312-49v11無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

質問 1

A forensic investigator is examining an attack on a MySQL database. The investigator has been given access to a server, but the physical MySQL data files are encrypted, and the database is currently inaccessible. The attacker seems to have tampered with the data. Which MySQL utility program would most likely assist the investigator in determining the changes that occurred during the attack?

（A）Mysqldump, because it allows dumping a database for backup purposes

（B）Mysqlbinlog, because it reads the binary log files directly and displays them in text format

（C）Myisamchk, because it views the status of the MylSAM table or checks, repairs, and optimizes them

（D）Mysqlaccess, because it checks the access privileges defined for a hostname or username

正解：B 解答を投票する

質問 2

Which of the following is a part of a Solid-State Drive (SSD)?

（A）Head

（B）NAND-based flash memory

（C）Cylinder

（D）Spindle

正解：B 解答を投票する

質問 3

Which of the following is a device monitoring tool?

（A）Regshot

（B）RAM Capturer

（C）Driver Detective

（D）Capsa

正解：D 解答を投票する

質問 4

Which of the following password cracking techniques works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

（A）Hybrid attack

（B）Syllable attack

（C）Brute forcing attack

（D）Rule-based attack

正解：A 解答を投票する

質問 5

Smith, an employee of a reputed forensic Investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in hacking of organization DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry key Smith will check to find the above information?

（A）MountedDevices key

（B）UserAssist Key

（C）RunMRU key

（D）TypedURLs key

正解：C 解答を投票する

質問 6

During a computer hacking forensic investigation, an investigator is tasked with acquiring volatile data from a live Linux system with limited physical access. Which methodology would be the most suitable for this scenario?

（A）Performing local acquisition of RAM using the LiME tool

（B）Performing remote acquisition of volatile data from a Linux machine using dd and netcat

（C）Using the fmem module and dd command locally to access the RAM and acquire its content directly

（D）Using Belkasoft Live RAM Capturer to extract the entire contents of the computer's volatile memory

正解：B 解答を投票する

質問 7

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

（A）fsutil

（B）Reg.exe

（C）DevScan

（D）Devcon

正解：D 解答を投票する

質問 8

A breach resulted from a malware attack that evaded detection and compromised the machine memory without installing any software or accessing the hard drive. What technique did the adversaries use to deliver the attack?

（A）Fileless

（B）Trojan

（C）Spyware

（D）JavaScript

正解：A 解答を投票する

質問 9

Rule 1002 of Federal Rules of Evidence (US) talks about_____

（A）Admissibility of duplicates

（B）Requirement of original

（C）Admissibility of original

（D）Admissibility of other evidence of contents

正解：B 解答を投票する

質問 10

In Linux OS, different log files hold different information, which help the investigators to analyze various issues during a security incident. What information can the investigators obtain from the log file var/log/dmesg?

（A）Global system messages

（B）All mail server message logs

（C）Kernel ring buffer information

（D）Debugging log messages

正解：C 解答を投票する

質問 11

Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.

From the log, the investigator can see where the person in question went on the Internet. From the log, it appears that the user was manually typing in different user ID numbers.
What technique this user was trying?

（A）Cross site scripting

（B）SQL injection

（C）Parameter tampering

（D）Cookie Poisoning

正解：C 解答を投票する

質問 12

Chloe is a forensic examiner who is currently cracking hashed passwords for a crucial mission and hopefully solve the case. She is using a lookup table used for recovering a plain text password from cipher text; it contains word list and brute-force list along with their computed hash values. Chloe Is also using a graphical generator that supports SHA1.
a. What password technique is being used?
b. What tool is Chloe using?

（A）a. Brute-force b. MScache

（B）a. Dictionary attack b. Cisco PIX

（C）a. Rainbow Tables b. Winrtgen

（D）a. Cain & Able b. Rten

正解：C 解答を投票する

質問 13

An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

（A）Fraggle

（B）Smurf

（C）Ping of death

（D）Nmap scan

正解：C 解答を投票する

312-49v11 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11)」

弊社を連絡する

関連リンク

トップ試験