312-49v11無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

質問 1

The working of the Tor browser is based on which of the following concepts?

（A）Onion routing

（B）Static routing

（C）Default routing

（D）Both static and default routing

正解：A 解答を投票する

質問 2

John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

（A）Firewalk sets all packets with a TTL of zero

（B）Firewalk cannot pass through Cisco firewalls

（C）Firewalk sets all packets with a TTL of one

（D）Firewalk cannot be detected by network sniffers

正解：C 解答を投票する

質問 3

Which among the following web application threats is resulted when developers expose various internal implementation objects, such as files, directories, database records, or key-through references?

（A）Remote File Inclusion

（B）Insecure Direct Object References

（C）Cross Site Request Forgery

（D）Cross Site Scripting

正解：B 解答を投票する

質問 4

Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house.
Daryl packs all the items found in his van and takes them back to his lab for further examination.
At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

（A）Three

（B）Four

（C）One

（D）Two

正解：D 解答を投票する

質問 5

At what layer of the OSI model do routers function on?

（A）3

（B）5

（C）1

（D）4

正解：A 解答を投票する

質問 6

Consider a scenario where a forensic investigator is performing malware analysis on a memory dump acquired from a victims computer. The investigator uses Volatility Framework to analyze RAM contents; which plugin helps investigator to identify hidden processes or injected code/DLL in the memory dump?

（A）mallist

（B）malscan

（C）malfind

（D）pslist

正解：C 解答を投票する

質問 7

To reach a bank web site, the traffic from workstations must pass through a firewall.
You have been asked to review the firewall configuration to ensure that workstations in network
10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https.
Which of the following firewall rules meets this requirement?

（A）if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

（B）if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or
443) then permit

（C）if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

正解：A 解答を投票する

質問 8

What does the acronym POST mean as it relates to a PC?

（A）Primary Operations Short Test

（B）Pre Operational Situation Test

（C）Primary Operating System Test

（D）Power On Self Test

正解：D 解答を投票する

質問 9

As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc. Which of the following commands does she need to execute in order to extract the desired information?

（A）DBCC LOG(Transfers, 0)

（B）DBCC LOG(Transfers, 2)

（C）DBCC LOG(Transfers, 1)

（D）DBCC LOG(Transfers, 3)

正解：B 解答を投票する

質問 10

A cybersecurity forensics investigator is tasked with acquiring data from a suspect's drive for a civil litigation case. The suspect drive is 1TB, and due to time constraints, the investigator decides to prioritize and acquire only data of evidentiary value. The original drive cannot be retained. In this context, which of the following steps should the investigator prioritize?

（A）Opt for disk-to-image copying for the large suspect drive

（B）Use a reliable data acquisition tool to make a copy of the original drive

（C）Utilize DriveSpace or DoubleSpace to reduce the data size

（D）Execute logical acquisition considering the one-time opportunity to capture data

正解：B 解答を投票する

質問 11

Which of the following malware targets Android mobile devices and installs a backdoor that remotely installs applications from an attacker-controlled server?

（A）xHelper

（B）Unflod

（C）Felix

（D）XcodeGhost

正解：A 解答を投票する

質問 12

Amelia has got an email from a well-reputed company stating in the subject line that she has won a prize money, whereas the email body says that she has to pay a certain amount for being eligible for the contest. Which of the following acts does the email breach?

（A）SOX

（B）CAN-SPAM Act

（C）GLBA

（D）HIPAA

正解：B 解答を投票する

質問 13

Examination of a computer by a technically unauthorized person will almost always result in:

（A）The chain of custody being fully maintained

（B）Rendering any evidence found inadmissible in a court of law

（C）Rendering any evidence found admissible in a court of law

（D）Completely accurate results of the examination

正解：B 解答を投票する

質問 14

Davidson Trucking is a small transportation company that has three local offices in Detroit Michigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not upholding company policy?

（A）IT personnel

（B）Employees themselves

（C）Supervisors

（D）Administrative assistant in charge of writing policies

正解：C 解答を投票する

質問 15

Raw data acquisition format creates ____________of a data set or suspect drive.

（A）Simple sequential flat files

（B）Segmented files

（C）Segmented image files

（D）Compressed image files

正解：A 解答を投票する

質問 16

Where is the startup configuration located on a router?

（A）Dynamic RAM

（B）Static RAM

（C）BootROM

（D）NVRAM

正解：D 解答を投票する

質問 17

Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

（A）Logical block

（B）Physical block

（C）Hard disk block

（D）Operating system block

正解：B 解答を投票する

312-49v11 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

弊社を連絡する

関連リンク

トップ試験