312-49v11無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

質問 1

A forensic investigator prepares to present digital evidence related to a high-profile cybercrime case in court. He needs to ensure that the evidence complies with the five basic rules of evidence. Which of the following actions does NOT align with these rules?

（A）He ensures that the evidence is complete, providing sufficient information to either prove or disprove the consensual fact in the litigation

（B）He works directly on the original digital evidence to maintain its reliability

（C）He gets an expert opinion to confirm the investigation process and make the evidence understandable

（D）He gathers supporting documents regarding the authenticity of the evidence, including the source and its relevance to the case

正解：B 解答を投票する

質問 2

File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?

（A）The operating system marks the file's name in the MFT with a special character that indicates that the file has been deleted

（B）The last letter of a file name is replaced by a hex byte code E5h

（C）Corresponding clusters in FAT are marked as used

（D）The computer looks at the clusters occupied by that file and does not avails space to store a new file

正解：A 解答を投票する

質問 3

A forensic investigator is a person who handles the complete Investigation process, that is, the preservation, identification, extraction, and documentation of the evidence. The investigator has many roles and responsibilities relating to the cybercrime analysis. The role of the forensic investigator is to:

（A）Keep the evidence a highly confidential and hide the evidence from law enforcement agencies

（B）Create an image backup of the original evidence without tampering with potential evidence

（C）Take permission from all employees of the organization for investigation

（D）Harden organization network security

正解：B 解答を投票する

質問 4

A top-tier forensic investigation bureau within the United States is handling a major case related to espionage. They have started electronic monitoring of a permanent lawful inhabitant of the nation suspected of participating in the case. Yet, there seems to be no compelling evidence suggesting the individual's criminal involvement. How does this measure correspond with existing laws?

（A）This measure breaches the Foreign Intelligence Surveillance Act of 1978 as no compelling evidence suggests criminal involvement

（B）This measure breaches the Privacy Act of 1974, involving the unauthorized revelation of private data

（C）This measure corresponds with the Protect America Act of 2007 which permits the surveillance of individuals who are thought to be residing outside the United States

（D）This measure corresponds with the Foreign Intelligence Surveillance Act of 1978, permitting the surveillance of US individuals suspected of participating in espionage

正解：D 解答を投票する

質問 5

As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc. Which of the following commands does she need to execute in order to extract the desired information?

（A）DBCC LOG(Transfers, 0)

（B）DBCC LOG(Transfers, 2)

（C）DBCC LOG(Transfers, 1)

（D）DBCC LOG(Transfers, 3)

正解：B 解答を投票する

質問 6

What TCP/UDP port does the toolkit program netstat use?

（A）Port 15

（B）Port 23

（C）Port 7

（D）Port 69

正解：A 解答を投票する

質問 7

What will the following URL produce in an unpatched IIS Web Server?
http://www.thetargetsite.com/scripts/..%co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:
\

（A）Directory listing of C: drive on the web server

（B）Execute a buffer flow in the C: drive of the web server

（C）Directory listing of the C:\windows\system32 folder on the web server

（D）Insert a Trojan horse into the C: drive of the web server

正解：A 解答を投票する

質問 8

In Linux, what is the smallest possible shellcode?

（A）8 bytes

（B）80 bytes

（C）800 bytes

（D）24 bytes

正解：D 解答を投票する

質問 9

What document does the screenshot represent?

（A）Chain of custody form

（B）Evidence collection form

（C）Expert witness form

（D）Search warrant form

正解：B 解答を投票する

質問 10

Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?

（A）802.11b

（B）802.11a

（C）802.11i

（D）802.11g

正解：B 解答を投票する

質問 11

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

（A）Nothing in particular as these can be operational files

（B）The system files have been copied by a remote attacker

（C）The system has been compromised using a t0rnrootkit

（D）The system administrator has created an incremental backup

正解：A 解答を投票する

質問 12

What type of analysis helps to identify the time and sequence of events in an investigation?

（A）Functional

（B）Temporal

（C）Relational

（D）Time-based

正解：B 解答を投票する

質問 13

If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

（A）Remove any memory cards immediately

（B）Remove the battery immediately

（C）Turn off the device immediately

（D）Keep the device powered on

正解：D 解答を投票する

質問 14

You are working in the security Department of law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that.
His client alleges that he is innocent and that there is no way for a fake email to actually be sent.
You inform the attorney that his client is mistaken and that fake email is possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?

（A）135

（B）10

（C）25

（D）110

正解：C 解答を投票する

312-49v11 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

弊社を連絡する

関連リンク

トップ試験