312-49v11無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

質問 1

Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

（A）Complete event analysis

（B）End-to-end

（C）Point-to-point

（D）Thorough

正解：B 解答を投票する

質問 2

Which of the following techniques delete the files permanently?

（A）Artifact Wiping

（B）Trail obfuscation

（C）Data Hiding

（D）Steganography

正解：A 解答を投票する

質問 3

In forensics.______are used lo view stored or deleted data from both files and disk sectors.

（A）Hex editors

（B）Hash algorithms

（C）SI EM tools

（D）Host interfaces

正解：A 解答を投票する

質問 4

Jack is reviewing file headers to verify the file format and hopefully find more Information of the file. After a careful review of the data chunks through a hex editor; Jack finds the binary value Oxffd8ff. Based on the above Information, what type of format is the file/image saved as?

（A）GIF

（B）ASCII

（C）JPEG

（D）BMP

正解：C 解答を投票する

質問 5

An organization is concerned about potential attacks using steganography to hide malicious data within image files. After a recent breach, the incident response team found that an attacker had managed to sneak past their defenses by hiding a keylogger inside a legitimate image. Given that the attacker has knowledge of the organization's steganography detection techniques, which method of steganalysis would likely be the most effective in detecting such a steganographic attack in the future?

（A）Chosen-message attack, where the analyst uses a known message to generate a stego-object in order to find the steganography algorithm used

（B）Chi-square attack, where the analyst performs probability analysis to test whether the stego object and original data are identical

（C）Known-stego attack, where the analyst knows both the steganography algorithm and original and stego-object

（D）Known-message attack, where the analyst has a known hidden message in the corresponding stego-image and looks for patterns that arise from hiding the message

正解：A 解答を投票する

質問 6

Which of the following attack uses HTML tags like <script></script>?

（A）Phishing

（B）SQL injection

（C）Spam

（D）XSS attack

正解：D 解答を投票する

質問 7

Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the organization's DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry keys will Smith check to find the above information?

（A）MountedDevices key

（B）UserAssist Key

（C）RunMRU key

（D）TypedURLs key

正解：C 解答を投票する

質問 8

System software password cracking is defined as cracking the operating system and all other utilities that enable a computer to function

（A）False

（B）True

正解：B 解答を投票する

質問 9

FAT32 is a 32-bit version of FAT file system using smaller clusters and results in efficient storage capacity. What is the maximum drive size supported?

（A）3 terabytes

（B）2 terabytes

（C）4 terabytes

（D）1 terabytes

正解：B 解答を投票する

質問 10

A considerable data breach has struck a global company, leading to the unfortunate loss of confidential data. The corporation's Cybersecurity unit now faces the task of conducting a deep- dive investigation into this incident. Their findings suggest that advanced hacking tools were utilized in the breach, with the attack seemingly initiated from inside the organization itself. Based on this information which statement best describes the type of cybercrime and the potential challenge in this forensic investigation?

（A）Cybercrime can be categorized as an external attack, and the primary challenge will be identifying the source of the sophisticated hacking tools

（B）Cybercrime can be categorized as an external attack, and the primary challenge will be tracing the IP addresses of the attacker

（C）Cybercrime can be categorized as an internal attack, and the major challenge will be the probable damage to the physical infrastructure

（D）Cybercrime can be categorized as an internal attack, and a potential challenge will be proving the insider's intent since the attack tools were advanced

正解：D 解答を投票する

質問 11

In an ongoing cybercrime investigation, Laura, a certified Computer Hacking Forensics Investigator (CHFI), has identified a system involved in illegal activities. The system is connected to a network with many other users. Laura needs to gather evidence related to the identified system's internet usage. Which legal and privacy considerations should be her utmost priority?

（A）Acquiring a search warrant specifically mentioning the identified system

（B）Obtaining explicit consent from the system owner before starting the investigation

（C）Informing the authorities about the identified illegal activities

（D）Maintaining the anonymity of non-target users connected to the system

正解：A 解答を投票する

質問 12

You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subject's computer. You inform the officer that you will not be able to comply with that request because doing so would:

（A）Cause network congestion

（B）Write information to the subject hard drive

（C）Violate your contract

（D）Make you an agent of law enforcement

正解：D 解答を投票する

質問 13

A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.
(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32
TCP Options (3) => NOP NOP TS: 23678634 2878772
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=
03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111
UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84
Len: 64
01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................
00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................
00 00 00 11 00 00 00 00 ........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=
03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773
UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104
Len: 1084
47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 G..c............
00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 20 ...............
3A B1 5E E5 00 00 00 09 6C 6F 63 61 6C 68 6F 73 :.^.....localhost
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+
03/15-20:21:36.539731 211.185.125.124:4450 -> 172.16.1.108:39168
TCP TTL:43 TOS:0x0 ID:31660 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0x9C6D2BFF Ack: 0x59606333 Win: 0x7D78 TcpLen: 32
TCP Options (3) => NOP NOP TS: 23679878 2880015
63 64 20 2F 3B 20 75 6E 61 6D 65 20 2D 61 3B 20 cd /; uname -a;
69 64 3B id;

（A）The attacker has used a Trojan on port 32773

（B）The attacker has installed a backdoor

（C）The attacker has conducted a network sweep on port 111

（D）The attacker has scanned and exploited the system using Buffer Overflow

正解：C 解答を投票する

質問 14

In a suspected cyberattack scenario, a seasoned Computer Hacking Forensics Investigator (CHFI) comes across evidence that the attacker used cloud infrastructure to host attack toolkits and launch the attack. What should be the investigator's primary approach to unravel the tracks covered by the attacker and retrieve evidence?

（A）Review the access logs for all cloud infrastructure services used during the attack period

（B）Launch a counterattack on the suspected IP addresses linked with the cloud infrastructure

（C）Recover and analyze the residual data left on the cloud servers after the attacker destroyed the infrastructure

（D）Contact the cloud service provider and request the deletion of data for the suspected period

正解：A 解答を投票する

質問 15

When a file or folder is deleted, the complete path, including the original file name, is stored in a special hidden file called "INF02" in the Recycled folder. If the INF02 file is deleted, it is re- created when you___________.

（A）Run the anti-spyware tool on the system

（B）Restart Windows

（C）Kill the running processes in Windows task manager

（D）Run the antivirus tool on the system

正解：B 解答を投票する

質問 16

A rogue/unauthorized access point is one that Is not authorized for operation by a particular firm or network

（A）False

（B）True

正解：B 解答を投票する

質問 17

The Recycle Bin exists as a metaphor for throwing files away, but it also allows a user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to the log file that exists in the Recycle Bin. Which of the following files contains records that correspond to each deleted file in the Recycle Bin?

（A）LOGINFO2

（B）INFO2

（C）LOGINFO1

（D）INFO1

正解：B 解答を投票する

質問 18

You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab. How many law-enforcement computer investigators should you request to staff the lab?

（A）1

（B）4

（C）2

（D）8

正解：B 解答を投票する

質問 19

During a malware forensic investigation, a newly added entry was identified in the Windows AutoStart registry keys after a malware execution on a compromised system. The entry indicates a VB script file named "CaoClboog.vbs" installed in the 'Run' key to achieve persistence and run automatically upon user login. As a Computer Hacking Forensic Investigator (CHFI), where would you expect to find this suspicious entry in the registry hive?

（A）HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Startup

（B）HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Common Startup

（C）HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

（D）HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

正解：C 解答を投票する

質問 20

During a recent network intrusion investigation, a CHFI received logs from Juniper IDS, Check Point IPS, and a Kippo Honeypot. Which log provides information about the network traffic and bandwidth adjustment, aiding in business risk valuation?

（A）None of the above

（B）Kippo Honeypot

（C）Juniper IDS

（D）Check Point IPS

正解：C 解答を投票する

312-49v11 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

弊社を連絡する

関連リンク

トップ試験