CHFI

[PDF and VCE] Free Share EC1-349 PDF Exam Preparation Materials with Real Exam Questions

How to pass May 06,2022 Latest EC1-349 exam questions exam easily with less time? We provides the most valid latest EC1-349 dumps to boost your success rate in CHFI Latest EC1-349 study guide Computer Hacking Forensic Investigator Exam exam. If you are one of the successful candidates with We EC1-349 vce, do not hesitate to share your reviews on our CHFI materials.

We Geekcert has our own expert team. They selected and published the latest EC1-349 preparation materials from Official Exam-Center.

The following are the EC1-349 free dumps. Go through and check the validity and accuracy of our EC1-349 dumps.Although questions are from EC1-349 free dumps, the validity and accuracy of the EC1-349 dumps are absolutely guaranteed.

Question 1:

What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?

A. Cracks every password in 10 minutes

B. Distribute processing over 16 or fewer computers

C. Support for Encrypted File System

D. Support for MD5 hash verification

Correct Answer: B


Question 2:

Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?

A. Typography

B. Steganalysis

C. Picture encoding

D. Steganography

Correct Answer: D


Question 3:

How many times can data be written to a DVD R disk?

A. Twice

B. Once

C. Zero

D. Infinite

Correct Answer: B


Question 4:

George was recently fired from his job as an IT analyst at Pitts and Company in Dallas Texas. His main duties as an analyst were to support the company Active Directory structure and to create network polices. George now wants to break into the company network by cracking some ofcompany? Active Directory structure and to create network polices. George now wants to break into the company? network by cracking some of the service accounts he knows about. Which password cracking technique should George use in this situation?

A. Brute force attack

B. Syllable attack

C. Rule-based attack

D. Dictionary attack

Correct Answer: C


Question 5:

What must be obtained before an investigation is carried out at a location?

A. Search warrant

B. Subpoena

C. Habeas corpus

D. Modus operandi

Correct Answer: A


Question 6:

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

A. Search warrant

B. Subpoena

C. Wire tap

D. Bench warrant

Correct Answer: A


Question 7:

A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this?

A. He should search in C:\Windows\System32\RECYCLED folder

B. The Recycle Bin does not exist on the hard drive

C. The files are hidden and he must use switch to view themThe files are hidden and he must use ? switch to view them

D. Only FAT system contains RECYCLED folder and not NTFS

Correct Answer: C


Question 8:

At what layer does a cross site scripting attack occur on?

A. Presentation

B. Application

C. Session

D. Data Link

Correct Answer: B


Question 9:

To preserve digital evidence, an investigator should ____________

A. Make two copies of each evidence item using a single imaging tool

B. Make a single copy of each evidence item using an approved imaging tool

C. Make two copies of each evidence item using different imaging tools

D. Only store the original evidence item

Correct Answer: C


Question 10:

Where is the default location for Apache access logs on a Linux computer?

A. usr/local/apache/logs/access_log

B. bin/local/home/apache/logs/access_log

C. usr/logs/access_log

D. logs/usr/apache/access_log

Correct Answer: A


Question 11:

What type of attack sends SYN requests to a target system with spoofed IP addresses?

A. SYN flood

B. Ping of death

C. Cross site scripting

D. Land

Correct Answer: A


Question 12:

Paraben Lockdown device uses which operating system to write hard drive data?Paraben? Lockdown device uses which operating system to write hard drive data?

A. Mac OS

B. Red Hat

C. Unix

D. Windows

Correct Answer: D


Question 13:

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

A. %systemroot%\LSA

B. %systemroot%\system32\drivers\etc

C. %systemroot%\repair

D. %systemroot%\system32\LSA

Correct Answer: C


Question 14:

What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

A. IAS account names and passwords

B. Service account passwords in plain text

C. Local store PKI Kerberos certificates

D. Cached password hashes for the past 20 users

Correct Answer: B


Question 15:

Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold? needs?

A. Packet filtering firewall

B. Circuit-level proxy firewall

C. Application-level proxy firewall

D. Data link layer firewall

Correct Answer: C