Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-49v10 - Computer Hacking Forensic Investigator (CHFI-v10)

ECCouncil 312-49v10 Premium Access     Download Demo    
Page: 3 / 15
Total 704 questions

The investigator wants to examine changes made to the system’s registry by the suspect program. Which of the following tool can help the investigator?

A.

TRIPWIRE

B.

RAM Capturer

C.

Regshot

D.

What’s Running

Watson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format. What type of evidence is this?

A.

Data from a CD copied using Windows

B.

Data from a CD copied using Mac-based system

C.

Data from a DVD copied using Windows system

D.

Data from a CD copied using Linux system

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

A.

Lossful compression

B.

Lossy compression

C.

Lossless compression

D.

Time-loss compression

How will you categorize a cybercrime that took place within a CSP’s cloud environment?

A.

Cloud as a Subject

B.

Cloud as a Tool

C.

Cloud as an Audit

D.

Cloud as an Object

How many times can data be written to a DVD+R disk?

A.

Twice

B.

Once

C.

Zero

D.

Infinite

What must an investigator do before disconnecting an iPod from any type of computer?

A.

Unmount the iPod

B.

Mount the iPod

C.

Disjoin the iPod

D.

Join the iPod

A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this?

A.

He should search in C:\Windows\System32\RECYCLED folder

B.

The Recycle Bin does not exist on the hard drive

C.

The files are hidden and he must use switch to view them

D.

Only FAT system contains RECYCLED folder and not NTFS

Which of the following techniques can be used to beat steganography?

A.

Encryption

B.

Steganalysis

C.

Decryption

D.

Cryptanalysis

Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?

A.

Typography

B.

Steganalysis

C.

Picture encoding

D.

Steganography

Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?

A.

Witness Authentication

B.

Direct Examination

C.

Expert Witness

D.

Cross Questioning

NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:

A.

FAT does not index files

B.

NTFS is a journaling file system

C.

NTFS has lower cluster size space

D.

FAT is an older and inefficient file system

Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?

A.

netstat – r

B.

netstat – ano

C.

netstat – b

D.

netstat – s

Which US law does the interstate or international transportation and receiving of child pornography fall under?

A.

§18. U.S.C. 1466A

B.

§18. U.S.C 252

C.

§18. U.S.C 146A

D.

§18. U.S.C 2252

What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?

A.

Fraggle

B.

Smurf scan

C.

SYN flood

D.

Teardrop

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

A.

Net sessions

B.

Net config

C.

Net share

D.

Net use