Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49v10 - Computer Hacking Forensic Investigator (CHFI-v10)

ECCouncil 312-49v10 Premium Access     Download Demo    
Page: 9 / 15
Total 704 questions

You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?

A.

Stringsearch

B.

grep

C.

dir

D.

vim

Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

A.

A disk imaging tool would check for CRC32s for internal self-checking and validation and have MD5 checksum

B.

Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file

C.

A simple DOS copy will not include deleted files, file slack and other information

D.

There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls? (Choose two.)

A.

162

B.

161

C.

163

D.

160

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

A.

Closed

B.

Open

C.

Stealth

D.

Filtered

Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold? needs?

A.

Circuit-level proxy firewall

B.

Packet filtering firewall

C.

Application-level proxy firewall

D.

Data link layer firewall

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

A.

Inculpatory evidence

B.

Mandatory evidence

C.

Exculpatory evidence

D.

Terrible evidence

You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so Quickly?

A.

Passwords of 14 characters or less are broken up into two 7-character hashes

B.

A password Group Policy change takes at least 3 weeks to completely replicate throughout a network

C.

Networks using Active Directory never use SAM databases so the SAM database pulled was empty

D.

The passwords that were cracked are local accounts on the Domain Controller

What does ICMP Type 3/Code 13 mean?

A.

Host Unreachable

B.

Administratively Blocked

C.

Port Unreachable

D.

Protocol Unreachable

The offset in a hexadecimal code is:

A.

The last byte after the colon

B.

The 0x at the beginning of the code

C.

The 0x at the end of the code

D.

The first byte after the colon

Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?

A.

Tailgating

B.

Backtrapping

C.

Man trap attack

D.

Fuzzing

You should make at least how many bit-stream copies of a suspect drive?

A.

1

B.

2

C.

3

D.

4

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

A.

Linux/Unix computers are easier to compromise

B.

Linux/Unix computers are constantly talking

C.

Windows computers are constantly talking

D.

Windows computers will not respond to idle scans

When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.

A.

A Capital X

B.

A Blank Space

C.

The Underscore Symbol

D.

The lowercase Greek Letter Sigma (s)

The newer Macintosh Operating System is based on:

A.

OS/2

B.

BSD Unix

C.

Linux

D.

Microsoft Windows

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florid a. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for. What principal of social engineering did Julia use?

A.

Social Validation

B.

Scarcity

C.

Friendship/Liking

D.

Reciprocation