Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors

312-49v10 Computer Hacking Forensic Investigator (CHFI-v10) Questions and Answers

Questions 4

Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

Options:

A.

Data collection

B.

Secure the evidence

C.

First response

D.

Data analysis

Buy Now
Questions 5

What is the primary function of the tool CHKDSK in Windows that authenticates the file system reliability of a volume?

Options:

A.

Repairs logical file system errors

B.

Check the disk for hardware errors

C.

Check the disk for connectivity errors

D.

Check the disk for Slack Space

Buy Now
Questions 6

Which among the following files provides email header information in the Microsoft Exchange server?

Options:

A.

gwcheck.db

B.

PRIV.EDB

C.

PUB.EDB

D.

PRIV.STM

Buy Now
Questions 7

Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?

Options:

A.

Mime-Version header

B.

Content-Type header

C.

Content-Transfer-Encoding header

D.

Errors-To header

Buy Now
Questions 8

Where does Encase search to recover NTFS files and folders?

Options:

A.

MBR

B.

MFT

C.

Slack space

D.

HAL

Buy Now
Questions 9

When marking evidence that has been collected with the “aaa/ddmmyy/nnnn/zz” format, what does the “nnnn” denote?

Options:

A.

The initials of the forensics analyst

B.

The sequence number for the parts of the same exhibit

C.

The year he evidence was taken

D.

The sequential number of the exhibits seized by the analyst

Buy Now
Questions 10

Which of the following options will help users to enable or disable the last access time on a system running Windows 10 OS?

Options:

A.

wmic service

B.

Reg.exe

C.

fsutil

D.

Devcon

Buy Now
Questions 11

Which Event Correlation approach assumes and predicts what an attacker can do next after the attack by studying statistics and probability?

Options:

A.

Profile/Fingerprint-Based Approach

B.

Bayesian Correlation

C.

Time (Clock Time) or Role-Based Approach

D.

Automated Field Correlation

Buy Now
Questions 12

Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security.

Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

Options:

A.

Border Gateway Protocol

B.

Cisco Discovery Protocol

C.

Broadcast System Protocol

D.

Simple Network Management Protocol

Buy Now
Questions 13

At what layer of the OSI model do routers function on?

Options:

A.

4

B.

3

C.

1

D.

5

Buy Now
Questions 14

A forensic examiner is examining a Windows system seized from a crime scene. During the examination of a suspect file, he discovered that the file is password protected. He tried guessing the password using the suspect’s available information but without any success. Which of the following tool can help the investigator to solve this issue?

Options:

A.

Cain & Abel

B.

Xplico

C.

Recuva

D.

Colasoft’s Capsa

Buy Now
Questions 15

Which of the following does Microsoft Exchange E-mail Server use for collaboration of various e-mail applications?

Options:

A.

Simple Mail Transfer Protocol (SMTP)

B.

Messaging Application Programming Interface (MAPI)

C.

Internet Message Access Protocol (IMAP)

D.

Post Office Protocol version 3 (POP3)

Buy Now
Questions 16

Which of the following tools is not a data acquisition hardware tool?

Options:

A.

UltraKit

B.

Atola Insight Forensic

C.

F-Response Imager

D.

Triage-Responder

Buy Now
Questions 17

What is cold boot (hard boot)?

Options:

A.

It is the process of restarting a computer that is already in sleep mode

B.

It is the process of shutting down a computer from a powered-on or on state

C.

It is the process of restarting a computer that is already turned on through the operating system

D.

It is the process of starting a computer from a powered-down or off state

Buy Now
Questions 18

Which one of the following is not a first response procedure?

Options:

A.

Preserve volatile data

B.

Fill forms

C.

Crack passwords

D.

Take photos

Buy Now
Questions 19

Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?

Options:

A.

ISO 9660

B.

ISO/IEC 13940

C.

ISO 9060

D.

IEC 3490

Buy Now
Questions 20

What is the role of Alloc.c in Apache core?

Options:

A.

It handles allocation of resource pools

B.

It is useful for reading and handling of the configuration files

C.

It takes care of all the data exchange and socket connections between the client and the server

D.

It handles server start-ups and timeouts

Buy Now
Questions 21

Steve, a forensic investigator, was asked to investigate an email incident in his organization. The organization has Microsoft Exchange Server deployed for email communications. Which among the following files will Steve check to analyze message headers, message text, and standard attachments?

Options:

A.

PUB.EDB

B.

PRIV.EDB

C.

PUB.STM

D.

PRIV.STM

Buy Now
Questions 22

Which principle states that “anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave”?

Options:

A.

Locard's Exchange Principle

B.

Enterprise Theory of Investigation

C.

Locard's Evidence Principle

D.

Evidence Theory of Investigation

Buy Now
Questions 23

James is dealing with a case regarding a cybercrime that has taken place in Arizona, USA. James needs to lawfully seize the evidence from an electronic device without affecting the user's anonymity. Which of the following law should he comply with, before retrieving the evidence?

Options:

A.

First Amendment of the U.S. Constitution

B.

Fourth Amendment of the U.S. Constitution

C.

Third Amendment of the U.S. Constitution

D.

Fifth Amendment of the U.S. Constitution

Buy Now
Questions 24

While analyzing a hard disk, the investigator finds that the file system does not use UEFI-based interface. Which of the following operating systems is present on the hard disk?

Options:

A.

Windows 10

B.

Windows 8

C.

Windows 7

D.

Windows 8.1

Buy Now
Questions 25

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network.

Options:

A.

48-bit address

B.

24-bit address

C.

16-bit address

D.

32-bit address

Buy Now
Questions 26

Gill is a computer forensics investigator who has been called upon to examine a seized computer. This computer, according to the police, was used by a hacker who gained access to numerous banking institutions to steal customer information. After preliminary investigations, Gill finds in the computer’s log files that the hacker was able to gain access to these banks through the use of Trojan horses. The hacker then used these Trojan horses to obtain remote access to the companies’ domain controllers. From this point, Gill found that the hacker pulled off the SAM files from the domain controllers to then attempt and crack network passwords. What is the most likely password cracking technique used by this hacker to break the user passwords from the SAM files?

Options:

A.

Syllable attack

B.

Hybrid attack

C.

Brute force attack

D.

Dictionary attack

Buy Now
Questions 27

When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called “INFO2” in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________.

Options:

A.

Undo the last action performed on the system

B.

Reboot Windows

C.

Use a recovery tool to undelete the file

D.

Download the file from Microsoft website

Buy Now
Questions 28

A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

Options:

A.

They examined the actual evidence on an unrelated system

B.

They attempted to implicate personnel without proof

C.

They tampered with evidence by using it

D.

They called in the FBI without correlating with the fingerprint data

Buy Now
Questions 29

The objective of this act was to protect consumers’ personal financial information held by financial institutions and their service providers.

Options:

A.

Gramm-Leach-Bliley Act

B.

Sarbanes-Oxley 2002

C.

California SB 1386

D.

HIPAA

Buy Now
Questions 30

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

Options:

A.

128

B.

64

C.

32

D.

16

Buy Now
Questions 31

What does ICMP Type 3/Code 13 mean?

Options:

A.

Host Unreachable

B.

Administratively Blocked

C.

Port Unreachable

D.

Protocol Unreachable

Buy Now
Questions 32

Study the log given below and answer the following question:

Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169

Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482

Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53

Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21

Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53

Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111

Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80

Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)

Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)

Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080

Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

Options:

A.

Disallow UDP53 in from outside to DNS server

B.

Allow UDP53 in from DNS server to outside

C.

Disallow TCP53 in from secondaries or ISP server to DNS server

D.

Block all UDP traffic

Buy Now
Questions 33

Software firewalls work at which layer of the OSI model?

Options:

A.

Application

B.

Network

C.

Transport

D.

Data Link

Buy Now
Questions 34

Tasklist command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following tasklist commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

Options:

A.

tasklist /p

B.

tasklist /v

C.

tasklist /u

D.

tasklist /s

Buy Now
Questions 35

Select the data that a virtual memory would store in a Windows-based system.

Options:

A.

Information or metadata of the files

B.

Documents and other files

C.

Application data

D.

Running processes

Buy Now
Questions 36

Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?

Options:

A.

OpenGL/ES and SGL

B.

Surface Manager

C.

Media framework

D.

WebKit

Buy Now
Questions 37

In which implementation of RAID will the image of a Hardware RAID volume be different from the image taken separately from the disks?

Options:

A.

RAID 1

B.

The images will always be identical because data is mirrored for redundancy

C.

RAID 0

D.

It will always be different

Buy Now
Questions 38

UEFI is a specification that defines a software interface between an OS and platform firmware. Where does this interface store information about files present on a disk?

Options:

A.

BIOS-MBR

B.

GUID Partition Table (GPT)

C.

Master Boot Record (MBR)

D.

BIOS Parameter Block

Buy Now
Questions 39

Which file is a sequence of bytes organized into blocks understandable by the system’s linker?

Options:

A.

executable file

B.

source file

C.

Object file

D.

None of these

Buy Now
Questions 40

Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in ON condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner. Which of the following key combinations can he use to recover the IMEI number?

Options:

A.

#*06*#

B.

*#06#

C.

#06#*

D.

*IMEI#

Buy Now
Questions 41

William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?

Options:

A.

The combined log format of Apache access log

B.

The common log format of Apache access log

C.

Apache error log

D.

IIS log

Buy Now
Questions 42

Amber, a black hat hacker, has embedded a malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing?

Options:

A.

Click-jacking

B.

Compromising a legitimate site

C.

Spearphishing

D.

Malvertising

Buy Now
Questions 43

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM files on a computer. Where should Harold navigate on the computer to find the file?

Options:

A.

%systemroot%\system32\LSA

B.

%systemroot%\system32\drivers\etc

C.

%systemroot%\repair

D.

%systemroot%\LSA

Buy Now
Questions 44

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

Options:

A.

The zombie will not send a response

B.

31402

C.

31399

D.

31401

Buy Now
Questions 45

You are working in the security Department of law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?

Options:

A.

10

B.

25

C.

110

D.

135

Buy Now
Questions 46

Which of the following Linux command searches through the current processes and lists the process IDs those match the selection criteria to stdout?

Options:

A.

pstree

B.

pgrep

C.

ps

D.

grep

Buy Now
Questions 47

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

Options:

A.

forensic duplication of hard drive

B.

analysis of volatile data

C.

comparison of MD5 checksums

D.

review of SIDs in the Registry

Buy Now
Questions 48

While collecting Active Transaction Logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, assigning NULL values implies?

Options:

A.

Start and end points for log sequence numbers are specified

B.

Start and end points for log files are not specified

C.

Start and end points for log files are specified

D.

Start and end points for log sequence numbers are not specified

Buy Now
Questions 49

Why should you note all cable connections for a computer you want to seize as evidence?

Options:

A.

to know what outside connections existed

B.

in case other devices were connected

C.

to know what peripheral devices exist

D.

to know what hardware existed

Buy Now
Questions 50

The newer Macintosh Operating System is based on:

Options:

A.

OS/2

B.

BSD Unix

C.

Linux

D.

Microsoft Windows

Buy Now
Questions 51

With Regard to using an Antivirus scanner during a computer forensics investigation, You should:

Options:

A.

Scan the suspect hard drive before beginning an investigation

B.

Never run a scan on your forensics workstation because it could change your systems configuration

C.

Scan your forensics workstation at intervals of no more than once every five minutes during an investigation

D.

Scan your Forensics workstation before beginning an investigation

Buy Now
Questions 52

In the context of file deletion process, which of the following statement holds true?

Options:

A.

When files are deleted, the data is overwritten and the cluster marked as available

B.

The longer a disk is in use, the less likely it is that deleted files will be overwritten

C.

While booting, the machine may create temporary files that can delete evidence

D.

Secure delete programs work by completely overwriting the file in one go

Buy Now
Questions 53

Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host_id, and local path information?

Options:

A.

host.db

B.

sigstore.db

C.

config.db

D.

filecache.db

Buy Now
Questions 54

This organization maintains a database of hash signatures for known software.

Options:

A.

International Standards Organization

B.

Institute of Electrical and Electronics Engineers

C.

National Software Reference Library

D.

American National standards Institute

Buy Now
Questions 55

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

Options:

A.

bench warrant

B.

wire tap

C.

subpoena

D.

search warrant

Buy Now
Questions 56

Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and zombies? What type of Penetration Testing is Larry planning to carry out?

Options:

A.

Router Penetration Testing

B.

DoS Penetration Testing

C.

Firewall Penetration Testing

D.

Internal Penetration Testing

Buy Now
Questions 57

The following excerpt is taken from a honeypot log. The log captures activities across three days.

There are several intrusion attempts; however, a few are successful.

(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)

Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169

Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482

Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53

Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21

Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53

Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111

Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80

Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)

Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)

Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080

Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

From the options given below choose the one which best interprets the following entry:

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

Options:

A.

An IDS evasion technique

B.

A buffer overflow attempt

C.

A DNS zone transfer

D.

Data being retrieved from 63.226.81.13

Buy Now
Questions 58

When examining a file with a Hex Editor, what space does the file header occupy?

Options:

A.

the last several bytes of the file

B.

the first several bytes of the file

C.

none, file headers are contained in the FAT

D.

one byte at the beginning of the file

Buy Now
Questions 59

You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subject’s computer. You inform the officer that you will not be able to comply with that request because doing so would:

Options:

A.

Violate your contract

B.

Cause network congestion

C.

Make you an agent of law enforcement

D.

Write information to the subject’s hard drive

Buy Now
Questions 60

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:

https://172.168.4.131/level/99/exec/show/config

After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

Options:

A.

HTTP Configuration Arbitrary Administrative Access Vulnerability

B.

HTML Configuration Arbitrary Administrative Access Vulnerability

C.

Cisco IOS Arbitrary Administrative Access Online Vulnerability

D.

URL Obfuscation Arbitrary Administrative Access Vulnerability

Buy Now
Questions 61

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

Options:

A.

the attorney-work-product rule

B.

Good manners

C.

Trade secrets

D.

ISO 17799

Buy Now
Questions 62

What are the security risks of running a "repair" installation for Windows XP?

Options:

A.

Pressing Shift+F10gives the user administrative rights

B.

Pressing Shift+F1gives the user administrative rights

C.

Pressing Ctrl+F10 gives the user administrative rights

D.

There are no security risks when running the "repair" installation for Windows XP

Buy Now
Questions 63

Which of the following malware targets Android mobile devices and installs a backdoor that remotely installs applications from an attacker-controlled server?

Options:

A.

Felix

B.

XcodeGhost

C.

xHelper

D.

Unflod

Buy Now
Questions 64

Consider a scenario where the perpetrator of a dark web crime has unlnstalled Tor browser from their computer after committing the crime. The computer has been seized by law enforcement so they can Investigate It for artifacts of Tor browser usage. Which of the following should the Investigators examine to establish the use of Tor browser on the suspect machine?

Options:

A.

Swap files

B.

Files in Recycle Bin

C.

Security logs

D.

Prefetch files

Buy Now
Questions 65

Choose the layer in iOS architecture that provides frameworks for iOS app development?

Options:

A.

Media services

B.

Cocoa Touch

C.

Core services

D.

Core OS

Buy Now
Questions 66

An investigator wants to extract passwords from SAM and System Files. Which tool can the Investigator use to obtain a list of users, passwords, and their hashes In this case?

Options:

A.

PWdump7

B.

HashKey

C.

Nuix

D.

FileMerlin

Buy Now
Questions 67

Jason is the security administrator of ACMA metal Corporation. One day he notices the company's Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately.

Which organization coordinates computer crimes investigations throughout the United States?

Options:

A.

Internet Fraud Complaint Center

B.

Local or national office of the U.S. Secret Service

C.

National Infrastructure Protection Center

D.

CERT Coordination Center

Buy Now
Questions 68

Which of the following tools will allow a forensic Investigator to acquire the memory dump of a suspect machine so that It may be Investigated on a forensic workstation to collect evidentiary data like processes and Tor browser artifacts?

Options:

A.

DB Browser SQLite

B.

Bulk Extractor

C.

Belkasoft Live RAM Capturer and AccessData FTK imager

D.

Hex Editor

Buy Now
Questions 69

An investigator Is examining a file to identify any potentially malicious content. To avoid code execution and still be able to uncover hidden indicators of compromise (IOC), which type of examination should the investigator perform:

Options:

A.

Threat hunting

B.

Threat analysis

C.

Static analysis

D.

Dynamic analysis

Buy Now
Questions 70

Steve received a mail that seemed to have come from her bank. The mail has instructions for Steve to click on a link and provide information to avoid the suspension of her account. The link in the mail redirected her to a form asking for details such as name, phone number, date of birth, credit card number or PIN, CW code, SNNs, and email address. On a closer look, Steve realized that the URL of the form in not the same as that of her bank's. Identify the type of external attack performed by the attacker In the above scenario?

Options:

A.

Aphishing

B.

Espionage

C.

Taiigating

D.

Brute-force

Buy Now
Questions 71

A call detail record (CDR) provides metadata about calls made over a phone service. From the following data fields, which one Is not contained in a CDR.

Options:

A.

The call duration

B.

A unique sequence number identifying the record

C.

The language of the call

D.

Phone number receiving the call

Buy Now
Questions 72

The police believe that Melvin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

Options:

A.

The Fourth Amendment

B.

The USA patriot Act

C.

The Good Samaritan Laws

D.

The Federal Rules of Evidence

Buy Now
Questions 73

Storage location of Recycle Bin for NTFS file systems (Windows Vista and later) is located at:

Options:

A.

Drive:\$ Recycle. Bin

B.

DriveARECYClE.BIN

C.

Drive:\RECYCLER

D.

Drive:\REYCLED

Buy Now
Questions 74

Brian has the job of analyzing malware for a software security company. Brian has setup a virtual environment that includes virtual machines running various versions of OSes. Additionally, Brian has setup separated virtual networks within this environment The virtual environment does not connect to the company's intranet nor does it connect to the external Internet. With everything setup, Brian now received an executable file from client that has undergone a cyberattack. Brian ran the executable file In the virtual environment to see what it would do. What type of analysis did Brian perform?

Options:

A.

Static malware analysis

B.

Status malware analysis

C.

Dynamic malware analysis

D.

Static OS analysis

Buy Now
Questions 75

You are the incident response manager at a regional bank. While performing routine auditing of web application logs, you find several attempted login submissions that contain the following strings:

312-49v10 Question 75

What kind of attack has occurred?

Options:

A.

SQL injection

B.

Buffer overflow

C.

Cross-size scripting

D.

Cross-size request forgery

Buy Now
Questions 76

For the purpose of preserving the evidentiary chain of custody, which of the following labels is not appropriate?

Options:

A.

Relevant circumstances surrounding the collection

B.

General description of the evidence

C.

Exact location the evidence was collected from

D.

SSN of the person collecting the evidence

Buy Now
Questions 77

An EC2 instance storing critical data of a company got infected with malware. The forensics team took the EBS volume snapshot of the affected Instance to perform further analysis and collected other data of evidentiary value. What should be their next step?

Options:

A.

They should pause the running instance

B.

They should keep the instance running as it stores critical data

C.

They should terminate all instances connected via the same VPC

D.

They should terminate the instance after taking necessary backup

Buy Now
Questions 78

Consider a scenario where a forensic investigator is performing malware analysis on a memory dump acquired from a victims computer. The investigator uses Volatility Framework to analyze RAM contents; which plugin helps investigator to identify hidden processes or injected code/DLL in the memory dump?

Options:

A.

pslist

B.

malscan

C.

mallist

D.

malfind

Buy Now
Questions 79

To understand the impact of a malicious program after the booting process and to collect recent information from the disk partition, an Investigator should evaluate the content of the:

Options:

A.

MBR

B.

GRUB

C.

UEFI

D.

BIOS

Buy Now
Questions 80

A forensic analyst has been tasked with investigating unusual network activity Inside a retail company's network. Employees complain of not being able to access services, frequent rebooting, and anomalies In log files. The Investigator requested log files from the IT administrator and after carefully reviewing them, he finds the following log entry:

312-49v10 Question 80

What type of attack was performed on the companies' web application?

Options:

A.

Directory transversal

B.

Unvalidated input

C.

Log tampering

D.

SQL injection

Buy Now
Questions 81

A forensic examiner encounters a computer with a failed OS installation and the master boot record (MBR) or partition sector damaged. Which of the following tools can find and restore files and Information In the disk?

Options:

A.

Helix

B.

R-Studio

C.

NetCat

D.

Wireshark

Buy Now
Questions 82

In a Fllesystem Hierarchy Standard (FHS), which of the following directories contains the binary files required for working?

Options:

A.

/sbin

B.

/proc

C.

/mm

D.

/media

Buy Now
Questions 83

Which of the following statements pertaining to First Response is true?

Options:

A.

First Response is a part of the investigation phase

B.

First Response is a part of the post-investigation phase

C.

First Response is a part of the pre-investigation phase

D.

First Response is neither a part of pre-investigation phase nor a part of investigation phase. It only involves attending to a crime scene first and taking measures that assist forensic investigators in executing their tasks in the investigation phase more efficiently

Buy Now
Questions 84

Sally accessed the computer system that holds trade secrets of the company where she Is employed. She knows she accessed It without authorization and all access (authorized and unauthorized) to this computer Is monitored.To cover her tracks. Sally deleted the log entries on this computer. What among the following best describes her action?

Options:

A.

Password sniffing

B.

Anti-forensics

C.

Brute-force attack

D.

Network intrusion

Buy Now
Questions 85

The working of the Tor browser is based on which of the following concepts?

Options:

A.

Both static and default routing

B.

Default routing

C.

Static routing

D.

Onion routing

Buy Now
Questions 86

A cybercriminal is attempting to remove evidence from a Windows computer. He deletes the file evldence1.doc. sending it to Windows Recycle Bin. The cybercriminal then empties the Recycle Bin. After having been removed from the Recycle Bin. what will happen to the data?

Options:

A.

The data will remain in its original clusters until it is overwritten

B.

The data will be moved to new clusters in unallocated space

C.

The data will become corrupted, making it unrecoverable

D.

The data will be overwritten with zeroes

Buy Now
Questions 87

In Java, when multiple applications are launched, multiple Dalvik Virtual Machine instances occur that consume memory and time. To avoid that. Android Implements a process that enables low memory consumption and quick start-up time. What is the process called?

Options:

A.

init

B.

Media server

C.

Zygote

D.

Daemon

Buy Now
Questions 88

What is the extension used by Windows OS for shortcut files present on the machine?

Options:

A.

.log

B.

.pf

C.

.lnk

D.

.dat

Buy Now
Questions 89

Rule 1002 of Federal Rules of Evidence (US) talks about_____

Options:

A.

Admissibility of original

B.

Admissibility of duplicates

C.

Requirement of original

D.

Admissibility of other evidence of contents

Buy Now
Questions 90

How often must a company keep log files for them to be admissible in a court of law?

Options:

A.

All log files are admissible in court no matter their frequency

B.

Weekly

C.

Monthly

D.

Continuously

Buy Now
Questions 91

How will you categorize a cybercrime that took place within a CSP’s cloud environment?

Options:

A.

Cloud as a Subject

B.

Cloud as a Tool

C.

Cloud as an Audit

D.

Cloud as an Object

Buy Now
Questions 92

Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

Options:

A.

HIPAA

B.

GLBA

C.

SOX

D.

FISMA

Buy Now
Questions 93

Which of the following file contains the traces of the applications installed, run, or uninstalled from a system?

Options:

A.

Shortcut Files

B.

Virtual files

C.

Prefetch Files

D.

Image Files

Buy Now
Questions 94

Which network attack is described by the following statement?

“At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries.”

Options:

A.

DDoS

B.

Sniffer Attack

C.

Buffer Overflow

D.

Man-in-the-Middle Attack

Buy Now
Questions 95

Which of the following techniques delete the files permanently?

Options:

A.

Steganography

B.

Artifact Wiping

C.

Data Hiding

D.

Trail obfuscation

Buy Now
Questions 96

Which password cracking technique uses details such as length of password, character sets used to construct the password, etc.?

Options:

A.

Dictionary attack

B.

Brute force attack

C.

Rule-based attack

D.

Man in the middle attack

Buy Now
Questions 97

When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

Options:

A.

All virtual memory will be deleted

B.

The wrong partition may be set to active

C.

This action can corrupt the disk

D.

The computer will be set in a constant reboot state

Buy Now
Questions 98

What is considered a grant of a property right given to an individual who discovers or invents a new machine, process, useful composition of matter or manufacture?

Options:

A.

Copyright

B.

Design patent

C.

Trademark

D.

Utility patent

Buy Now
Questions 99

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

Options:

A.

Net sessions

B.

Net config

C.

Net share

D.

Net use

Buy Now
Questions 100

What is one method of bypassing a system BIOS password?

Options:

A.

Removing the processor

B.

Removing the CMOS battery

C.

Remove all the system memory

D.

Login to Windows and disable the BIOS password

Buy Now
Questions 101

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

Options:

A.

Volume Boot Record

B.

Master Boot Record

C.

GUID Partition Table

D.

Master File Table

Buy Now
Questions 102

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file. What kind of picture is this file?

Options:

A.

Raster image

B.

Vector image

C.

Metafile image

D.

Catalog image

Buy Now
Questions 103

What technique is used by JPEGs for compression?

Options:

A.

ZIP

B.

TCD

C.

DCT

D.

TIFF-8

Buy Now
Questions 104

The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block?

Options:

A.

512 bits

B.

512 bytes

C.

256 bits

D.

256 bytes

Buy Now
Questions 105

What does the 63.78.199.4(161) denotes in a Cisco router log?

Mar 14 22:57:53.425 EST: %SEC-6-IPACCESSLOGP: list internet-inbound denied udp 66.56.16.77(1029) -> 63.78.199.4(161), 1 packet

Options:

A.

Destination IP address

B.

Source IP address

C.

Login IP address

D.

None of the above

Buy Now
Exam Code: 312-49v10
Exam Name: Computer Hacking Forensic Investigator (CHFI-v10)
Last Update: Nov 19, 2024
Questions: 704

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now 312-49v10 testing engine

PDF (Q&A)

$31.5  $104.99
buy now 312-49v10 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024