312-49v11無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

質問 1

You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour.
Why were these passwords cracked so Quickly?

（A）Passwords of 14 characters or less are broken up into two 7-character hashes

（B）A password Group Policy change takes at least 3 weeks to completely replicate throughout a network

（C）The passwords that were cracked are local accounts on the Domain Controller

（D）Networks using Active Directory never use SAM databases so the SAM database pulled was empty

正解：A 解答を投票する

質問 2

Raw data acquisition format creates ____________of a data set or suspect drive.

（A）Simple sequential flat files

（B）Segmented files

（C）Segmented image files

（D）Compressed image files

正解：A 解答を投票する

質問 3

A digital forensics lab is working on a high-profile cybercrime case. The director has decided to include a new team member in the investigation team for his specialized expertise. Which of the following considerations should be considered in the context of maintaining the lab's integrity, based on the given information?

（A）The new team member should be given immediate access to the lab without maintaining a visitor's log register

（B）The new team member should be allowed to bring his own hardware and software tools to the lab for investigation

（C）The new team member should be provided with an electronic sign-in pass, and his entry should be logged in the register

（D）The new team member should be directly handed the original hardware containing the evidence

正解：C 解答を投票する

質問 4

James is dealing with a case regarding a cybercrime that has taken place in Arizona, USA.
James needs to lawfully seize the evidence from an electronic device without affecting the user's anonymity. Which of the following law should he comply with, before retrieving the evidence?

（A）First Amendment of the U.S. Constitution

（B）Third Amendment of the U.S. Constitution

（C）Fifth Amendment of the U.S. Constitution

（D）Fourth Amendment of the U.S. Constitution

正解：C 解答を投票する

質問 5

In an ongoing investigation, a computer forensics investigator encounters a suspicious file believed to be packed using a password-protected program packer. The investigator possesses both the knowledge of the packing tool used and the necessary unpacking tool. What critical step should the investigator consider before analyzing the packed file?

（A）Conduct static analysis on the packed file immediately

（B）Reverse engineer the packed file to understand the hidden attack tools

（C）Attempt to decrypt the password prior to unpacking the file

（D）Run the packed file in a controlled environment for dynamic analysis

正解：C 解答を投票する

質問 6

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are _________ media used to store large amounts of data and are not affected by the magnet.

（A）Optical

（B）Magnetic

（C）Logical

（D）Anti-Magnetic

正解：A 解答を投票する

質問 7

Maria has executed a suspicious executable file In a controlled environment and wants to see if the file adds/modifies any registry value after execution via Windows Event Viewer. Which of the following event ID should she look for In this scenario?

（A）Event ID 4688

（B）Event ID 4657

（C）Event ID 4624

（D）Event ID 7040

正解：B 解答を投票する

質問 8

What is kept in the following directory?
HKLM\SECURITY\Policy\Secrets

（A）Service account passwords in plain text

（B）Local store PKI Kerberos certificates

（C）IAS account names and passwords

（D）Cached password hashes for the past 20 users

正解：A 解答を投票する

質問 9

Jason, a renowned forensic investigator, is investigating a network attack that resulted in the compromise of several systems in a reputed multinational's network. He started Wireshark to capture the network traffic. Upon investigation, he found that the DNS packets travelling across the network belonged to a non-company configured IP. Which of the following attack Jason can infer from his findings?

（A）Cookie Poisoning Attack

（B）DNS Redirection

（C）Session poisoning

（D）DNS Poisoning

正解：D 解答を投票する

質問 10

As a Computer Hacking Forensic Investigator (CHFI). you are investigating a possible breach on a web application protected by a Web Application Firewall (WAF). You notice some logs on the WAF that suggest there were some repeated attempts to bypass the SQL injection protection.
After inspecting the web server and MySQL database you Find no indications of data manipulation. You then decide to delve deeper and examine the database server logs. Which of the following would you most likely infer if you notice a log entry indicating a query command as
"1' OR '1'='1'; -- "?

（A）The SQL inject on attempt was unsuccessful as it is an incorrect syntax for bypassing WAF SQL injection protection

（B）The WAF failed to detect the SQL injection attempt out MySQL s n-built protections prevented data manipulation

（C）There was a successful SQL injection, and unauthorized data manipulation likely occurred

（D）The WAF successfully blocked the SQL injection attempt and no unauthorized data manipulation occurred

正解：C 解答を投票する

質問 11

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia.
Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities.
He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

（A）Visual semagram

（B）Grill cipher

（C）Visual cipher

（D）Text semagram

正解：A 解答を投票する

質問 12

Log management includes all the processes and techniques used to collect, aggregate, and analyze computer-generated log messages. It consists of the hardware, software, network and media used to generate, transmit, store, analyze, and dispose of log data.

（A）False

（B）True

正解：B 解答を投票する

312-49v11 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

弊社を連絡する

関連リンク

トップ試験