Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-49v10 - Computer Hacking Forensic Investigator (CHFI-v10)

ECCouncil 312-49v10 Premium Access     Download Demo    
Page: 11 / 15
Total 704 questions

What is the following command trying to accomplish?

A.

Verify that UDP port 445 is open for the 192.168.0.0 network

B.

Verify that TCP port 445 is open for the 192.168.0.0 network

C.

Verify that NETBIOS is running for the 192.168.0.0 network

D.

Verify that UDP port 445 is closed for the 192.168.0.0 network

What does the acronym POST mean as it relates to a PC?

A.

Primary Operations Short Test

B.

PowerOn Self Test

C.

Pre Operational Situation Test

D.

Primary Operating System Test

You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm’s employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?

A.

Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned

B.

Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment

C.

Inform the owner that conducting an investigation without a policy is a violation of the employee’s expectation of privacy

D.

Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies

George is a senior security analyst working for a state agency in Florida. His state's congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to implement an IDS as soon as possible before the first audit occurs. The state bill requires that an IDS with a "time-based induction machine" be used.

What IDS feature must George implement to meet this requirement?

A.

Signature-based anomaly detection

B.

Pattern matching

C.

Real-time anomaly detection

D.

Statistical-based anomaly detection

You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing designs from the company and selling them under a different brand name for a different company. What you discover during the course of the investigation is that the clothing designs are actually original products of the employee and the company has no policy against an employee selling his own designs on his own time. The only thing that you can find that the employee is doing wrong is that his clothing design incorporates the same graphic symbol as that of the company with only the wording in the graphic being different. What area of the law is the employee violating?

A.

trademark law

B.

copyright law

C.

printright law

D.

brandmark law

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

A.

digital attack

B.

denial of service

C.

physical attack

D.

ARP redirect

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

A.

Use a system that has a dynamic addressing on the network

B.

Use a system that is not directly interacting with the router

C.

Use it on a system in an external DMZ in front of the firewall

D.

It doesn't matter as all replies are faked

In Linux, what is the smallest possible shellcode?

A.

24 bytes

B.

8 bytes

C.

800 bytes

D.

80 bytes

To preserve digital evidence, an investigator should ____________________.

A.

Make two copies of each evidence item using a single imaging tool

B.

Make a single copy of each evidence item using an approved imaging tool

C.

Make two copies of each evidence item using different imaging tools

D.

Only store the original evidence item

Which of the following methods of mobile device data acquisition captures all the data present on the device, as well as all deleted data and access to unallocated space?

A.

Manual acquisition

B.

Logical acquisition

C.

Direct acquisition

D.

Physical acquisition

James, a forensics specialist, was tasked with investigating a Windows XP machine that was used for malicious online activities. During the Investigation, he recovered certain deleted files from Recycle Bin to Identify attack clues.

Identify the location of Recycle Bin in Windows XP system.

A.

Drive:\$Recycle.Bin\

B.

Iocal/sha re/Trash

C.

Drive:\RECYCLER\

D.

DriveARECYCLED

William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?

A.

The combined log format of Apache access log

B.

The common log format of Apache access log

C.

Apache error log

D.

IIS log

You are an information security analyst at a large pharmaceutical company. While performing a routine review of audit logs, you have noticed a significant amount of egress traffic to various IP addresses on destination port 22 during off-peak hours. You researched some of the IP addresses and found that many of them are in Eastern Europe. What is the most likely cause of this traffic?

A.

Malicious software on internal system is downloading research data from partner 5FTP servers in Eastern Europe

B.

Internal systems are downloading automatic Windows updates

C.

Data is being exfiltrated by an advanced persistent threat (APT)

D.

The organization's primary internal DNS server has been compromised and is performing DNS zone transfers to malicious external entities

Donald made an OS disk snapshot of a compromised Azure VM under a resource group being used by the affected company as a part of forensic analysis process. He then created a vhd file out of the snapshot and stored it in a file share and as a page blob as backup in a storage account under different region. What Is the next thing he should do as a security measure?

A.

Recommend changing the access policies followed by the company

B.

Delete the snapshot from the source resource group

C.

Delete the OS disk of the affected VM altogether

D.

Create another VM by using the snapshot

Adam Is thinking of establishing a hospital In the US and approaches John, a software developer to build a site and host it for him on one of the servers, which would be used to store patient health records. He has learned from his legal advisors that he needs to have the server's log data reviewed and managed according to certain standards and regulations. Which of the following regulations are the legal advisors referring to?

A.

Data Protection Act of 2018

B.

Payment Card Industry Data Security Standard (PCI DSS)

C.

Electronic Communications Privacy Act

D.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)