1. Home
  2. ECCouncil
  3. CHFIv9
  4. 312-49v9
  5. ECCouncil Computer Hacking Forensic Investigator (V9) Questions and Answers

Pass the ECCouncil CHFIv9 312-49v9 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 7 out of 12 pages
Viewing questions 91-105 out of questions
Questions # 91:

In Steganalysis, which of the following describes a Known-stego attack?

Options:
A.

The hidden message and the corresponding stego-image are known

B.

During the communication process, active attackers can change cover

C.

Original and stego-object are available and the steganography algorithm is known

D.

Only the steganography medium is available for analysis

Expert Solution
Questions # 92:

Ivanovich, a forensics investigator, is trying to extract complete information about running processes from a system. Where should he look apart from the RAM and virtual memory?

Options:
A.

Swap space

B.

Application data

C.

Files and documents

D.

Slack space

Expert Solution
Questions # 93:

Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server’s root directory?

Options:
A.

Parameter/form tampering

B.

Unvalidated input

C.

Directory traversal

D.

Security misconfiguration

Expert Solution
Questions # 94:

While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

Options:
A.

The files have been marked as hidden

B.

The files have been marked for deletion

C.

The files are corrupt and cannot be recovered

D.

The files have been marked as read-only

Expert Solution
Questions # 95:

An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?

Options:
A.

Postmortem Analysis

B.

Real-Time Analysis

C.

Packet Analysis

D.

Malware Analysis

Expert Solution
Questions # 96:

Which of the following techniques can be used to beat steganography?

Options:
A.

Encryption

B.

Steganalysis

C.

Decryption

D.

Cryptanalysis

Expert Solution
Questions # 97:

Which of the following tool enables a user to reset his/her lost admin password in a Windows system?

Options:
A.

Advanced Office Password Recovery

B.

Active@ Password Changer

C.

Smartkey Password Recovery Bundle Standard

D.

Passware Kit Forensic

Expert Solution
Questions # 98:

Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?

Options:
A.

netstat – r

B.

netstat – ano

C.

netstat – b

D.

netstat – s

Expert Solution
Questions # 99:

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

Options:
A.

Net sessions

B.

Net config

C.

Net share

D.

Net use

Expert Solution
Questions # 100:

Julie is a college student majoring in Information Systems and Computer Science. She is currently writing an essay for her computer crimes class. Julie paper focuses on white-collar crimes in America and how forensics investigators investigate the cases. Julie would like to focus the subject. Julie would like to focus the subject of the essay on the most common type of crime found in corporate America. What crime should Julie focus on?

Options:
A.

Physical theft

B.

Copyright infringement

C.

Industrial espionage

D.

Denial of Service attacks

Expert Solution
Questions # 101:

Which of the following technique creates a replica of an evidence media?

Options:
A.

Data Extraction

B.

Backup

C.

Bit Stream Imaging

D.

Data Deduplication

Expert Solution
Questions # 102:

What type of attack sends SYN requests to a target system with spoofed IP addresses?

Options:
A.

SYN flood

B.

Ping of death

C.

Cross site scripting

D.

Land

Expert Solution
Questions # 103:

Which MySQL log file contains information on server start and stop?

Options:
A.

Slow query log file

B.

General query log file

C.

Binary log

D.

Error log file

Expert Solution
Questions # 104:

What does the part of the log, “% SEC-6-IPACCESSLOGP”, extracted from a Cisco router represent?

Options:
A.

The system was not able to process the packet because there was not enough room for all of the desired IP header options

B.

Immediate action required messages

C.

Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available

D.

A packet matching the log criteria for the given access list has been detected (TCP or UDP)

Expert Solution
Questions # 105:

Which of the following is an iOS Jailbreaking tool?

Options:
A.

Kingo Android ROOT

B.

Towelroot

C.

One Click Root

D.

Redsn0w

Expert Solution
Viewing page 7 out of 12 pages
Viewing questions 91-105 out of questions