312-49v11試験無料問題集（1006題）「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) 認定」

出題：1

What does the 56.58.152.114(445) denote in a Cisco router log?
Jun 19 23:25:46.125 EST: %SEC-4-IPACCESSLOGP: list internet-inbound denied udp
67.124.115.35 (8084) -> 56.58.152.114(445), 1 packet

A. Login IP address

B. Destination IP address

C. None of the above

D. Source IP address

正解：B 解答を投票する

出題：2

Robert needs to copy an OS disk snapshot of a compromised VM to a storage account in different region for further investigation.
Which of the following should he use in this scenario?

A. Azure Monitor

B. Azure CLI

C. Azure Active Directory

D. Azure Portal

正解：D 解答を投票する

出題：3

A cybersecurity investigator is analyzing a suspected dark web transaction involving illegal activities. However, the investigator struggles to find conclusive data due to Tor's onion routing and encryption. What is a specific feature of the Tor network that might help explain why the original source of this transaction is hard to trace?

A. Tor relay nodes are not publicly available, thereby preventing data origin identification

B. The exit relay of the Tor network is perceived to be the origin of the data by the destination server

C. The Tor network only includes the entry/guard relay, hence making the data origin untraceable

D. The Tor network uses the hidden service protocol, allowing users to host websites anonymously

正解：B 解答を投票する

出題：4

How do you define forensic computing?

A. It is a methodology of guidelines that deals with the process of cyber investigation

B. It is the science of capturing, processing, and investigating data security incidents and making it acceptable to a court of law.

C. It is the administrative and legal proceeding in the process of forensic investigation

D. It Is a preliminary and mandatory course necessary to pursue and understand fundamental principles of ethical hacking

正解：B 解答を投票する

出題：5

Who is responsible for the following tasks?
- Secure the scene and ensure that it is maintained In a secure state
until the Forensic Team advises
- Make notes about the scene that will eventually be handed over to the Forensic Team

A. Local managers or other non-forensic staff

B. Non-Laboratory Staff

C. System administrators

D. Lawyers

正解：B 解答を投票する

出題：6

Steve received a mail that seemed to have come from her bank. The mail has instructions for Steve to click on a link and provide information to avoid the suspension of her account. The link in the mail redirected her to a form asking for details such as name, phone number, date of birth, credit card number or PIN, CW code, SNNs, and email address. On a closer look, Steve realized that the URL of the form in not the same as that of her bank's. Identify the type of external attack performed by the attacker In the above scenario?

A. Espionage

B. Taiigating

C. Brute-force

D. Aphishing

正解：D 解答を投票する

出題：7

Which of the following statements is TRUE about SQL Server error logs?

A. SQL Server error logs record all the events occurred on the SQL Server and its databases

B. Forensic investigator uses SQL Server Profiler to view error log files

C. Error logs contain IP address of SQL Server client connections

D. Trace files record, user-defined events, and specific system events

正解：B 解答を投票する

出題：8

Why should you never power on a computer that you need to acquire digital evidence from?

A. When the computer boots up, data in the memory buffer is cleared which could destroy evidence

B. When the computer boots up, files are written to the computer rendering the data nclean

C. Powering on a computer has no affect when needing to acquire digital evidence from it

D. When the computer boots up, the system cache is cleared which could destroy evidence

正解：B 解答を投票する

出題：9

An organization just experienced a serious cybersecurity incident involving data theft. The first responder on the scene is anon-forensics staff member. Based on the guidelines provided, which of the following actions should they take as the first response to this incident?

A. They should launch a preliminary investigation into the breach before the forensics team arrives

B. They should power down the compromised systems to prevent further attacks

C. They should isolate the affected systems and document every detail relevant to the incident without tampering with them

D. They should start retrieving the stolen data from the compromised systems immediately to minimize further damage

正解：C 解答を投票する

出題：10

P0P3 (Post Office Protocol 3) is a standard protocol for receiving email that deletes mail on the server as soon as the user downloads it. When a message arrives, the POP3 server appends it to the bottom of the recipient's account file, which can be retrieved by the email client at any preferred time. Email client connects to the POP3 server at _______________by default to fetch emails.

A. Port 123

B. Port 110

C. Port 115

D. Port 109

正解：B 解答を投票する

出題：11

The need for computer forensics is highlighted by an exponential increase in the number of cybercrimes and litigations where large organizations were involved. Computer forensics plays an important role in tracking the cyber criminals. The main role of computer forensics is to:

A. Document monitoring processes of employees of the organization

B. Harden organization perimeter security

C. Maximize the investigative potential by maximizing the costs

D. Extract, process, and interpret the factual evidence so that it proves the attacker's actions in the court

正解：D 解答を投票する

出題：12

In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

A. one who has NTFS 4 or 5 partitions

B. one who has lots of allocation units per block or cluster

C. one who uses hard disk writes on IRQ 13 and 21

D. one who uses dynamic swap file capability

正解：B 解答を投票する

出題：13

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

A. ATM

B. BPG

C. UDP

D. OSPF

正解：D 解答を投票する

出題：14

Which command can provide the investigators with details of all the loaded modules on a Linux- based system?

A. list modules -a

B. lsmod

C. lsof -m

D. plist mod -a

正解：B 解答を投票する

出題：15

The Recycle Bin exists as a metaphor for throwing files away, but it also allows user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to the log file that exists in the Recycle Bin.
Which of the following files contains records that correspond to each deleted file in the Recycle Bin?

A. INFO1 file

B. INFO2 file

C. LOGINFO2 file

D. LOGINFO1 file

正解：B 解答を投票する

出題：16

Which of the following techniques delete the files permanently?

A. Steganography

B. Trail obfuscation

C. Data Hiding

D. Artifact Wiping

正解：D 解答を投票する

出題：17

The investigator wants to examine changes made to the system's registry by the suspect program. Which of the following tool can help the investigator?

A. Regshot

B. TRIPWIRE

C. What's Running

D. RAM Capturer

正解：A 解答を投票する

出題：18

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

A. fsutil

B. DevScan

C. Devcon

D. Reg.exe

正解：C 解答を投票する

312-49v11試験無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) 認定」