Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. ECCouncil
  4. CHFI
  5. 312-49v11 Discussions
  6. 312-49v11 Exam Topic 3 Question 23 Discussion

ECCouncil Computer Hacking Forensic Investigator (CHFIv11) 312-49v11 Question # 23 Topic 3 Discussion

 ECCouncil Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

ECCouncil Computer Hacking Forensic Investigator (CHFIv11) 312-49v11 Question # 23 Topic 3 Discussion

312-49v11 Exam Topic 3 Question 23 Discussion:
Question #: 23
Topic #: 3

As part of a corporate policy-violation inquiry at a creative agency in New York City, an examiner reviews artifacts within a user ' s ~/Library/Preferences/ directory to correlate activity surrounding suspicious file transfers. The examiner needs a user-specific plist that records application usage relevant to the time window under review. What artifact best supports this analysis?
A.

Application Support/

B.

com.apple.recentitems.plist

C.

com.apple.desktop.plist

D.

com.apple.dock.plist

Get Premium 312-49v11 Questions
Actual exam question for ECCouncil 312-49v11 exam by Blaise93212 at Apr 7, 2026, 9:00:52 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next