Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-49v10 - Computer Hacking Forensic Investigator (CHFI-v10)

ECCouncil 312-49v10 Premium Access     Download Demo    
Page: 1 / 15
Total 704 questions

Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?

A.

Net config

B.

Net file

C.

Net share

D.

Net sessions

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

A.

SAM

B.

AMS

C.

Shadow file

D.

Password.conf

Which of the following tool can the investigator use to analyze the network to detect Trojan activities?

A.

Regshot

B.

TRIPWIRE

C.

RAM Computer

D.

Capsa

Sectors are pie-shaped regions on a hard disk that store data. Which of the following parts of a hard disk do not contribute in determining the addresses of data?

A.

Sectors

B.

Interface

C.

Cylinder

D.

Heads

Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first response while maintaining the integrity of evidence?

A.

Record the system state by taking photographs of physical system and the display

B.

Perform data acquisition without disturbing the state of the systems

C.

Open the systems, remove the hard disk and secure it

D.

Switch off the systems and carry them to the laboratory

Who is responsible for the following tasks?

A.

Non-forensics staff

B.

Lawyers

C.

System administrators

D.

Local managers or other non-forensic staff

When investigating a wireless attack, what information can be obtained from the DHCP logs?

A.

The operating system of the attacker and victim computers

B.

IP traffic between the attacker and the victim

C.

MAC address of the attacker

D.

If any computers on the network are running in promiscuous mode

In the following email header, where did the email first originate from?

A.

Somedomain.com

B.

Smtp1.somedomain.com

C.

Simon1.state.ok.gov.us

D.

David1.state.ok.gov.us

Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Which of the following tool will help Charles?

A.

Xplico

B.

Colasoft’s Capsa

C.

FileSalvage

D.

DriveSpy

What is the smallest physical storage unit on a hard drive?

A.

Track

B.

Cluster

C.

Sector

D.

Platter

Which rule requires an original recording to be provided to prove the content of a recording?

A.

1004

B.

1002

C.

1003

D.

1005

Where is the startup configuration located on a router?

A.

Static RAM

B.

BootROM

C.

NVRAM

D.

Dynamic RAM

In Steganalysis, which of the following describes a Known-stego attack?

A.

The hidden message and the corresponding stego-image are known

B.

During the communication process, active attackers can change cover

C.

Original and stego-object are available and the steganography algorithm is known

D.

Only the steganography medium is available for analysis

What hashing method is used to password protect Blackberry devices?

A.

AES

B.

RC5

C.

MD5

D.

SHA-1

Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?

A.

filecache.db

B.

config.db

C.

sigstore.db

D.

Sync_config.db