[PDF and VCE] Free Share EC1-349 PDF Exam Preparation Materials with Real Exam Questions

Attention please! Here is the shortcut to pass your Latest EC1-349 vce dumps exam! Get yourself well prepared for the CHFI Latest EC1-349 pdf dumps Computer Hacking Forensic Investigator Exam exam is really a hard job. But don’t worry! We We, provides the most update EC1-349 practice tests. With We latest EC1-349 exam questions, you’ll pass the CHFI Apr 18,2022 Hotest EC1-349 QAs Computer Hacking Forensic Investigator Exam exam in an easy way

We Geekcert has our own expert team. They selected and published the latest EC1-349 preparation materials from Official Exam-Center.

The following are the EC1-349 free dumps. Go through and check the validity and accuracy of our EC1-349 dumps.EC1-349 free dumps are questions from the latest full EC1-349 dumps. Check EC1-349 free questions to get a better understanding of EC1-349 exams.

Question 1:

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?computer fraud. What is the term used for Jacob? testimony in this case?

A. Justification

B. Authentication

C. Reiteration

D. Certification

Correct Answer: B


Question 2:

Davidson Trucking is a small transportation company that has three local offices in Detroit Michigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not upholding company policy?

A. IT personnel

B. Employees themselves

C. Supervisors

D. Administrative assistant in charge of writing policies

Correct Answer: C


Question 3:

Which is a standard procedure to perform during all computer forensics investigations?

A. With the hard drive in the suspect PC, check the date and time in the system CMOSWith the hard drive in the suspect PC, check the date and time in the system? CMOS

B. With the hard drive removed from the suspect PC, check the date and time in the system CMOSWith the hard drive removed from the suspect PC, check the date and time in the system? CMOS

C. With the hard drive in the suspect PC, check the date and time in the File Allocation Table

D. With the hard drive removed from the suspect PC, check the date and time in the system RAMWith the hard drive removed from the suspect PC, check the date and time in the system? RAM

Correct Answer: B


Question 4:

What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

A. Every byte of the file(s) is given an MD5 hash to match against a master file

B. Every byte of the file(s) is verified using 32-bit CRC

C. Every byte of the file(s) is copied to three different hard drives

D. Every byte of the file(s) is encrypted using three different methods

Correct Answer: B


Question 5:

When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?

A. One

B. Two

C. Three

D. Four

Correct Answer: B


Question 6:

When using an iPod and the host computer is running Windows, what file system will be used?

A. iPod

B. HFS

C. FAT16

D. FAT32

Correct Answer: D


Question 7:

You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is a possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?fake email to the attorney that appears to come from his boss. What port do you send the email to on the company? SMTP server?

A. 10

B. 25

C. 110

D. 135

Correct Answer: B


Question 8:

Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

A. Two

B. One

C. Three

D. Four

Correct Answer: A


Question 9:

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

A. Text semagram

B. Visual semagram

C. Grill cipher

D. Visual cipher

Correct Answer: B


Question 10:

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

A. The ISP can investigate anyone using their service and can provide you with assistance

B. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant

C. The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you

D. ISPs never maintain log files so they would be of no use to your investigation

Correct Answer: B


Question 11:

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as ow level? How long will the team have to respond to the incident?the investigation, the CEO informs them that the incident will be classified as ?ow level? How long will the team have to respond to the incident?

A. One working day

B. Two working days

C. Immediately

D. Four hours

Correct Answer: A


Question 12:

When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?

A. On the individual computer ARP cacheOn the individual computer? ARP cache

B. In the Web Server log files

C. In the DHCP Server log files

D. There is no way to determine the specific IP address

Correct Answer: C


Question 13:

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

A. NTOSKRNL.EXE

B. NTLDR

C. LSASS.EXE

D. NTDETECT.COM

Correct Answer: C


Question 14:

Which response organization tracks hoaxes as well as viruses?

A. NIPC

B. FEDCIRC

C. CERT

D. CIAC

Correct Answer: D

Explanation: Note: CIAC (Computer Incident Advisory Capability) Was run by the US Department of energy


Question 15:

Diskcopy is:

A. a utility by AccessData

B. a standard MS-DOS command

C. Digital Intelligence utility

D. dd copying tool

Correct Answer: B

diskcopy is a STANDARD DOS utility. C:\WINDOWS>diskcopy /? Copies the contents of one floppy disk to another.