 2:
Why should you never power on a computer that you need to acquire digital evidence from?
A. When the computer boots up, files are written to the computer rendering the data nclean?When the computer boots up, files are written to the computer rendering the data ?nclean
B. When the computer boots up, the system cache is cleared which could destroy evidence
C. When the computer boots up, data in the memory buffer is cleared which could destroy evidenceWhen the computer boots up, data in the memory? buffer is cleared which could destroy evidence
D. Powering on a computer has no affect when needing to acquire digital evidence from it
Correct Answer: A
Question 3:
You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is a possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?fake email to the attorney that appears to come from his boss. What port do you send the email to on the company? SMTP server?
A. 10
B. 25
C. 110
D. 135
Correct Answer: B
Question 4:
To check for POP3 traffic using Ethereal, what port should an investigator search by?
A. 143
B. 25
C. 110
D. 125
Correct Answer: C
Question 5:
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
A. Key escrow
B. Steganography
C. Rootkit
D. Offset
Correct Answer: B
Question 6:
What is the CIDR from the following screenshot?
A. /24A./24A./24
B. /32 B./32 B./32
C. /16 C./16 C./16
D. /8D./8D./8
Correct Answer: D
Question 7:
In the context of file deletion process, which of the following statement holds true?
A. When files are deleted, the data is overwritten and the cluster marked as available
B. The longer a disk is in use, the less likely it is that deleted files will be overwritten
C. While booting, the machine may create temporary files that can delete evidence
D. Secure delete programs work by completely overwriting the file in one go
Correct Answer: C
Question 8:
An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as ow level? How long will the team have to respond to the incident?the investigation, the CEO informs them that the incident will be classified as ?ow level? How long will the team have to respond to the incident?
A. One working day
B. Two working days
C. Immediately
D. Four hours
Correct Answer: A
Question 9:
At what layer does a cross site scripting attack occur on?
A. Presentation
B. Application
C. Session
D. Data Link
Correct Answer: B
Question 10:
What advantage does the tool Evidor have over the built-in Windows search?
A. It can find deleted files even after they have been physically removed
B. It can find bad sectors on the hard drive
C. It can search slack space
D. It can find files hidden within ADS
Correct Answer: C
Question 11:
What will the following command accomplish?
dd if=/dev/xxx of=mbr.backup bs=512 count=1
A. Back up the master boot record
B. Restore the master boot record
C. Mount the master boot record on the first partition of the hard drive
D. Restore the first 512 bytes of the first partition of the hard drive
Correct Answer: A
Question 12:
When should an MD5 hash check be performed when processing evidence?
A. After the evidence examination has been completed
B. On an hourly basis during the evidence examination
C. Before and after evidence examination
D. Before the evidence examination has been completed
Correct Answer: C
Question 13:
Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?
A. Point-to-point
B. End-to-end
C. Thorough
D. Complete event analysis
Correct Answer: B
Question 14:
When investigating a Windows System, it is important to view the contents of the page or swap file because:
A. Windows stores all of the systems configuration information in this file
B. This is file that windows use to communicate directly with Registry
C. A Large volume of data can exist within the swap file of which the computer user has no knowledge
D. This is the file that windows use to store the history of the last 100 commands that were run from the command line
Correct Answer: C
Question 15:
What is the first step taken in an investigation for laboratory forensic staff members?
A. Packaging the electronic evidence
B. Securing and evaluating the electronic crime scene
C. Conducting preliminary interviews
D. Transporting the electronic evidence
Correct Answer: B
