Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-49v10 - Computer Hacking Forensic Investigator (CHFI-v10)

ECCouncil 312-49v10 Premium Access     Download Demo    
Page: 6 / 15
Total 704 questions

Which of the following is a part of a Solid-State Drive (SSD)?

A.

Head

B.

Cylinder

C.

NAND-based flash memory

D.

Spindle

Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in ON condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner. Which of the following key combinations can he use to recover the IMEI number?

A.

#*06*#

B.

*#06#

C.

#06#*

D.

*IMEI#

What is the purpose of using Obfuscator in malware?

A.

Execute malicious code in the system

B.

Avoid encryption while passing through a VPN

C.

Avoid detection by security mechanisms

D.

Propagate malware to other connected devices

You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use?

A.

Inverse TCP flag scanning

B.

ACK flag scanning

C.

TCP Scanning

D.

IP Fragment Scanning

During the trial, an investigator observes that one of the principal witnesses is severely ill and cannot be present for the hearing. He decides to record the evidence and present it to the court. Under which rule should he present such evidence?

A.

Rule 1003: Admissibility of Duplicates

B.

Limited admissibility

C.

Locard’s Principle

D.

Hearsay

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

A.

DevScan

B.

Devcon

C.

fsutil

D.

Reg.exe

Which command line tool is used to determine active network connections?

A.

netsh

B.

nbstat

C.

nslookup

D.

netstat

In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?

A.

Chosen-message attack

B.

Known-cover attack

C.

Known-message attack

D.

Known-stego attack

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

A.

Robust copy

B.

Incremental backup copy

C.

Bit-stream copy

D.

Full backup copy

When analyzing logs, it is important that the clocks of all the network devices are synchronized. Which protocol will help in synchronizing these clocks?

A.

UTC

B.

PTP

C.

Time Protocol

D.

NTP

Select the data that a virtual memory would store in a Windows-based system.

A.

Information or metadata of the files

B.

Documents and other files

C.

Application data

D.

Running processes

Which of the following commands shows you the username and IP address used to access the system via a remote login session and the type of client from which they are accessing the system?

A.

Net config

B.

Net sessions

C.

Net share

D.

Net stat

Which of the following information is displayed when Netstat is used with -ano switch?

A.

Ethernet statistics

B.

Contents of IP routing table

C.

Details of routing table

D.

Details of TCP and UDP connections

Which of the following statements is true regarding SMTP Server?

A.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her designation before passing it to the DNS Server

B.

SMTP Server breaks the recipient's address into Recipient’s name and recipient’s address before passing it to the DNS Server

C.

SMTP Server breaks the recipient’s address into Recipient’s name and domain name before passing it to the DNS Server

D.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her initial before passing it to the DNS Server

What does the bytes 0x0B-0x53 represent in the boot sector of NTFS volume on Windows 2000?

A.

Jump instruction and the OEM ID

B.

BIOS Parameter Block (BPB) and the OEM ID

C.

BIOS Parameter Block (BPB) and the extended BPB

D.

Bootstrap code and the end of the sector marker