ECCouncil EC1-349 - ECCouncil Computer Hacking Forensic Investigator Exam
Page: 1 / 62
Total 306 questions
Question #1 (Topic: Topic 1)
What must be obtained before an investigation is carried out at a location?
A. Search warrant
B. Subpoena
C. Habeas corpus
D. Modus operandi
Answer: A
Question #2 (Topic: Topic 1)
What happens when a file is deleted by a Microsoft operating system using the FAT file
system?
system?
A. The file is erased and cannot be recovered
B. The file is erased but can be recovered partially
C. A copy of the file is stored and the original file is erased
D. Only the reference to the file is removed from the FAT and can be recovered
Answer: D
Question #3 (Topic: Topic 1)
The efforts to obtain information before a trial by demanding documents, depositions,
questions and answers written under oath, written requests for admissions of fact, and
examination of the scene is a description of what legal term?
questions and answers written under oath, written requests for admissions of fact, and
examination of the scene is a description of what legal term?
A. Detection
B. Hearsay
C. Spoliation
D. Discovery
Answer: D
Question #4 (Topic: Topic 1)
What hashing method is used to password protect Blackberry devices?
A. AES
B. RC5
C. MD5
D. SHA-1
Answer: D
Question #5 (Topic: Topic 1)
Under confession, an accused criminal admitted to encrypting child pornography pictures
and then hiding them within other pictures. What technique did the accused criminal
employ?
and then hiding them within other pictures. What technique did the accused criminal
employ?
A. Typography
B. Steganalysis
C. Picture encoding
D. Steganography
Answer: D
