312-49v10無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v10)」

質問 1

Which of the following files gives information about the client sync sessions in Google Drive on Windows?

（A）Sync.log

（B）Sync_log.log

（C）sync.log

（D）sync_log.log

正解：B 解答を投票する

質問 2

Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

（A）Sector

（B）MFT

（C）Metadata

（D）Slack Space

正解：D 解答を投票する

質問 3

An EC2 instance storing critical data of a company got infected with malware. The forensics team took the EBS volume snapshot of the affected Instance to perform further analysis and collected other data of evidentiary value. What should be their next step?

（A）They should terminate the instance after taking necessary backup

（B）They should keep the instance running as it stores critical data

（C）They should pause the running instance

（D）They should terminate all instances connected via the same VPC

正解：A 解答を投票する

質問 4

Which among the following search warrants allows the first responder to search and seize the victim's computer components such as hardware, software, storage devices, and documentation?

（A）Electronic Storage Device Search Warrant

（B）John Doe Search Warrant

（C）Service Provider Search Warrant

（D）Citizen Informant Search Warrant

正解：A 解答を投票する

質問 5

What will the following command accomplish?
dd if=/dev/xxx of=mbr.backup bs=512 count=1

（A）Back up the master boot record

（B）Restore the first 512 bytes of the first partition of the hard drive

（C）Restore the master boot record

（D）Mount the master boot record on the first partition of the hard drive

正解：A 解答を投票する

質問 6

Harold is finishing up a report on a case of network intrusion, corporate spying, and embezzlement that he has been working on for over six months. He is trying to find the right term to use in his report to describe network-enabled spying. What term should Harold use?

（A）Hackspionage

（B）Netspionage

（C）Spynet

（D）Spycrack

正解：B 解答を投票する

質問 7

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.
Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

（A）All forms should be placed in the report file because they are now primary evidence in the case.

（B）The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.

（C）All forms should be placed in an approved secure container because they are now primary evidence in the case.

（D）The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.

正解：B 解答を投票する

質問 8

What will the following Linux command accomplish?
dd if=/dev/mem of=/home/sam/mem.bin bs=1024

（A）Copy the memory dump file to an image file

（B）Copy the master boot record to a file

（C）Copy the running memory to a file

（D）Copy the contents of the system folder to a file

正解：C 解答を投票する

質問 9

Lynne receives the following email:
Dear [email protected]! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11/10 20:40:24 You have 24 hours to fix this problem or risk to be closed permanently!
To proceed Please Connect >> My Apple ID
Thank You The link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/ What type of attack is this?

（A）Email Spamming

（B）Phishing

（C）Email Spoofing

（D）Mail Bombing

正解：B 解答を投票する

質問 10

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

（A）UDP header field

（B）ICMP header field

（C）IP header field

（D）TCP header field

正解：D 解答を投票する

質問 11

When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.

（A）Scope Creep

（B）Hard Drive Failure

（C）Unauthorized expenses

（D）Overzealous marketing

正解：A 解答を投票する

質問 12

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

（A）The manufacturer of the system compromised

（B）The logic, formatting and elegance of the code used in the attack

（C）The nature of the attack

（D）The vulnerability exploited in the incident

正解：B 解答を投票する

質問 13

This law sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.

（A）The CAN-SPAM act

（B）European Anti-Spam act

（C）Federal Spam act

（D）Telemarketing act

正解：A 解答を投票する

質問 14

What is cold boot (hard boot)?

（A）It is the process of shutting down a computer from a powered-on or on state

（B）It is the process of restarting a computer that is already in sleep mode

（C）It is the process of restarting a computer that is already turned on through the operating system

（D）It is the process of starting a computer from a powered-down or off state

正解：D 解答を投票する

質問 15

Data density of a disk drive is calculated by using_______

（A）Track density, areal density, and bit density.

（B）Track space, bit area, and slack space.

（C）Slack space, bit density, and slack density.

（D）Track density, areal density, and slack density.

正解：A 解答を投票する

質問 16

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

（A）analysis of volatile data

（B）comparison of MD5 checksums

（C）forensic duplication of hard drive

（D）review of SIDs in the Registry

正解：B 解答を投票する

質問 17

Which program is the bootloader when Windows XP starts up?

（A）LILO

（B）LOADER

（C）NTLDR

（D）KERNEL.EXE

正解：C 解答を投票する

質問 18

Which of the following directory contains the binary files or executables required for system maintenance and administrative tasks on a Linux system?

（A）/usr

（B）/bin

（C）/sbin

（D）/lib

正解：C 解答を投票する

質問 19

Which password cracking technique uses every possible combination of character sets?

（A）Brute force attack

（B）Rainbow table attack

（C）Dictionary attack

（D）Rule-based attack

正解：A 解答を投票する

312-49v10 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v10)」

弊社を連絡する

関連リンク

トップ試験