312-49v11無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

質問 1

LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.

（A）Sequential number

（B）Sector number

（C）Operating system number

（D）Index number

正解：A 解答を投票する

質問 2

You are a forensic investigator who is analyzing a hard drive that was recently collected as evidence. You have been unsuccessful at locating any meaningful evidence within the file system and suspect a drive wiping utility may have been used. You have reviewed the keys within the software hive of the Windows registry and did not find any drive wiping utilities.
How can you verify that drive wiping software was used on the hard drive?

（A）Check the list of installed programs

（B）Look for distinct repeating patterns on the hard drive at the bit level

（C）Document in your report that you suspect a drive wiping utility was used, but no evidence was found

（D）Load various drive wiping utilities offline, and export previous run reports

正解：B 解答を投票する

質問 3

During a computer hacking forensic investigation, an investigator is tasked with acquiring volatile data from a live Linux system with limited physical access. Which methodology would be the most suitable for this scenario?

（A）Performing local acquisition of RAM using the LiME tool

（B）Performing remote acquisition of volatile data from a Linux machine using dd and netcat

（C）Using the fmem module and dd command locally to access the RAM and acquire its content directly

（D）Using Belkasoft Live RAM Capturer to extract the entire contents of the computer's volatile memory

正解：B 解答を投票する

質問 4

What information do you need to recover when searching a victim computer for a crime committed with specific e-mail message?

（A）Firewall log

（B）E-mail header

（C）Internet service provider information

（D）Username and password

正解：B 解答を投票する

質問 5

Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

（A）Those connections are in timed out/waiting mode

（B）Those connections are in listening mode

（C）Those connections are established

（D）Those connections are in closed/waiting mode

正解：B 解答を投票する

質問 6

An attack vector is a path or means by which an attacker can gain access to computer or network resources in order to deliver an attack payload or cause a malicious outcome.

（A）False

（B）True

正解：B 解答を投票する

質問 7

Ronald, a forensic investigator, has been hired by a financial services organization to Investigate an attack on their MySQL database server, which Is hosted on a Windows machine named WIN- DTRAI83202X. Ronald wants to retrieve information on the changes that have been made to the database. Which of the following files should Ronald examine for this task?

（A）WIN-DTRAI83202Xslow.log

（B）WIN-DTRAI83202X-bin.nnnnnn

（C）WIN-DTRAl83202Xrelay-bin.index

（D）relay-log.info

正解：A 解答を投票する

質問 8

What is the first step that needs to be carried out to crack the password?

（A）The list of dictionary words is hashed or encrypted

（B）A word list is created using a dictionary generator program or dictionaries

（C）The hashed wordlist is compared against the target hashed password, generally one word at a time

（D）If it matches, that password has been cracked and the password cracker displays the unencrypted version of the password

正解：B 解答を投票する

質問 9

A CHFI professional is investigating a data breach in a Windows 10 system. The initial analysis revealed some alterations in the system event logs. As part of the investigation, the professional uses the 'wevtutil' command-line tool. The command 'wevtutil gl Security' was executed, but the results seemed abnormal. Which of the following could be a plausible reason for this outcome?

（A）The command 'wevtutil gl Security' does not exist in the 'wevtutil' command set

（B）The 'wevtutil' command cannot retrieve data from XML-based EVTX file format

（C）The Event Log service was temporarily unresponsive or down

（D）The EVTX file storing the Security log was corrupted or tampered with

正解：D 解答を投票する

質問 10

Which of the following is a device monitoring tool?

（A）Regshot

（B）RAM Capturer

（C）Driver Detective

（D）Capsa

正解：D 解答を投票する

質問 11

In what circumstances would you conduct searches without a warrant?

（A）Agents may search a place or object without a warrant if he suspect the crime was committed

（B）Law enforcement agencies located in California under section SB 567 are authorized to seize computers without warrant under all circumstances

（C）When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity

（D）A search warrant is not required if the crime involves Denial-Of-Service attack over the Internet

正解：C 解答を投票する

質問 12

You are running through a series of tests on your network to check for any security vulnerabilities.
After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

（A）The firewall failed-closed

（B）The firewall ACL has been purged

（C）The firewall failed-open

（D）The firewall failed-bypass

正解：C 解答を投票する

質問 13

During an investigation of a suspected network attack, a Computer Hacking Forensics Investigator (CHFI) is analyzing a firewall log from a Cisco system. The log entry includes a mnemonic message:
"%PIX-6-302015: Built outbound UDP connection."
Considering the information provided, what can the investigator infer from this log entry?

（A）The firewall has recorded an unsuccessful attempt to establish an outbound UDP connection

（B）The firewall has established an outbound UDP connection

（C）The firewall has blocked a connection attempt per the security policy or user-defined rules

（D）The firewall detected suspicious traffic, but the firewall accepted it

正解：B 解答を投票する

質問 14

When investigating a wireless attack, what information can be obtained from the DHCP logs?

（A）IP traffic between the attacker and the victim

（B）The operating system of the attacker and victim computers

（C）MAC address of the attacker

（D）If any computers on the network are running in promiscuous mode

正解：C 解答を投票する

質問 15

Wireless network discovery tools use two different methodologies to detect, monitor and log a WLAN device (i.e. active scanning and passive scanning). Active scanning methodology involves
____________and waiting for responses from available wireless networks.

（A）Scanning the network

（B）Broadcasting a probe request frame

（C）Sniffing the packets from the airwave

（D）Inspecting WLAN and surrounding networks

正解：B 解答を投票する

質問 16

You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities:
When you type this and click on search, you receive a pop-up window that says:
"This is a test."
What is the result of this test?

（A）Your website is vulnerable to SQL injection

（B）Your website is vulnerable to CSS

（C）Your website is not vulnerable

（D）Your website is vulnerable to web bugs

正解：B 解答を投票する

312-49v11 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

弊社を連絡する

関連リンク

トップ試験