312-49v10無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v10)」

質問 1

Which of the following techniques can be used to beat steganography?

（A）Encryption

（B）Decryption

（C）Cryptanalysis

（D）Steganalysis

正解：D 解答を投票する

質問 2

When installed on a Windows machine, which port does the Tor browser use to establish a network connection via Tor nodes?

（A）49664/49665

（B）49667/49668

（C）9150/9151

（D）7680

正解：C 解答を投票する

質問 3

A master boot record (MBR) is the first sector ("sector zero") of a data storage device. What is the size of MBR?

（A）4092 Bytes

（B）1048 Bytes

（C）Depends on the capacity of the storage device

（D）512 Bytes

正解：D 解答を投票する

質問 4

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

（A）D:\Exchsrvr\Message Tracking\servername.log

（B）C:\Exchsrvr\Message Tracking\servername.log

（C）C:\Program Files\Microsoft Exchange\srvr\servername.log

（D）C:\Program Files\Exchsrvr\servername.log

正解：D 解答を投票する

質問 5

Jeff is a forensics investigator for a government agency's cyber security office. Jeff Is tasked with acquiring a memory dump of a Windows 10 computer that was involved In a DDoS attack on the government agency's web application. Jeff is onsite to collect the memory. What tool could Jeff use?

（A）RAM Mapper

（B）Volatility

（C）Memcheck

（D）Autopsy

正解：B 解答を投票する

質問 6

Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

（A）Cocoa Touch

（B）Media services

（C）Core Services

（D）Core OS

正解：D 解答を投票する

質問 7

Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?

（A）Isolating the host device

（B）Installing malware analysis tools

（C）Enabling shared folders

（D）Using network simulation tools

正解：C 解答を投票する

質問 8

When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

（A）The year the evidence was taken

（B）The initials of the forensics analyst

（C）The sequence number for the parts of the same exhibit

（D）The sequential number of the exhibits seized

正解：D 解答を投票する

質問 9

What technique is used by JPEGs for compression?

（A）ZIP

（B）TIFF-8

（C）DCT

（D）TCD

正解：C 解答を投票する

質問 10

Which of the following files contains the traces of the applications installed, run, or uninstalled from a system?

（A）Shortcut Files

（B）Image Files

（C）Virtual Files

（D）Prefetch Files

正解：A 解答を投票する

質問 11

______allows a forensic investigator to identify the missing links during investigation.

（A）Evidence preservation

（B）Chain of custody

（C）Evidence reconstruction

（D）Exhibit numbering

正解：B 解答を投票する

質問 12

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

（A）The manufacturer of the system compromised

（B）The logic, formatting and elegance of the code used in the attack

（C）The nature of the attack

（D）The vulnerability exploited in the incident

正解：B 解答を投票する

312-49v10 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v10)」

弊社を連絡する

関連リンク

トップ試験