Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-49v10 - Computer Hacking Forensic Investigator (CHFI-v10)

ECCouncil 312-49v10 Premium Access     Download Demo    
Page: 5 / 15
Total 704 questions

Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

A.

Cross Examination

B.

Direct Examination

C.

Indirect Examination

D.

Witness Examination

While collecting Active Transaction Logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, assigning NULL values implies?

A.

Start and end points for log sequence numbers are specified

B.

Start and end points for log files are not specified

C.

Start and end points for log files are specified

D.

Start and end points for log sequence numbers are not specified

What is cold boot (hard boot)?

A.

It is the process of restarting a computer that is already in sleep mode

B.

It is the process of shutting down a computer from a powered-on or on state

C.

It is the process of restarting a computer that is already turned on through the operating system

D.

It is the process of starting a computer from a powered-down or off state

As part of extracting the system data, Jenifer has used the netstat command. What does this tool reveal?

A.

Status of users connected to the internet

B.

Net status of computer usage

C.

Information about network connections

D.

Status of network hardware

Lynne receives the following email:

Dear lynne@gmail.com! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11/10 20:40:24

You have 24 hours to fix this problem or risk to be closed permanently!

To proceed Please Connect >> My Apple ID

Thank You The link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/

What type of attack is this?

A.

Mail Bombing

B.

Phishing

C.

Email Spamming

D.

Email Spoofing

What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?

A.

AA55

B.

00AA

C.

AA00

D.

A100

Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?

A.

Civil Investigation

B.

Administrative Investigation

C.

Both Civil and Criminal Investigations

D.

Criminal Investigation

Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?

A.

ISO 9660

B.

ISO/IEC 13940

C.

ISO 9060

D.

IEC 3490

Which of the following Linux command searches through the current processes and lists the process IDs those match the selection criteria to stdout?

A.

pstree

B.

pgrep

C.

ps

D.

grep

In Linux OS, different log files hold different information, which help the investigators to analyze various issues during a security incident. What information can the investigators obtain from the log file

var/log/dmesg?

A.

Kernel ring buffer information

B.

All mail server message logs

C.

Global system messages

D.

Debugging log messages

During an investigation of an XSS attack, the investigator comes across the term “[a-zA-Z0-9\%]+” in analyzed evidence details. What is the expression used for?

A.

Checks for upper and lower-case alphanumeric string inside the tag, or its hex representation

B.

Checks for forward slash used in HTML closing tags, its hex or double-encoded hex equivalent

C.

Checks for opening angle bracket, its hex or double-encoded hex equivalent

D.

Checks for closing angle bracket, hex or double-encoded hex equivalent

Which among the following U.S. laws requires financial institutions—companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance—to protect their customers’ information against security threats?

A.

SOX

B.

HIPAA

C.

GLBA

D.

FISMA

Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?

A.

Model.log

B.

Model.txt

C.

Model.ldf

D.

Model.lgf

Which among the following search warrants allows the first responder to search and seize the victim’s computer components such as hardware, software, storage devices, and documentation?

A.

John Doe Search Warrant

B.

Citizen Informant Search Warrant

C.

Electronic Storage Device Search Warrant

D.

Service Provider Search Warrant

An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: Disk&Ven_Best_Buy&Prod_Geek_Squad_U3&Rev_6.15. What does the “Geek_Squad” part represent?

A.

Product description

B.

Manufacturer Details

C.

Developer description

D.

Software or OS used