1. Home
  2. ECCouncil
  3. CHFI v10
  4. 312-49v10
  5. Computer Hacking Forensic Investigator (CHFI-v10) Questions and Answers

Pass the ECCouncil CHFI v10 312-49v10 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 15 pages
Viewing questions 1-15 out of questions
Questions # 1:

Which of these Windows utility help you to repair logical file system errors?

Options:
A.

Resource Monitor

B.

Disk cleanup

C.

Disk defragmenter

D.

CHKDSK

Expert Solution
Questions # 2:

Checkpoint Firewall logs can be viewed through a Check Point Log viewer that uses icons and colors in the log table to represent different security events and their severity. What does the icon in the checkpoint logs represent?

Options:
A.

The firewall rejected a connection

B.

A virus was detected in an email

C.

The firewall dropped a connection

D.

An email was marked as potential spam

Expert Solution
Questions # 3:

Which of the following statements is TRUE with respect to the Registry settings in the user start-up folder HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\.

Options:
A.

All the values in this subkey run when specific user logs on, as this setting is user-specific

B.

The string specified in the value run executes when user logs on

C.

All the values in this key are executed at system start-up

D.

All values in this subkey run when specific user logs on and then the values are deleted

Expert Solution
Questions # 4:

What does the Rule 101 of Federal Rules of Evidence states?

Options:
A.

Scope of the Rules, where they can be applied

B.

Purpose of the Rules

C.

Limited Admissibility of the Evidence

D.

Rulings on Evidence

Expert Solution
Questions # 5:

UEFI is a specification that defines a software interface between an OS and platform firmware. Where does this interface store information about files present on a disk?

Options:
A.

BIOS-MBR

B.

GUID Partition Table (GPT)

C.

Master Boot Record (MBR)

D.

BIOS Parameter Block

Expert Solution
Questions # 6:

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?

Options:
A.

Both pharming and phishing attacks are purely technical and are not considered forms of social engineering

B.

In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name

C.

In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name

D.

Both pharming and phishing attacks are identical

Expert Solution
Questions # 7:

Which of the following statements is incorrect when preserving digital evidence?

Options:
A.

Verify if the monitor is in on, off, or in sleep mode

B.

Turn on the computer and extract Windows event viewer log files

C.

Remove the plug from the power router or modem

D.

Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals

Expert Solution
Questions # 8:

Which of the following attack uses HTML tags like <script></script>?

Options:
A.

Phishing

B.

XSS attack

C.

SQL injection

D.

Spam

Expert Solution
Questions # 9:

Andie, a network administrator, suspects unusual network services running on a windows system. Which of the following commands should he use to verify unusual network services started on a Windows system?

Options:
A.

net serv

B.

netmgr

C.

lusrmgr

D.

net start

Expert Solution
Questions # 10:

You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which among the following MySQL Utilities allow you to do so?

Options:
A.

mysqldump

B.

myisamaccess

C.

myisamlog

D.

myisamchk

Expert Solution
Questions # 11:

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network.

Options:
A.

48-bit address

B.

24-bit address

C.

16-bit address

D.

32-bit address

Expert Solution
Questions # 12:

Consider that you are investigating a machine running an Windows OS released prior to Windows Vista. You are trying to gather information about the deleted files by examining the master database file named INFO2 located at C:\Recycler\\. You read an entry named "Dd5.exe". What does Dd5.exe mean?

Options:
A.

D drive. fifth file deleted, a .exe file

B.

D drive, fourth file restored, a .exe file

C.

D drive, fourth file deleted, a .exe file

D.

D drive, sixth file deleted, a .exe file

Expert Solution
Questions # 13:

A section of your forensics lab houses several electrical and electronic equipment. Which type of fire extinguisher you must install in this area to contain any fire incident?

Options:
A.

Class B

B.

Class D

C.

Class C

D.

Class A

Expert Solution
Questions # 14:

Which of these ISO standards define the file system for optical storage media, such as CD-ROM and DVD-ROM?

Options:
A.

ISO 9660

B.

ISO 13346

C.

ISO 9960

D.

ISO 13490

Expert Solution
Questions # 15:

What document does the screenshot represent?

Question # 15

Options:
A.

Expert witness form

B.

Search warrant form

C.

Chain of custody form

D.

Evidence collection form

Expert Solution
Viewing page 1 out of 15 pages
Viewing questions 1-15 out of questions