DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!

Prepare Strategically for the EC-Council 312-49 Exam with Practice Tests

SPOTO's EC-Council 312-49 practice questions are a valuable resource for candidates preparing for the EC-Council Computer Hacking Forensic Investigator (CHFI) exam. These practice tests offer a wide range of exam questions and answers that closely mirror the actual exam format. By regularly engaging with SPOTO's practice questions and mock exams, candidates can simulate exam conditions, identify weak areas, and improve their exam preparation. SPOTO also provides comprehensive study materials and exam resources to supplement the practice questions, ensuring candidates have all the tools they need to succeed. With SPOTO's effective exam preparation resources, candidates can confidently approach the CHFI exam and increase their chances of passing successfully, earning their EC-Council Computer Hacking Forensic Investigator certification.
Take other online exams
Question #1
Item 2If you come across a sheepdip machine at your client site, what would you infer?
A. sheepdip coordinates several honeypots
B. sheepdip computer is another name for a honeypot
C. sheepdip computer is used only for virus-checking
D. sheepdip computer defers a denial of service attack
View answer
Correct Answer: C
Question #2
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
A. ules of evidence
B. aw of probability
C. hain of custody
D. olicy of separation
View answer
Correct Answer: C
Question #3
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 28
B. 4
C. 2
D. 6
View answer
Correct Answer: C
Question #4
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
A. eb bug
B. GI code
C. rojan
D. lind bug
View answer
Correct Answer: A
Question #5
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
A. :1000, 150
B. :1709, 150
C. :1709, 150
D. :1709-1858
View answer
Correct Answer: B
Question #6
A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)03/15-20:21:24.107053 211.185.12
A. he attacker has conducted a network sweep on port 111
B. he attacker has scanned and exploited the system using Buffer Overflow
C. he attacker has used a Trojan on port 32773
D. he attacker has installed a backdoor
View answer
Correct Answer: A
Question #7
The newer Macintosh Operating System is based on:
A. S/2
B. SD Unix
C. inux
D. icrosoft Windows
View answer
Correct Answer: B
Question #8
Before you are called to testify as an expert, what must an attorney do first?
A. ngage in damage control
B. rove that the tools you used to conduct your examination are perfect
C. ead your curriculum vitae to the jury
D. ualify you as an expert witness
View answer
Correct Answer: D
Question #9
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer dat
A. reate a compressed copy of the file with DoubleSpace
B. reate a sparse data copy of a folder or file
C. ake a bit-stream disk-to-image file
D. ake a bit-stream disk-to-disk file
View answer
Correct Answer: C
Question #10
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
A. ast processor to help with network traffic analysis
B. hey must be dual-homed
C. imilar RAM requirements
D. ast network interface cards
View answer
Correct Answer: B
Question #11
Which of the following is an application that requires a host application for replication?
A. icro
B. orm
C. rojan
D. irus
View answer
Correct Answer: D
Question #12
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
A. aros Proxy
B. BProxy
C. BCrack
D. looover
View answer
Correct Answer: B
Question #13
Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
A. estore a random file
B. erform a full restore
C. ead the first 512 bytes of the tape
D. ead the last 512 bytes of the tape
View answer
Correct Answer: B
Question #14
Which of the following describes the characteristics of a Boot Sector Virus?
A. oves the MBR to another location on the RAM and copies itself to the original location of the MBR
B. oves the MBR to another location on the hard disk and copies itself to the original location of the MBR
C. odifies directory table entries so that directory entries point to the virus code instead of the actual program
D. verwrites the original MBR and only executes the new virus code
View answer
Correct Answer: B
Question #15
Which statement is TRUE regarding network firewalls preventing Web Application attacks?
A. etwork firewalls can prevent attacks because they can detect malicious HTTP traffic
B. etwork firewalls cannot prevent attacks because ports 80 and 443 must be opened
C. etwork firewalls can prevent attacks if they are properly configured
D. etwork firewalls cannot prevent attacks because they are too complex to configure
View answer
Correct Answer: B
Question #16
Which of the following programs is usually targeted at Microsoft Office products?
A. olymorphic virus
B. ultipart virus
C. acro virus
D. tealth virus
View answer
Correct Answer: C
Question #17
Bluetooth uses which digital modulation technique to exchange information between paired devices?
A. SK (phase-shift keying)
B. SK (frequency-shift keying)
C. SK (amplitude-shift keying)
D. AM (quadrature amplitude modulation)
View answer
Correct Answer: A
Question #18
In order to show improvement of security over time, what must be developed?
A. eports
B. esting tools
C. etrics
D. axonomy of vulnerabilities
View answer
Correct Answer: C
Question #19
Passive reconnaissance involves collecting information through which of the following?
A. ocial engineering
B. etwork traffic sniffing
C. an in the middle attacks
D. ublicly accessible sources
View answer
Correct Answer: D
Question #20
While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What We
A. lickjacking
B. ross-Site Scripting
C. ross-Site Request Forgery
D. eb form input validation
View answer
Correct Answer: C
Question #21
Which service in a PKI will vouch for the identity of an individual or company?
A. DC
B. R
C. BC
D. A
View answer
Correct Answer: D
Question #22
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
A. DAP Injection attack
B. ross-Site Scripting (XSS)
C. QL injection attack
D. ross-Site Request Forgery (CSRF)
View answer
Correct Answer: B
Question #23
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?
A. pplication
B. ransport
C. ession
D. resentation
View answer
Correct Answer: D
Question #24
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
A. he WAP does not recognize the client's MAC address
B. he client cannot see the SSID of the wireless network
C. lient is configured for the wrong channel
D. he wireless client is not configured to use DHCP
View answer
Correct Answer: A
Question #25
If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use?
A. r
B. F
C. P
D. sP
View answer
Correct Answer: B
Question #26
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
A. OA
B. iometrics
C. ingle sign on
D. KI
View answer
Correct Answer: D
Question #27
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She
A. ocial engineering
B. iggybacking
C. ailgating
D. avesdropping
View answer
Correct Answer: A
Question #28
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
A. raceroute
B. ping
C. CP ping
D. roadcast ping
View answer
Correct Answer: B
Question #29
Which is the first step followed by Vulnerability Scanners for scanning a network?
A. S Detection
B. irewall detection
C. CP/UDP Port scanning
D. hecking if the remote host is alive
View answer
Correct Answer: D
Question #30
In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56?bits. Which is this encryption algorithm?
A. DEA
B. riple Data Encryption Standard
C. ES
D. D5 encryption algorithm
View answer
Correct Answer: B
Question #31
John is investigating web-application firewall logs and observers that someone is attempting to inject the following:What type of attack is this?
A. QL injection
B. uffer overflow
C. SRF
D. SS
View answer
Correct Answer: B
Question #32
John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization.Which of the following attack techniques is used by John?
A. nsider threat
B. iversion theft
C. pear-phishing sites
D. dvanced persistent threat
View answer
Correct Answer: D
Question #33
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
A. map -A - Pn
B. map -sP -p-65535 -T5
C. map -sT -O -T0
D. map -A --host-timeout 99 -T1
View answer
Correct Answer: C
Question #34
This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve.Which is this wireless security protocol?
A. PA3-Personal
B. PA3-Enterprise
C. PA2-Enterprise
D. PA2-Personal
View answer
Correct Answer: B
Question #35
What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?
A. ttpd
B. dministration
C. hp
D. dq
View answer
Correct Answer: C
Question #36
Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. He further exp
A. owelroot
B. native
C. ANTI
D. luto
View answer
Correct Answer: D
Question #37
Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords.Which of the following tools would not be useful for cracking the hashed passwords?
A. ashcat
B. ohn the Ripper
C. HC-Hydra
D. etcat
View answer
Correct Answer: B
Question #38
Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a specified target URL?
A. inurl:]
B. info:]
C. site:]
D. related:]
View answer
Correct Answer: D
Question #39
You are a penetration tester working to test the user awareness of the employees of the client XYZ. You harvested two employees’ emails from some public sources and are creating a client-side backdoor to send it to the employees via email.Which stage of the cyber kill chain are you at?
A. econnaissance
B. eaponization
C. ommand and control
D. xploitation
View answer
Correct Answer: D
Question #40
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
A. itle 18, Section 1030
B. itle 18, Section 2703(d)
C. itle 18, Section Chapter 90
D. itle 18, Section 2703(f)
View answer
Correct Answer: D
Question #41
Item 2If you come across a sheepdip machine at your client site, what would you infer?
A. sheepdip coordinates several honeypots
B. sheepdip computer is another name for a honeypot
C. sheepdip computer is used only for virus-checking
D. sheepdip computer defers a denial of service attack
View answer
Correct Answer: C
Question #42
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
A. ules of evidence
B. aw of probability
C. hain of custody
D. olicy of separation
View answer
Correct Answer: C
Question #43
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 28
B. 4
C. 2
D. 6
View answer
Correct Answer: C
Question #44
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
A. eb bug
B. GI code
C. rojan
D. lind bug
View answer
Correct Answer: A
Question #45
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
A. :1000, 150
B. :1709, 150
C. :1709, 150
D. :1709-1858
View answer
Correct Answer: B
Question #46
A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)03/15-20:21:24.107053 211.185.12
A. he attacker has conducted a network sweep on port 111
B. he attacker has scanned and exploited the system using Buffer Overflow
C. he attacker has used a Trojan on port 32773
D. he attacker has installed a backdoor
View answer
Correct Answer: A
Question #47
The newer Macintosh Operating System is based on:
A. S/2
B. SD Unix
C. inux
D. icrosoft Windows
View answer
Correct Answer: B
Question #48
Before you are called to testify as an expert, what must an attorney do first?
A. ngage in damage control
B. rove that the tools you used to conduct your examination are perfect
C. ead your curriculum vitae to the jury
D. ualify you as an expert witness
View answer
Correct Answer: D
Question #49
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer dat
A. reate a compressed copy of the file with DoubleSpace
B. reate a sparse data copy of a folder or file
C. ake a bit-stream disk-to-image file
D. ake a bit-stream disk-to-disk file
View answer
Correct Answer: C
Question #50
What is the First Step required in preparing a computer for forensics investigation?
A. o not turn the computer off or on, run any programs, or attempt to access data on a computer
B. ecure any relevant media
C. uspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
D. dentify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination
View answer
Correct Answer: A
Question #51
Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident.
A. rue
B. alse
View answer
Correct Answer: A
Question #52
Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?
A. et sessions
B. et file
C. etconfig
D. et share
View answer
Correct Answer: B
Question #53
The Recycle Bin exists as a metaphor for throwing files away, but it also allows user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to the log file that exists in the Recycle Bin.Which of the following files contains records that correspond to each deleted file in the Recycle Bin?
A. NFO2 file
B. NFO1 file
C. OGINFO2 file
D. OGINFO1 file
View answer
Correct Answer: A
Question #54
An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?
A. everse Social Engineering
B. ailgating
C. iggybacking
D. nnounced
View answer
Correct Answer: B
Question #55
Which of the following is the best countermeasure to encrypting ransomwares?
A. se multiple antivirus softwares
B. eep some generation of off-line backup
C. nalyze the ransomware to get decryption key of encrypted data
D. ay a ransom
View answer
Correct Answer: B
Question #56
If an attacker uses the command SELECT*FROM user WHERE name = "?x' AND userid IS NULL; --"?; which type of SQL injection attack is the attacker performing?
A. nd of Line Comment
B. NION SQL Injection
C. llegal/Logically Incorrect Query
D. autology
View answer
Correct Answer: A
Question #57
Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?
A. ull Disk encryption
B. IOS password
C. idden folders
D. assword protected files
View answer
Correct Answer: A
Question #58
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", that the user is directed to a phishing site.Which file does the attacker need to modify?
A. oot
B. udoers
C. etworks
D. osts
View answer
Correct Answer: D
Question #59
Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?
A. roduces less false positives
B. an identify unknown attacks
C. equires vendor updates for a new threat
D. annot deal with encrypted network traffic
View answer
Correct Answer: B
Question #60
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.Which command would you use?
A. :\gpedit
B. :\compmgmt
C. :\ncpa
D. :\services
View answer
Correct Answer: B
Question #61
Which of the following act requires employer's standard national numbers to identify them on standard transactions?
A. OX
B. IPAA
C. MCA
D. CI-DSS
View answer
Correct Answer: B
Question #62
In Wireshark, the packet bytes panes show the data of the current packet in which format?
A. ecimal
B. SCII only
C. inary
D. exadecimal
View answer
Correct Answer: D
Question #63
_________ is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.
A. NSSEC
B. esource records
C. esource transfer
D. one transfer
View answer
Correct Answer: A
Question #64
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
A. ast processor to help with network traffic analysis
B. hey must be dual-homed
C. imilar RAM requirements
D. ast network interface cards
View answer
Correct Answer: B
Question #65
Which of the following is an application that requires a host application for replication?
A. icro
B. orm
C. rojan
D. irus
View answer
Correct Answer: D
Question #66
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
A. aros Proxy
B. BProxy
C. BCrack
D. looover
View answer
Correct Answer: B
Question #67
Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
A. estore a random file
B. erform a full restore
C. ead the first 512 bytes of the tape
D. ead the last 512 bytes of the tape
View answer
Correct Answer: B
Question #68
Which of the following describes the characteristics of a Boot Sector Virus?
A. oves the MBR to another location on the RAM and copies itself to the original location of the MBR
B. oves the MBR to another location on the hard disk and copies itself to the original location of the MBR
C. odifies directory table entries so that directory entries point to the virus code instead of the actual program
D. verwrites the original MBR and only executes the new virus code
View answer
Correct Answer: B
Question #69
Which statement is TRUE regarding network firewalls preventing Web Application attacks?
A. etwork firewalls can prevent attacks because they can detect malicious HTTP traffic
B. etwork firewalls cannot prevent attacks because ports 80 and 443 must be opened
C. etwork firewalls can prevent attacks if they are properly configured
D. etwork firewalls cannot prevent attacks because they are too complex to configure
View answer
Correct Answer: B
Question #70
Which of the following programs is usually targeted at Microsoft Office products?
A. olymorphic virus
B. ultipart virus
C. acro virus
D. tealth virus
View answer
Correct Answer: C
Question #71
Bluetooth uses which digital modulation technique to exchange information between paired devices?
A. SK (phase-shift keying)
B. SK (frequency-shift keying)
C. SK (amplitude-shift keying)
D. AM (quadrature amplitude modulation)
View answer
Correct Answer: A
Question #72
In order to show improvement of security over time, what must be developed?
A. eports
B. esting tools
C. etrics
D. axonomy of vulnerabilities
View answer
Correct Answer: C
Question #73
Passive reconnaissance involves collecting information through which of the following?
A. ocial engineering
B. etwork traffic sniffing
C. an in the middle attacks
D. ublicly accessible sources
View answer
Correct Answer: D
Question #74
Deposition enables opposing counsel to preview an expert witness's testimony at trial.Which of the following deposition is not a standard practice?
A. Both attorneys are present
B. Only one attorneys is present
C. No jury or judge
D. Opposing counsel asks questions
View answer
Correct Answer: B
Question #75
If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?
A. 4 Sectors
B. 5 Sectors
C. 6 Sectors
D. 7 Sectors
View answer
Correct Answer: C
Question #76
Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.
A. True
B. False
View answer
Correct Answer: A
Question #77
During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible
A. True
B. False
View answer
Correct Answer: A
Question #78
Which one of the following is not a consideration in a forensic readiness planning checklist?
A. Define the business states that need digital evidence
B. Identify the potential evidence available
C. Decide the procedure for securely collecting the evidence that meets the requirement fn a forensically sound manner
D. Take permission from all employees of the organization
View answer
Correct Answer: D
Question #79
When collecting electronic evidence at the crime scene, the collection should proceed from the most volatile to the least volatile
A. True
B. False
View answer
Correct Answer: A
Question #80
What is a chain of custody?
A. A legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory
B. It is a search warrant that is required for seizing evidence at a crime scene
C. It Is a document that lists chain of windows process events
D. Chain of custody refers to obtaining preemptive court order to restrict further damage of evidence in electronic seizures
View answer
Correct Answer: A
Question #81
Data is striped at a byte level across multiple drives and parity information is distributed among all member drives.What RAID level is represented here?
A. RAID Level0
B. RAID Level 1
C. RAID Level 3
D. RAID Level 5
View answer
Correct Answer: D
Question #82
Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details of the incident and should be clear to understand. Which of the following attributes of a forensics report can render it inadmissible in a court of law?
A. It includes metadata about the incident
B. It includes relevant extracts referred to In the report that support analysis or conclusions
C. It is based on logical assumptions about the incident timeline
D. It maintains a single document style throughout the text
View answer
Correct Answer: C
Question #83
Email spoofing refers to:
A. The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source
B. The criminal act of sending an illegitimate email, falsely claiming to be from a legitimate site in an attempt to acquire the user's personal or account information
C. Sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address Is hosted to cause a denial-of-service attack
D. A sudden spike of "Reply All" messages on an email distribution list, caused by one misdirected message
View answer
Correct Answer: A
Question #84
Volatile information can be easily modified or lost when the system is shut down or rebooted. It helps to determine a logical timeline of the security incident and the users who would be responsible.
A. True
B. False
View answer
Correct Answer: A
Question #85
A steganographic file system is a method to store the files in a way that encrypts and hides the data without the knowledge of others
A. True
B. False
View answer
Correct Answer: A
Question #86
Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?
A. Wireless router
B. Wireless modem
C. Antenna
D. Mobile station
View answer
Correct Answer: A
Question #87
Data Acquisition is the process of imaging or otherwise obtaining information from a digital device and its peripheral equipment and media
A. True
B. False
View answer
Correct Answer: A
Question #88
LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.
A. Sequential number
B. Index number
C. Operating system number
D. Sector number
View answer
Correct Answer: A
Question #89
File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?
A. The last letter of a file name is replaced by a hex byte code E5h
B. The operating system marks the file's name in the MFT with a special character that indicates that the file has been deleted
C. Corresponding clusters in FAT are marked as used
D. The computer looks at the clusters occupied by that file and does not avails space to store a new file
View answer
Correct Answer: B
Question #90
Networks are vulnerable to an attack which occurs due to overextension of bandwidth, bottlenecks, network data interception, etc.Which of the following network attacks refers to a process in which an attacker changes his or her IP address so that he or she appears to be someone else?
A. IP address spoofing
B. Man-in-the-middle attack
C. Denial of Service attack
D. Session sniffing
View answer
Correct Answer: A
Question #91
The evolution of web services and their increasing use in business offers new attack vectors in an application framework. Web services are based on XML protocols such as web Services Definition Language (WSDL) for describing the connection points, UniversalDescription, Discovery, and Integration (UDDI) for the description and discovery of Web services and Simple Object Access Protocol (SOAP) for communication between Web services that are vulnerable to various web application threats. Which of the following
A. Presentation Layer
B. Security Layer
C. Discovery Layer
D. Access Layer
View answer
Correct Answer: C
Question #92
The ARP table of a router comes in handy for Investigating network attacks, as the table contains IP addresses associated with the respective MAC addresses.The ARP table can be accessed using the __________command in Windows 7.
A. C:\arp -a
B. C:\arp -d
C. C:\arp -s
D. C:\arp -b
View answer
Correct Answer: A
Question #93
What document does the screenshot represent?
A. Chain of custody form
B. Search warrant form
C. Evidence collection form
D. Expert witness form
View answer
Correct Answer: A
Question #94
Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd.Identify the attack referred.
A. Directory traversal
B. SQL Injection
C. XSS attack
D. File injection
View answer
Correct Answer: A
Question #95
What is a SCSI (Small Computer System Interface)?
A. A set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drives
B. A standard electronic interface used between a computer motherboard's data paths or bus and the computer's disk storage devices
C. A "plug-and-play" interface, which allows a device to be added without an adapter card and without rebooting the computer
D. A point-to-point serial bi-directional interface for transmitting data between computer devices at data rates of up to 4 Gbps
View answer
Correct Answer: A
Question #96
Billy, a computer forensics expert, has recovered a large number of DBX files during forensic investigation of a laptop. Which of the following email clients he can use to analyze the DBX files?
A. Microsoft Outlook
B. Microsoft Outlook Express
C. Mozilla Thunderoird
D. Eudora
View answer
Correct Answer: B
Question #97
Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?
A. 18 USC 7029
B. 18 USC 7030
C. 18 USC 7361
D. 18 USC 7371
View answer
Correct Answer: B
Question #98
What is a bit-stream copy?
A. Bit-Stream Copy is a bit-by-bit copy of the original storage medium and exact copy of the original disk
B. A bit-stream image is the file that contains the NTFS files and folders of all the data on a disk or partition
C. A bit-stream image is the file that contains the FAT32 files and folders of all the data on a disk or partition
D. Creating a bit-stream image transfers only non-deleted files from the original disk to the image disk
View answer
Correct Answer: A
Question #99
Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident.
A. True
B. False
View answer
Correct Answer: A
Question #100
According to US federal rules, to present a testimony in a court of law, an expert witness needs to furnish certain information to prove his eligibility. Jason, a qualified computer forensic expert who has started practicing two years back, was denied an expert testimony in a computer crime case by the US Court of Appeals for the Fourth Circuit in Richmond,Virginia. Considering the US federal rules, what could be the most appropriate reason for the court to reject Jason's eligibility as an expert witness?
A. Jason was unable to furnish documents showing four years of previous experience in the field
B. Being a computer forensic expert, Jason is not eligible to present testimony in a computer crime case
C. Jason was unable to furnish documents to prove that he is a computer forensic expert
D. Jason was not aware of legal issues involved with computer crimes
View answer
Correct Answer: A
Question #101
Syslog is a client/server protocol standard for forwarding log messages across an IP network. Syslog uses ___________to transfer log messages in a clear text format.
A. TCP
B. FTP
C. SMTP
D. POP
View answer
Correct Answer: A
Question #102
Which of the following statements is incorrect when preserving digital evidence?
A. Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
B. Verily if the monitor is in on, off, or in sleep mode
C. Remove the power cable depending on the power state of the computer i
D. Turn on the computer and extract Windows event viewer log files
View answer
Correct Answer: D
Question #103
An Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Which of the following statement is true for NTP Stratum Levels?
A. Stratum-0 servers are used on the network; they are not directly connected to computers which then operate as stratum-1 servers
B. Stratum-1 time server is linked over a network path to a reliable source of UTC time such as GPS, WWV, or CDMA transmissions
C. A stratum-2 server is directly linked (not over a network path) to a reliable source of UTC time such as GPS, WWV, or CDMA transmissions
D. A stratum-3 server gets its time over a network link, via NTP, from a stratum-2 server, and so on
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.