Computer Hacking Forensic Investigator Exam (EC1-349) Free Practice Test

Question 1

The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format includes basic items, such as client IP address, user name, date and time, service and instance, server name and IP address, request type, target of operation, etc. Identify the service status code from the following IIS log.
192.168.100.150, -, 03/6/11, 8:45:30, W3SVC2, SERVER, 172.15.10.30, 4210, 125, 3524, 100, 0, GET, /dollerlogo.gif,

A. 100

B. 4210

C. 3524

D. W3SVC2

Correct Answer: A

Question 2

What document does the screenshot represent?

A. Expert witness form

B. Search warrant form

C. Chain of custody form

D. Evidence collection form

Correct Answer: C

Question 3

Operating System logs are most beneficial for Identifying or Investigating suspicious activities involving a particular host. Which of the following Operating System logs contains information about operational actions performed by OS components?

A. Firewall logs

B. Event logs

C. Audit logs

D. IDS logs

Correct Answer: B

Question 4

Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

A. Daubert Standard

B. FERPA standard

C. Frye Standard

D. Schneiderman Standard

Correct Answer: C

Question 5

According to US federal rules, to present a testimony in a court of law, an expert witness needs to furnish certain information to prove his eligibility. Jason, a qualified computer forensic expert who has started practicing two years back, was denied an expert testimony in a computer crime case by the US Court of Appeals for the Fourth Circuit in Richmond, Virginia. Considering the US federal rules, what could be the most appropriate reason for the court to reject Jason's eligibility as an expert witness?

A. Being a computer forensic expert, Jason is not eligible to present testimony in a computer crime case

B. Jason was not aware of legal issues involved with computer crimes

C. Jason was unable to furnish documents to prove that he is a computer forensic expert

D. Jason was unable to furnish documents showing four years of previous experience in the field

Correct Answer: D

Question 6

Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time.
Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network?

A. Same-platform correlation

B. Multiple-platform correlation

C. Cross-platform correlation

D. Network-platform correlation

Correct Answer: C

Question 7

Which of the following file in Novel GroupWise stores information about user accounts?

A. ngwguard.db

B. PRIV.EDB

C. PRIV.STM

D. gwcheck.db

Correct Answer: A

Question 8

Which of the following reports are delivered under oath to a board of directors/managers/panel of jury?

A. Verbal Informal Report

B. Written informal Report

C. Verbal Formal Report

D. Written Formal Report

Correct Answer: C

Question 9

Under no circumstances should anyone, with the exception of qualified computer forensics personnel, make any attempts to restore or recover information from a computer system or device that holds electronic information.

A. False

B. True

Correct Answer: B

Question 10

Who is responsible for the following tasks?
-Secure the scene and ensure that it is maintained In a secure state until the Forensic Team
advises -Make notes about the scene that will eventually be handed over to the Forensic Team

A. System administrators

B. Local managers or other non-forensic staff

C. Lawyers

D. Non-Laboratory Staff

Correct Answer: D

Question 11

JPEG is a commonly used method of compressing photographic Images. It uses a compression algorithm to minimize the size of the natural image, without affecting the quality of the image. The JPEG lossy algorithm divides the image in separate blocks of____________.

A. 32x32 pixels

B. 8x8 pixels

C. 16x16 pixels

D. 4x4 pixels

Correct Answer: B

Question 12

Which of the following is not an example of a cyber-crime?

A. Fraud achieved by the manipulation of the computer records

B. Intellectual property theft, including software piracy

C. Firing an employee for misconduct

D. Deliberate circumvention of the computer security systems

Correct Answer: C

Question 13

Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

A. Rule-based approach

B. Neural network-based approach

C. Automated field correlation approach

D. Graph-based approach

Correct Answer: C

Question 14

Smith, an employee of a reputed forensic Investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in hacking of organization DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry key Smith will check to find the above information?

A. RunMRU key

B. UserAssist Key

C. TypedURLs key

D. MountedDevices key

Correct Answer: A

Welcome to TestSimulate

EC-COUNCIL Computer Hacking Forensic Investigator (EC1-349) Free Practice Test