312-49v10無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v10)」

質問 1

Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?

（A）Both Civil and Criminal Investigations

（B）Civil Investigation

（C）Criminal Investigation

（D）Administrative Investigation

正解：D 解答を投票する

質問 2

Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

（A）18 USC §1030

（B）18 USC §1371

（C）18 USC §1029

（D）18 USC §1361

正解：A 解答を投票する

質問 3

Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. He wants to recover all the data, which includes his personal photos, music, documents, videos, official emails, etc. Which of the following tools shall resolve Bob's purpose?

（A）Xplico

（B）Colasoft's Capsa

（C）Cain & Abel

（D）Recuva

正解：D 解答を投票する

質問 4

What will the following command accomplish in Linux?
fdisk /dev/hda

（A）Format the hard drive

（B）Fill the disk with zeros

（C）Partition the hard drive

（D）Delete all files under the /dev/hda folder

正解：C 解答を投票する

質問 5

Which Event Correlation approach assumes and predicts what an attacker can do next after the attack by studying statistics and probability?

（A）Profile/Fingerprint-Based Approach

（B）Bayesian Correlation

（C）Automated Field Correlation

（D）Time (Clock Time) or Role-Based Approach

正解：B 解答を投票する

質問 6

Which of the following is NOT a part of pre-investigation phase?

（A）Creating an investigation team

（B）Gathering evidence data

（C）Building forensics workstation

（D）Gathering information about the incident

正解：B 解答を投票する

質問 7

Analyze the hex representation of mysql-bin.000013 file in the screenshot below. Which of the following will be an inference from this analysis?

（A）A WordPress user has been created with the username bad_guy

（B）An attacker with name anonymous_hacker has replaced a user bad_guy in the WordPress database

（C）A user with username bad_guy has logged into the WordPress web application

（D）A WordPress user has been created with the username anonymous_hacker

正解：A 解答を投票する

質問 8

Madison is on trial for allegedly breaking into her university's internal network. The police raided her dorm room and seized all of her computer equipment. Madison's lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison's lawyer trying to prove the police violated?

（A）The 4th Amendment

（B）The 10th Amendment

（C）The 5th Amendment

（D）The 1st Amendment

正解：A 解答を投票する

質問 9

While collecting Active Transaction Logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, assigning NULL values implies?

（A）Start and end points for log files are not specified

（B）Start and end points for log files are specified

（C）Start and end points for log sequence numbers are specified

（D）Start and end points for log sequence numbers are not specified

正解：A 解答を投票する

質問 10

When reviewing web logs, you see an entry for resource not found in the HTTP status code filed.
What is the actual error code that you would see in the log for resource not found?

（A）909

（B）404

（C）202

（D）505

正解：B 解答を投票する

質問 11

An investigator needs to perform data acquisition from a storage media without altering its contents to maintain the Integrity of the content. The approach adopted by the Investigator relies upon the capacity of enabling read-only access to the storage medi a. Which tool should the Investigator Integrate Into his/her procedures to accomplish this task?

（A）Data duplication tool

（B）Write blocker

（C）BitLocker

（D）Backup tool

正解：A 解答を投票する

質問 12

When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.

（A）Scope Creep

（B）Hard Drive Failure

（C）Unauthorized expenses

（D）Overzealous marketing

正解：A 解答を投票する

質問 13

What is one method of bypassing a system BIOS password?

（A）Removing the processor

（B）Remove all the system memory

（C）Removing the CMOS battery

（D）Login to Windows and disable the BIOS password

正解：C 解答を投票する

質問 14

What information do you need to recover when searching a victim's computer for a crime committed with specific e-mail message?

（A）Firewall log

（B）E-mail header

（C）Internet service provider information

（D）Username and password

正解：B 解答を投票する

質問 15

You are working in the security Department of law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?

（A）135

（B）10

（C）25

（D）110

正解：C 解答を投票する

質問 16

Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID "WIN-ABCDE12345F." Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?

（A）WIN-ABCDE12345F.log

（B）WIN-ABCDE12345F-bin.n

（C）WIN-ABCDE12345F.pid

（D）WIN-ABCDE12345F.err

正解：A 解答を投票する

312-49v10 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v10)」

弊社を連絡する

関連リンク

トップ試験