312-49v10無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v10)」

質問 1

Which of the following statements is TRUE with respect to the Registry settings in the user start-up folder HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\.

（A）All the values in this subkey run when specific user logs on, as this setting is user-specific

（B）All values in this subkey run when specific user logs on and then the values are deleted

（C）All the values in this key are executed at system start-up

（D）The string specified in the value run executes when user logs on

正解：B 解答を投票する

質問 2

Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use.

（A）Linux

（B）Windows 8.1

（C）Windows XP

（D）Windows 98

正解：C 解答を投票する

質問 3

When Investigating a system, the forensics analyst discovers that malicious scripts were Injected Into benign and trusted websites. The attacker used a web application to send malicious code. In the form of a browser side script, to a different end-user. What attack was performed here?

（A）SQL injection attack

（B）Cookie poisoning attack

（C）Brute-force attack

（D）Cross-site scripting attack

正解：D 解答を投票する

質問 4

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

（A）64

（B）16

（C）128

（D）32

正解：D 解答を投票する

質問 5

You are running through a series of tests on your network to check for any security vulnerabilities.
After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

（A）The firewall failed-closed

（B）The firewall ACL has been purged

（C）The firewall failed-open

（D）The firewall failed-bypass

正解：C 解答を投票する

質問 6

You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use?

（A）ACK flag scanning

（B）Inverse TCP flag scanning

（C）TCP Scanning

（D）IP Fragment Scanning

正解：D 解答を投票する

質問 7

While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

（A）The files have been marked as hidden

（B）The files have been marked as read-only

（C）The files have been marked for deletion

（D）The files are corrupt and cannot be recovered

正解：C 解答を投票する

質問 8

How many sectors will a 125 KB file use in a FAT32 file system?

（A）256

（B）16

（C）32

（D）25

正解：A 解答を投票する

質問 9

Which among the following tools can help a forensic investigator to access the registry files during postmortem analysis?

（A）RegRipper

（B）RegDIIView

（C）RegistryChangesView

（D）ProDiscover

正解：A 解答を投票する

質問 10

An investigator Is examining a file to identify any potentially malicious content. To avoid code execution and still be able to uncover hidden indicators of compromise (IOC), which type of examination should the investigator perform:

（A）Dynamic analysis

（B）Threat hunting

（C）Static analysis

（D）Threat analysis

正解：A 解答を投票する

質問 11

In Windows Security Event Log, what does an event id of 530 imply?

（A）Logon Failure - Account currently disabled

（B）Logon Failure - Account logon time restriction violation

（C）Logon Failure - Unknown user name or bad password

（D）Logon Failure - User not allowed to logon at this computer

正解：B 解答を投票する

質問 12

You are a forensic investigator who is analyzing a hard drive that was recently collected as evidence. You have been unsuccessful at locating any meaningful evidence within the file system and suspect a drive wiping utility may have been used. You have reviewed the keys within the software hive of the Windows registry and did not find any drive wiping utilities. How can you verify that drive wiping software was used on the hard drive?

（A）Check the list of installed programs

（B）Look for distinct repeating patterns on the hard drive at the bit level

（C）Document in your report that you suspect a drive wiping utility was used, but no evidence was found

（D）Load various drive wiping utilities offline, and export previous run reports

正解：B 解答を投票する

312-49v10 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v10)」

弊社を連絡する

関連リンク

トップ試験