1. Home
  2. ECCouncil
  3. CHFIv9
  4. 312-49v9
  5. ECCouncil Computer Hacking Forensic Investigator (V9) Questions and Answers

Pass the ECCouncil CHFIv9 312-49v9 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 10 out of 12 pages
Viewing questions 136-150 out of questions
Questions # 136:

What does the bytes 0x0B-0x53 represent in the boot sector of NTFS volume on Windows 2000?

Options:
A.

Jump instruction and the OEM ID

B.

BIOS Parameter Block (BPB) and the OEM ID

C.

BIOS Parameter Block (BPB) and the extended BPB

D.

Bootstrap code and the end of the sector marker

Expert Solution
Questions # 137:

Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?

Options:
A.

Civil Investigation

B.

Administrative Investigation

C.

Both Civil and Criminal Investigations

D.

Criminal Investigation

Expert Solution
Questions # 138:

Raw data acquisition format creates _________ of a data set or suspect drive.

Options:
A.

Segmented image files

B.

Simple sequential flat files

C.

Compressed image files

D.

Segmented files

Expert Solution
Questions # 139:

Which of the following does not describe the type of data density on a hard disk?

Options:
A.

Volume density

B.

Track density

C.

Linear or recording density

D.

Areal density

Expert Solution
Questions # 140:

During an investigation of an XSS attack, the investigator comes across the term “[a-zA-Z0-9\%]+” in analyzed evidence details. What is the expression used for?

Options:
A.

Checks for upper and lower-case alphanumeric string inside the tag, or its hex representation

B.

Checks for forward slash used in HTML closing tags, its hex or double-encoded hex equivalent

C.

Checks for opening angle bracket, its hex or double-encoded hex equivalent

D.

Checks for closing angle bracket, hex or double-encoded hex equivalent

Expert Solution
Questions # 141:

For what purpose do the investigators use tools like iPhoneBrowser, iFunBox, OpenSSHSSH, and iMazing?

Options:
A.

Bypassing iPhone passcode

B.

Debugging iPhone

C.

Rooting iPhone

D.

Copying contents of iPhone

Expert Solution
Questions # 142:

Which of the following web browser uses the Extensible Storage Engine (ESE) database format to store browsing records, including history, cache, and cookies?

Options:
A.

Safari

B.

Mozilla Firefox

C.

Microsoft Edge

D.

Google Chrome

Expert Solution
Questions # 143:

Rusty, a computer forensics apprentice, uses the command nbtstat –c while analyzing the network information in a suspect system. What information is he looking for?

Options:
A.

Contents of the network routing table

B.

Status of the network carrier

C.

Contents of the NetBIOS name cache

D.

Network connections

Expert Solution
Questions # 144:

Which of the following statements is true regarding SMTP Server?

Options:
A.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her designation before passing it to the DNS Server

B.

SMTP Server breaks the recipient's address into Recipient’s name and recipient’s address before passing it to the DNS Server

C.

SMTP Server breaks the recipient’s address into Recipient’s name and domain name before passing it to the DNS Server

D.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her initial before passing it to the DNS Server

Expert Solution
Questions # 145:

In which implementation of RAID will the image of a Hardware RAID volume be different from the image taken separately from the disks?

Options:
A.

RAID 1

B.

The images will always be identical because data is mirrored for redundancy

C.

RAID 0

D.

It will always be different

Expert Solution
Questions # 146:

What is an investigator looking for in the rp.log file stored in a system running on Windows 10 operating system?

Options:
A.

Restore point interval

B.

Automatically created restore points

C.

System CheckPoints required for restoring

D.

Restore point functions

Expert Solution
Questions # 147:

Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

Options:
A.

Cross Examination

B.

Direct Examination

C.

Indirect Examination

D.

Witness Examination

Expert Solution
Questions # 148:

Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID “WIN-ABCDE12345F.” Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?

Options:
A.

WIN-ABCDE12345F.err

B.

WIN-ABCDE12345F-bin.n

C.

WIN-ABCDE12345F.pid

D.

WIN-ABCDE12345F.log

Expert Solution
Questions # 149:

Which of the following is a responsibility of the first responder?

Options:
A.

Determine the severity of the incident

B.

Collect as much information about the incident as possible

C.

Share the collected information to determine the root cause

D.

Document the findings

Expert Solution
Questions # 150:

Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

Options:
A.

Physical block

B.

Operating system block

C.

Hard disk block

D.

Logical block

Expert Solution
Viewing page 10 out of 12 pages
Viewing questions 136-150 out of questions