312-49v11試験無料問題集（1006題）「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) 認定」

出題：1

Consider that you are investigating a machine running an Windows OS released prior to Windows VistA. You are trying to gather information about the deleted files by examining the master database file named INFO2 located at C:\Recycler\<USER SID>\. You read an entry named
"Dd5.exe". What does Dd5.exe mean?

A. D drive, fourth file restored, a .exe file

B. D drive, fourth file deleted, a .exe file

C. D drive, sixth file deleted, a .exe file

D. D drive. fifth file deleted, a .exe file

正解：A 解答を投票する

出題：2

You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use?

A. ACK flag scanning

B. IP Fragment Scanning

C. TCP Scanning

D. Inverse TCP flag scanning

正解：B 解答を投票する

出題：3

Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts?

A. It is a part of ANSI 346 forensics standard

B. Local law enforcement agencies compel them to wear latest gloves

C. All forensic teams should wear protective latex gloves which makes them look professional and cool

D. This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date

正解：D 解答を投票する

出題：4

Which tool does the investigator use to extract artifacts left by Google Drive on the system?

A. Dependency Walker

B. RegScanner

C. PEBrowse Professional

D. RAM Capturer

正解：D 解答を投票する

出題：5

A cybercriminal is attempting to remove evidence from a Windows computer. He deletes the file evldence1.doc. sending it to Windows Recycle Bin. The cybercriminal then empties the Recycle Bin. After having been removed from the Recycle Bin. What will happen to the data?

A. The data will be overwritten with zeroes

B. The data will become corrupted, making it unrecoverable

C. The data will be moved to new clusters in unallocated space

D. The data will remain in its original clusters until it is overwritten

正解：D 解答を投票する

出題：6

Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?

A. Net sessions

B. Net config

C. Net share

D. Net file

正解：D 解答を投票する

出題：7

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia.
Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities.
He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

A. Grill cipher

B. Visual cipher

C. Text semagram

D. Visual semagram

正解：D 解答を投票する

出題：8

Which password cracking technique uses every possible combination of character sets?

A. Brute force attack

B. Rainbow table attack

C. Dictionary attack

D. Rule-based attack

正解：A 解答を投票する

出題：9

Where does Encase search to recover NTFS files and folders?

A. MFT

B. MBR

C. HAL

D. Slack space

正解：A 解答を投票する

出題：10

BMP (Bitmap) is a standard file format for computers running the Windows operating system.
BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?

A. Header

B. Image data

C. The RGBQUAD array

D. Information header

正解：C 解答を投票する

出題：11

Which type of attack is possible when attackers know some credible information about the victim's password, such as the password length, algorithms involved, or the strings and characters used in its creation?

A. Rule-Based Attack

B. Dictionary Attack

C. Brute-Forcing Attack

D. Hybrid Password Guessing Attack

正解：A 解答を投票する

出題：12

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

A. Linux/Unix computers are constantly talking

B. Linux/Unix computers are easier to compromise

C. Windows computers are constantly talking

D. Windows computers will not respond to idle scans

正解：C 解答を投票する

出題：13

Which cloud model allows an investigator to acquire the instance of a virtual machine and initiate the forensics examination process?

A. SecaaS model

B. PaaS model

C. IaaS model

D. SaaS model

正解：C 解答を投票する

出題：14

What type of file is represented by a colon (:) with a name following it in the Master File Table (MFT) of an NTFS disk?

A. Compressed file

B. Reserved file

C. Data stream file

D. Encrypted file

正解：C 解答を投票する

出題：15

You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

A. Only the local law enforcement should use the tool

B. The tool hasn't been tested by the International Standards Organization (ISO)

C. The total has not been reviewed and accepted by your peers

D. You are not certified for using the tool

正解：C 解答を投票する

出題：16

Jacob, a cybercrime investigator, joined a forensics team to participate in a criminal case involving digital evidence. After the investigator collected all the evidence and presents it to the court, the judge dropped the case and the defense attorney pressed charges against Jacob and the rest of the forensics team for unlawful search and seizure.
What forensics privacy issue was not addressed prior to collecting the evidence?

A. None of these

B. Compliance with the Second Amendment of the U.S. Constitution

C. Compliance with the Fourth Amendment of the U.S. Constitution

D. Compliance with the Third Amendment of the U.S. Constitution

正解：C 解答を投票する

出題：17

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces. What could have prevented this information from being stolen from the laptops?

A. IPS Encryption

B. SDW Encryption

C. DFS Encryption

D. EFS Encryption

正解：D 解答を投票する

出題：18

A Computer Hacking Forensics Investigator (CHFI) is working on a case involving an encrypted file from a user profile that was deleted. The investigator knows that the file was encrypted using the Encrypted File System (EFS) on a Windows operating system. The system is still bootable, but the original user profile is gone, and the system administrator has reset the account password. What would be the most suitable tool to recover this EFS-encrypted file?

A. Shredlt, a disk wiping utility tool

B. Advanced EFS Data Recovery, a tool for decrypting protected files

C. VeraCrypt, a widely used tool in anti-forensics encryption

D. AnalyzeMFT, a tool for examining MACE times in NTFS file systems

正解：B 解答を投票する

312-49v11試験無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) 認定」