Computer Hacking Forensic Investigator Exam - EC1-349 Exam Practice Test

Question 1

If the partition size Is 4 GB, each cluster will be 32 K.
Even If a file needs only 10 K, the entire 32 K will be allocated, resulting In 22 K of___________.

A. Cluster space

B. Deleted space

C. Sector space

D. Slack space

Correct Answer: D

Question 2

What is the "Best Evidence Rule"?

A. It states that the court only allows the original evidence of a document, photograph, or recording at the trial rather than a copy

B. It contains hidden files, slack space, swap file, index.dat files, unallocated clusters, unused partitions, hidden partitions, registry settings, and event logs

C. It contains information such as open network connection, user logout, programs that reside in memory, and cache data

D. It contains system time, logged-on user(s), open files, network information, process information, process-to-port mapping, process memory, clipboard contents, service/driver information, and command history

Correct Answer: A

Question 3

Determine the message length from following hex viewer record:

A. 6E2F

B. 27

C. 13

D. 810D

Correct Answer: D

Question 4

In which step of the computer forensics investigation methodology would you run MD5 checksum on the evidence?

A. Evaluate and secure the scene

B. Collect the evidence

C. Acquire the data

D. Obtain search warrant

Correct Answer: C

Question 5

Subscriber Identity Module (SIM) is a removable component that contains essential information about the subscriber. Its main function entails authenticating the user of the cell phone to the network to gain access to subscribed services. SIM contains a 20-digit long Integrated Circuit Card identification (ICCID) number, identify the issuer identifier Number from the ICCID below.

A. 44

B. 245252

C. 001451548

D. 89

Correct Answer: B

Question 6

When collecting electronic evidence at the crime scene, the collection should proceed from the most volatile to the least volatile

A. True

B. False

Correct Answer: A

Question 7

Which of the following attacks allows attacker to acquire access to the communication channels between the victim and server to extract the information?

A. Distributed network attack

B. Man-in-the-middle (MITM) attack

C. Replay attack

D. Rainbow attack

Correct Answer: B

Question 8

Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?

A. He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN

B. He should again attempt PIN guesses after a time of 24 hours

C. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM

D. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM

Correct Answer: D

Question 9

Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader?

A. Visual semagrams steganography

B. Technical steganography

C. Open code steganography

D. Text semagrams steganography

Correct Answer: C

Question 10

Which of the following statements is incorrect related to acquiring electronic evidence at crime scene?

A. Sample banners are used to record the system activities when used by the unauthorized user

B. At the time of seizing process, you need to shut down the computer immediately

C. In warning banners, organizations give clear and unequivocal notice to intruders that by signing onto the system they are expressly consenting to such monitoring

D. The equipment is seized which is connected to the case, knowing the role of the computer which will indicate what should be taken

Correct Answer: B

Question 11

When the operating system marks cluster as used, but does not allocate them to any file, such clusters are known as ___________.

A. Empty clusters

B. Unused clusters

C. Bad clusters

D. Lost clusters

Correct Answer: D

Question 12

Ever-changing advancement or mobile devices increases the complexity of mobile device examinations. Which or the following is an appropriate action for the mobile forensic investigation?

A. If the phone is in a cradle or connected to a PC with a cable, then unplug the device from the computer

B. To avoid unwanted interaction with devices found on the scene, turn on any wireless interfaces such as Bluetooth and Wi-Fi radios

C. If the device's display is ON. the screen's contents should be photographed and, if necessary, recorded manually, capturing the time, service status, battery level, and other displayed icons

D. Do not wear gloves while handling cell phone evidence to maintain integrity of physical evidence

Correct Answer: C

Question 13

Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

A. 18 USC 7371

B. 18 USC 7029

C. 18 USC 7361

D. 18 USC 7030

Correct Answer: D

Question 14

Quality of a raster Image is determined by the _________________and the amount of information in each pixel.

A. Total number of pixels

B. Compression method

C. Image file size

D. Image file format

Correct Answer: A

EC-COUNCIL Computer Hacking Forensic Investigator - EC1-349 Exam Practice Test

Latest Update

Useful Links

Contact Us