New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

312-49v10 Computer Hacking Forensic Investigator (CHFI-v10) Questions and Answers

Questions 4

Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives.

What RAID level is represented here?

Options:

A.

RAID Level 0

B.

RAID Level 5

C.

RAID Level 3

D.

RAID Level 1

Buy Now
Questions 5

Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

Options:

A.

Two

B.

One

C.

Three

D.

Four

Buy Now
Questions 6

What should you do when approached by a reporter about a case that you are working on or have worked on?

Options:

A.

Refer the reporter to the attorney that retained you

B.

Say, "no comment"

C.

Answer all the reporter’s questions as completely as possible

D.

Answer only the questions that help your case

Buy Now
Questions 7

Adam Is thinking of establishing a hospital In the US and approaches John, a software developer to build a site and host it for him on one of the servers, which would be used to store patient health records. He has learned from his legal advisors that he needs to have the server's log data reviewed and managed according to certain standards and regulations. Which of the following regulations are the legal advisors referring to?

Options:

A.

Data Protection Act of 2018

B.

Payment Card Industry Data Security Standard (PCI DSS)

C.

Electronic Communications Privacy Act

D.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Buy Now
Questions 8

An investigator wants to extract passwords from SAM and System Files. Which tool can the Investigator use to obtain a list of users, passwords, and their hashes In this case?

Options:

A.

PWdump7

B.

HashKey

C.

Nuix

D.

FileMerlin

Buy Now
Questions 9

When examining a file with a Hex Editor, what space does the file header occupy?

Options:

A.

the last several bytes of the file

B.

the first several bytes of the file

C.

none, file headers are contained in the FAT

D.

one byte at the beginning of the file

Buy Now
Questions 10

A call detail record (CDR) provides metadata about calls made over a phone service. From the following data fields, which one Is not contained in a CDR.

Options:

A.

The call duration

B.

A unique sequence number identifying the record

C.

The language of the call

D.

Phone number receiving the call

Buy Now
Questions 11

Amber, a black hat hacker, has embedded malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing?

Options:

A.

Malvertising

B.

Compromising a legitimate site

C.

Click-jacking

D.

Spearphishing

Buy Now
Questions 12

You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network. How would you answer?

Options:

A.

Microsoft Methodology

B.

Google Methodology

C.

IBM Methodology

D.

LPT Methodology

Buy Now
Questions 13

You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which among the following MySQL Utilities allow you to do so?

Options:

A.

mysqldump

B.

myisamaccess

C.

myisamlog

D.

myisamchk

Buy Now
Questions 14

Which Event Correlation approach assumes and predicts what an attacker can do next after the attack by studying statistics and probability?

Options:

A.

Profile/Fingerprint-Based Approach

B.

Bayesian Correlation

C.

Time (Clock Time) or Role-Based Approach

D.

Automated Field Correlation

Buy Now
Questions 15

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

Options:

A.

the Microsoft Virtual Machine Identifier

B.

the Personal Application Protocol

C.

the Globally Unique ID

D.

the Individual ASCII String

Buy Now
Questions 16

What is the capacity of Recycle bin in a system running on Windows Vista?

Options:

A.

2.99GB

B.

3.99GB

C.

Unlimited

D.

10% of the partition space

Buy Now
Questions 17

Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security. The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?

Options:

A.

Block all internal MAC address from using SNMP

B.

Block access to UDP port 171

C.

Block access to TCP port 171

D.

Change the default community string names

Buy Now
Questions 18

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

Options:

A.

ICMP header field

B.

TCP header field

C.

IP header field

D.

UDP header field

Buy Now
Questions 19

Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?

Options:

A.

TestDisk for Windows

B.

R-Studio

C.

Windows Password Recovery Bootdisk

D.

Passware Kit Forensic

Buy Now
Questions 20

The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output?

Options:

A.

dir /o:d

B.

dir /o:s

C.

dir /o:e

D.

dir /o:n

Buy Now
Questions 21

While collecting Active Transaction Logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, assigning NULL values implies?

Options:

A.

Start and end points for log sequence numbers are specified

B.

Start and end points for log files are not specified

C.

Start and end points for log files are specified

D.

Start and end points for log sequence numbers are not specified

Buy Now
Questions 22

During an Investigation, the first responders stored mobile devices In specific containers to provide network Isolation. All the following are examples of such pieces of equipment, except for:

Options:

A.

Wireless StrongHold bag

B.

VirtualBox

C.

Faraday bag

D.

RF shield box

Buy Now
Questions 23

Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in ON condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner. Which of the following key combinations can he use to recover the IMEI number?

Options:

A.

#*06*#

B.

*#06#

C.

#06#*

D.

*IMEI#

Buy Now
Questions 24

Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?

Options:

A.

FAT File System

B.

ReFS

C.

exFAT

D.

NTFS File System

Buy Now
Questions 25

Which of the following is NOT an anti-forensics technique?

Options:

A.

Data Deduplication

B.

Steganography

C.

Encryption

D.

Password Protection

Buy Now
Questions 26

An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: Disk&Ven_Best_Buy&Prod_Geek_Squad_U3&Rev_6.15. What does the “Geek_Squad” part represent?

Options:

A.

Product description

B.

Manufacturer Details

C.

Developer description

D.

Software or OS used

Buy Now
Questions 27

Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

Options:

A.

Physical block

B.

Operating system block

C.

Hard disk block

D.

Logical block

Buy Now
Questions 28

Brian needs to acquire data from RAID storage. Which of the following acquisition methods is recommended to retrieve only the data relevant to the investigation?

Options:

A.

Static Acquisition

B.

Sparse or Logical Acquisition

C.

Bit-stream disk-to-disk Acquisition

D.

Bit-by-bit Acquisition

Buy Now
Questions 29

Which program uses different techniques to conceal a malware's code, thereby making it difficult for security mechanisms to detect or remove it?

Options:

A.

Dropper

B.

Packer

C.

Injector

D.

Obfuscator

Buy Now
Questions 30

What document does the screenshot represent?

Options:

A.

Expert witness form

B.

Search warrant form

C.

Chain of custody form

D.

Evidence collection form

Buy Now
Questions 31

Checkpoint Firewall logs can be viewed through a Check Point Log viewer that uses icons and colors in the log table to represent different security events and their severity. What does the icon in the checkpoint logs represent?

Options:

A.

The firewall rejected a connection

B.

A virus was detected in an email

C.

The firewall dropped a connection

D.

An email was marked as potential spam

Buy Now
Questions 32

One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

Options:

A.

The file header

B.

The File Allocation Table

C.

The file footer

D.

The sector map

Buy Now
Questions 33

Where does Encase search to recover NTFS files and folders?

Options:

A.

MBR

B.

MFT

C.

Slack space

D.

HAL

Buy Now
Questions 34

Which of the following files contains the traces of the applications installed, run, or uninstalled from a system?

Options:

A.

Virtual Files

B.

Image Files

C.

Shortcut Files

D.

Prefetch Files

Buy Now
Questions 35

Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files. What would this attack on the company PBX system be called?

Options:

A.

Phreaking

B.

Squatting

C.

Crunching

D.

Pretexting

Buy Now
Questions 36

What operating system would respond to the following command?

Options:

A.

Windows 95

B.

FreeBSD

C.

Windows XP

D.

Mac OS X

Buy Now
Questions 37

You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?

Options:

A.

Packet filtering firewall

B.

Circuit-level proxy firewall

C.

Application-level proxy firewall

D.

Stateful firewall

Buy Now
Questions 38

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

Options:

A.

All three servers need to be placed internally

B.

A web server and the database server facing the Internet, an application server on the internal network

C.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Buy Now
Questions 39

What must an attorney do first before you are called to testify as an expert?

Options:

A.

Qualify you as an expert witness

B.

Read your curriculum vitae to the jury

C.

Engage in damage control

D.

Prove that the tools you used to conduct your examination are perfect

Buy Now
Questions 40

What is an investigator looking for in the rp.log file stored in a system running on Windows 10 operating system?

Options:

A.

Restore point interval

B.

Automatically created restore points

C.

System CheckPoints required for restoring

D.

Restore point functions

Buy Now
Questions 41

Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

Options:

A.

HIPAA

B.

GLBA

C.

SOX

D.

FISMA

Buy Now
Questions 42

What is considered a grant of a property right given to an individual who discovers or invents a new machine, process, useful composition of matter or manufacture?

Options:

A.

Copyright

B.

Design patent

C.

Trademark

D.

Utility patent

Buy Now
Questions 43

Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups?

Options:

A.

Inode bitmap block

B.

Superblock

C.

Block bitmap block

D.

Data block

Buy Now
Questions 44

What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?

Options:

A.

Cracks every password in 10 minutes

B.

Distribute processing over 16 or fewer computers

C.

Support for Encrypted File System

D.

Support for MD5 hash verification

Buy Now
Questions 45

Which of the following are small pieces of data sent from a website and stored on the user’s computer by the user’s web browser to track, validate, and maintain specific user information?

Options:

A.

Temporary Files

B.

Open files

C.

Cookies

D.

Web Browser Cache

Buy Now
Questions 46

While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?

Options:

A.

Keep the information of file for later review

B.

Destroy the evidence

C.

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.

Present the evidence to the defense attorney

Buy Now
Questions 47

Which tool does the investigator use to extract artifacts left by Google Drive on the system?

Options:

A.

PEBrowse Professional

B.

RegScanner

C.

RAM Capturer

D.

Dependency Walker

Buy Now
Questions 48

Steven has been given the task of designing a computer forensics lab for the company he works for. He has found documentation on all aspects of how to design a lab except the number of exits needed. How many exits should Steven include in his design for the computer forensics lab?

Options:

A.

Three

B.

One

C.

Two

D.

Four

Buy Now
Questions 49

Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?

Options:

A.

Accunetix

B.

Nikto

C.

Snort

D.

Kismet

Buy Now
Questions 50

What hashing method is used to password protect Blackberry devices?

Options:

A.

AES

B.

RC5

C.

MD5

D.

SHA-1

Buy Now
Questions 51

Which code does the FAT file system use to mark the file as deleted?

Options:

A.

ESH

B.

5EH

C.

H5E

D.

E5H

Buy Now
Questions 52

Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

Options:

A.

Data collection

B.

Secure the evidence

C.

First response

D.

Data analysis

Buy Now
Questions 53

Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?

Options:

A.

Tailgating

B.

Backtrapping

C.

Man trap attack

D.

Fuzzing

Buy Now
Questions 54

Using Linux to carry out a forensics investigation, what would the following command accomplish?

dd if=/usr/home/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror

Options:

A.

Search for disk errors within an image file

B.

Backup a disk to an image file

C.

Copy a partition to an image file

D.

Restore a disk from an image file

Buy Now
Questions 55

Where are files temporarily written in Unix when printing?

Options:

A.

/usr/spool

B.

/var/print

C.

/spool

D.

/var/spool

Buy Now
Questions 56

Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

Options:

A.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

B.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProfileList

C.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegList

D.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Regedit

Buy Now
Questions 57

Which of the following tool enables data acquisition and duplication?

Options:

A.

Colasoft’s Capsa

B.

DriveSpy

C.

Wireshark

D.

Xplico

Buy Now
Questions 58

Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures?

Options:

A.

Lsproc

B.

DumpChk

C.

RegEdit

D.

EProcess

Buy Now
Questions 59

Which of the following commands shows you all of the network services running on Windows-based servers?

Options:

A.

Netstart

B.

Net Session

C.

Net use

D.

Net config

Buy Now
Questions 60

The process of restarting a computer that is already turned on through the operating system is called?

Options:

A.

Warm boot

B.

Ice boot

C.

Hot Boot

D.

Cold boot

Buy Now
Questions 61

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

Options:

A.

RestrictAnonymous must be set to "10" for complete security

B.

RestrictAnonymous must be set to "3" for complete security

C.

RestrictAnonymous must be set to "2" for complete security

D.

There is no way to always prevent an anonymous null session from establishing

Buy Now
Questions 62

Microsoft Outlook maintains email messages in a proprietary format in what type of file?

Options:

A.

.email

B.

.mail

C.

.pst

D.

.doc

Buy Now
Questions 63

Which of the following file system is used by Mac OS X?

Options:

A.

EFS

B.

HFS+

C.

EXT2

D.

NFS

Buy Now
Questions 64

Which response organization tracks hoaxes as well as viruses?

Options:

A.

NIPC

B.

FEDCIRC

C.

CERT

D.

CIAC

Buy Now
Questions 65

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers.

Bill protects the PDF documents with a password and sends them to their intended recipients.

Why PDF passwords do not offer maximum protection?

Options:

A.

PDF passwords can easily be cracked by software brute force tools

B.

PDF passwords are converted to clear text when sent through E-mail

C.

PDF passwords are not considered safe by Sarbanes-Oxley

D.

When sent through E-mail, PDF passwords are stripped from the document completely

Buy Now
Questions 66

When examining the log files from a Windows IIS Web Server, how often is a new log file created?

Options:

A.

the same log is used at all times

B.

a new log file is created everyday

C.

a new log file is created each week

D.

a new log is created each time the Web Server is started

Buy Now
Questions 67

Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?

Options:

A.

Send DOS commands to crash the DNS servers

B.

Perform DNS poisoning

C.

Perform a zone transfer

D.

Enumerate all the users in the domain

Buy Now
Questions 68

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

Options:

A.

Text semagram

B.

Visual semagram

C.

Grill cipher

D.

Visual cipher

Buy Now
Questions 69

Which of the following tool enables a user to reset his/her lost admin password in a Windows system?

Options:

A.

Advanced Office Password Recovery

B.

Active@ Password Changer

C.

Smartkey Password Recovery Bundle Standard

D.

Passware Kit Forensic

Buy Now
Questions 70

Which among the following files provides email header information in the Microsoft Exchange server?

Options:

A.

gwcheck.db

B.

PRIV.EDB

C.

PUB.EDB

D.

PRIV.STM

Buy Now
Questions 71

Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

Options:

A.

Expert Witness

B.

Evidence Examiner

C.

Forensic Examiner

D.

Defense Witness

Buy Now
Questions 72

The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers written under oath, written requests for admissions of fact and examination of the scene is a description of what legal term?

Options:

A.

Detection

B.

Hearsay

C.

Spoliation

D.

Discovery

Buy Now
Questions 73

Item 2If you come across a sheepdip machine at your client site, what would you infer?

Options:

A.

A sheepdip coordinates several honeypots

B.

A sheepdip computer is another name for a honeypot

C.

A sheepdip computer is used only for virus-checking.

D.

A sheepdip computer defers a denial of service attack

Buy Now
Questions 74

What is a good security method to prevent unauthorized users from "tailgating"?

Options:

A.

Man trap

B.

Electronic combination locks

C.

Pick-resistant locks

D.

Electronic key systems

Buy Now
Questions 75

Jason is the security administrator of ACMA metal Corporation. One day he notices the company's Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately.

Which organization coordinates computer crimes investigations throughout the United States?

Options:

A.

Internet Fraud Complaint Center

B.

Local or national office of the U.S. Secret Service

C.

National Infrastructure Protection Center

D.

CERT Coordination Center

Buy Now
Questions 76

The use of warning banners helps a company avoid litigation by overcoming an employee assumed __________________________. When connecting to the company's intranet, network or Virtual Private Network(VPN) and will allow the company's investigators to monitor, search and retrieve information stored within the network.

Options:

A.

Right to work

B.

Right of free speech

C.

Right to Internet Access

D.

Right of Privacy

Buy Now
Questions 77

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

Options:

A.

Tracert

B.

Smurf scan

C.

Ping trace

D.

ICMP ping sweep

Buy Now
Questions 78

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

Options:

A.

The ISP can investigate anyone using their service and can provide you with assistance

B.

The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant

C.

The ISP can't conduct any type of investigations on anyone and therefore can't assist you

D.

ISP's never maintain log files so they would be of no use to your investigation

Buy Now
Questions 79

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

Options:

A.

Use a system that has a dynamic addressing on the network

B.

Use a system that is not directly interacting with the router

C.

Use it on a system in an external DMZ in front of the firewall

D.

It doesn't matter as all replies are faked

Buy Now
Questions 80

You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

Options:

A.

Polymorphic

B.

Metamorphic

C.

Oligomorhic

D.

Transmorphic

Buy Now
Questions 81

When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.

Options:

A.

A Capital X

B.

A Blank Space

C.

The Underscore Symbol

D.

The lowercase Greek Letter Sigma (s)

Buy Now
Questions 82

Debbie has obtained a warrant to search a known pedophiles house. Debbie went to the house and executed the search warrant to seize digital devices that have been recorded as being used for downloading Illicit Images. She seized all digital devices except a digital camera. Why did she not collect the digital camera?

Options:

A.

The digital camera was not listed as one of the digital devices in the warrant

B.

The vehicle Debbie was using to transport the evidence was already full and could not carry more items

C.

Debbie overlooked the digital camera because it is not a computer system

D.

The digital camera was old. had a cracked screen, and did not have batteries. Therefore, it could not have been used in a crime.

Buy Now
Questions 83

Which of the following is the most effective tool for acquiring volatile data from a Windows-based system?

Options:

A.

Coreography

B.

Datagrab

C.

Ethereal

D.

Helix

Buy Now
Questions 84

Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security.

Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

Options:

A.

Border Gateway Protocol

B.

Cisco Discovery Protocol

C.

Broadcast System Protocol

D.

Simple Network Management Protocol

Buy Now
Questions 85

In which loT attack does the attacker use multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks?

Options:

A.

Replay attack

B.

Jamming attack

C.

Blueborne attack

D.

Sybil attack

Buy Now
Questions 86

______allows a forensic investigator to identify the missing links during investigation.

Options:

A.

Evidence preservation

B.

Chain of custody

C.

Evidence reconstruction

D.

Exhibit numbering

Buy Now
Questions 87

Which of the following methods of mobile device data acquisition captures all the data present on the device, as well as all deleted data and access to unallocated space?

Options:

A.

Manual acquisition

B.

Logical acquisition

C.

Direct acquisition

D.

Physical acquisition

Buy Now
Questions 88

You are the incident response manager at a regional bank. While performing routine auditing of web application logs, you find several attempted login submissions that contain the following strings:

What kind of attack has occurred?

Options:

A.

SQL injection

B.

Buffer overflow

C.

Cross-size scripting

D.

Cross-size request forgery

Buy Now
Questions 89

Consider a scenario where a forensic investigator is performing malware analysis on a memory dump acquired from a victims computer. The investigator uses Volatility Framework to analyze RAM contents; which plugin helps investigator to identify hidden processes or injected code/DLL in the memory dump?

Options:

A.

pslist

B.

malscan

C.

mallist

D.

malfind

Buy Now
Questions 90

What are the security risks of running a "repair" installation for Windows XP?

Options:

A.

Pressing Shift+F10gives the user administrative rights

B.

Pressing Shift+F1gives the user administrative rights

C.

Pressing Ctrl+F10 gives the user administrative rights

D.

There are no security risks when running the "repair" installation for Windows XP

Buy Now
Questions 91

During a forensic investigation, a large number of files were collected. The investigator needs to evaluate ownership and accountability of those files. Therefore, he begins to Identify attributes such as "author name," "organization name." "network name," or any additional supporting data that is meant for the owner's Identification purpose. Which term describes these attributes?

Options:

A.

Data header

B.

Data index

C.

Metabase

D.

Metadata

Buy Now
Questions 92

In Java, when multiple applications are launched, multiple Dalvik Virtual Machine instances occur that consume memory and time. To avoid that. Android Implements a process that enables low memory consumption and quick start-up time. What is the process called?

Options:

A.

init

B.

Media server

C.

Zygote

D.

Daemon

Buy Now
Questions 93

An Investigator Is checking a Cisco firewall log that reads as follows:

Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to 10.0.0.33 on Interface outside

What does %ASA-1-106021 denote?

Options:

A.

Mnemonic message

B.

Type of traffic

C.

Firewall action

D.

Type of request

Buy Now
Questions 94

Derrick, a forensic specialist, was investigating an active computer that was executing various processes. Derrick wanted to check whether this system was used In an Incident that occurred earlier. He started Inspecting and gathering the contents of RAM, cache, and DLLs to Identify Incident signatures. Identify the data acquisition method employed by Derrick in the above scenario.

Options:

A.

Dead data acquisition

B.

Static data acquisition

C.

Non-volatile data acquisition

D.

Live data acquisition

Buy Now
Questions 95

Which of the following Ii considered as the starting point of a database and stores user data and database objects in an MS SQL server?

Options:

A.

Ibdata1

B.

Application data files (ADF)

C.

Transaction log data files (LDF)

D.

Primary data files (MDF)

Buy Now
Questions 96

Which of the following is a requirement for senders as per the CAN-SPAM act?

Options:

A.

Senders cannot use misleading or false header information

B.

Senders should never share their physical postal address in the email

C.

Senders must use deceptive subject lines

D.

Emails must not contain information regarding how to stop receiving emails from the sender in future

Buy Now
Questions 97

To understand the impact of a malicious program after the booting process and to collect recent information from the disk partition, an Investigator should evaluate the content of the:

Options:

A.

MBR

B.

GRUB

C.

UEFI

D.

BIOS

Buy Now
Questions 98

Consider a scenario where the perpetrator of a dark web crime has unlnstalled Tor browser from their computer after committing the crime. The computer has been seized by law enforcement so they can Investigate It for artifacts of Tor browser usage. Which of the following should the Investigators examine to establish the use of Tor browser on the suspect machine?

Options:

A.

Swap files

B.

Files in Recycle Bin

C.

Security logs

D.

Prefetch files

Buy Now
Questions 99

Which "Standards and Criteria" under SWDGE states that "the agency must use hardware and software that are appropriate and effective for the seizure or examination procedure"?

Options:

A.

Standards and Criteria 1.7

B.

Standards and Criteria 1.6

C.

Standards and Criteria 1.4

D.

Standards and Criteria 1.5

Buy Now
Questions 100

Which following forensic tool allows investigator to detect and extract hidden streams on NTFS drive?

Options:

A.

Stream Detector

B.

TimeStomp

C.

Autopsy

D.

analyzeMFT

Buy Now
Questions 101

Which set of anti-forensic tools/techniques allows a program to compress and/or encrypt an executable file to hide attack tools from being detected by reverse-engineering or scanning?

Options:

A.

Packers

B.

Emulators

C.

Password crackers

D.

Botnets

Buy Now
Questions 102

Choose the layer in iOS architecture that provides frameworks for iOS app development?

Options:

A.

Media services

B.

Cocoa Touch

C.

Core services

D.

Core OS

Buy Now
Questions 103

Ronald, a forensic investigator, has been hired by a financial services organization to Investigate an attack on their MySQL database server, which Is hosted on a Windows machine named WIN-DTRAI83202X. Ronald wants to retrieve information on the changes that have been made to the database. Which of the following files should Ronald examine for this task?

Options:

A.

relay-log.info

B.

WIN-DTRAl83202Xrelay-bin.index

C.

WIN-DTRAI83202Xslow.log

D.

WIN-DTRAI83202X-bin.nnnnnn

Buy Now
Questions 104

What command-line tool enables forensic Investigator to establish communication between an Android device and a forensic workstation in order to perform data acquisition from the device?

Options:

A.

APK Analyzer

B.

SDK Manager

C.

Android Debug Bridge

D.

Xcode

Buy Now
Questions 105

You are an information security analyst at a large pharmaceutical company. While performing a routine review of audit logs, you have noticed a significant amount of egress traffic to various IP addresses on destination port 22 during off-peak hours. You researched some of the IP addresses and found that many of them are in Eastern Europe. What is the most likely cause of this traffic?

Options:

A.

Malicious software on internal system is downloading research data from partner 5FTP servers in Eastern Europe

B.

Internal systems are downloading automatic Windows updates

C.

Data is being exfiltrated by an advanced persistent threat (APT)

D.

The organization's primary internal DNS server has been compromised and is performing DNS zone transfers to malicious external entities

Buy Now
Exam Code: 312-49v10
Exam Name: Computer Hacking Forensic Investigator (CHFI-v10)
Last Update: Dec 26, 2024
Questions: 704
312-49v10 pdf

312-49v10 PDF

$25.5  $84.99
312-49v10 Engine

312-49v10 Testing Engine

$30  $99.99
312-49v10 PDF + Engine

312-49v10 PDF + Testing Engine

$40.5  $134.99