New Certified Hacking Forensic Investigator (CHFI) Exam 312-49v10 Study Guide

Regina2021-11-09T02:48:07+00:00

By Regina CHFI, EC-Council, Free Questions Online 312-49v10, 312-49v10 exam questions, 312-49v10 free questions, 312-49v10 study guide 0 Comments

Certified Hacking Forensic Investigator (CHFI) issued by EC-Council is a great certification, which is the only comprehensive ANSI accredited, lab-focused program in the market that gives organizations vendor-neutral training in digital forensics. It is highly recommended to register EC-Council CHFI V10 312-49v10 exam and get new EC-Council CHFI certification exam 312-49v10 study guide as your learning materials. 312-49v10 study guide containing 601 practice exam questions and answers help candidates read the Q&As to learn all the exam contents to passs 312-49v10 Computer Hacking Forensic Investigator (CHFI-v10) certification exam successfully. In one word, new 312-49v10 study guide from ITExamShop will help you a whole lot in scoring excellent score in the Computer Hacking Forensic Investigator (CHFI-v10) actual exam.

Check Demo OF EC-Council CHFI 312-49v10 Study Guide By Reading The Following 312-49v10 Free Questions

Page 1 of 4

1. You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour .

Why were these passwords cracked so Quickly?

Passwords of 14 characters or less are broken up into two 7-character hashes

A password Group Policy change takes at least 3 weeks to completely replicate throughout a network

Networks using Active Directory never use SAM databases so the SAM database pulled was empty

The passwords that were cracked are local accounts on the Domain Controller

2. Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information .

Why will this not be viable?

Entrapment

Enticement

Intruding into a honeypot is not illegal

Intruding into a DMZ is not illegal

3. E-mail logs contain which of the following information to help you in your investigation? (Choose four.)

user account that was used to send the account

attachments sent with the e-mail message

unique message identifier

contents of the e-mail message

date and time the message was sent

4. If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

The zombie will not send a response

31402

31399

31401

5. Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document .

What is that code called?

the Microsoft Virtual Machine Identifier

the Personal Application Protocol

the Globally Unique ID

the Individual ASCII String

6. This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

Master Boot Record (MBR)

Master File Table (MFT)

File Allocation Table (FAT)

Disk Operating System (DOS)

7. Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test.

The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable .

What kind of results did Jim receive from his vulnerability analysis?

False negatives

False positives

True negatives

True positives

8. ____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

Network Forensics

Computer Forensics

Incident Response

Event Reaction

9. What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

mcopy

image

MD5

10. Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.

The organization had used a Virtual Environment to trap Bob .

What is a Virtual Environment?

A Honeypot that traps hackers

A system Using Trojaned commands

An environment set up after the user logs in

An environment set up before a user logs in

Page 2 of 4

11. During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence.

This type of evidence is known as:

Inculpatory evidence

Mandatory evidence

Exculpatory evidence

Terrible evidence

12. An Expert witness give an opinion if:

The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

To define the issues of the case for determination by the finder of fact

To stimulate discussion between the consulting expert and the expert witness

To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

13. In the context of file deletion process, which of the following statement holds true?

When files are deleted, the data is overwritten and the cluster marked as available

The longer a disk is in use, the less likely it is that deleted files will be overwritten

While booting, the machine may create temporary files that can delete evidence

Secure delete programs work by completely overwriting the file in one go

14. The use of warning banners helps a company avoid litigation by overcoming an employee assumed __________________________. When connecting to the company's intranet, network or Virtual Private Network (VPN) and will allow the company's investigators to monitor, search and retrieve information stored within the network.

Right to work

Right of free speech

Right to Internet Access

Right of Privacy

15. You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.

You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal:

What have you found?

Web bug

CGI code

Trojan.downloader

Blind bug

16. When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

Passive IDS

Active IDS

Progressive IDS

NIPS

17. Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers.

Bill protects the PDF documents with a password and sends them to their intended recipients.

Why PDF passwords do not offer maximum protection?

PDF passwords can easily be cracked by software brute force tools

PDF passwords are converted to clear text when sent through E-mail

PDF passwords are not considered safe by Sarbanes-Oxley

When sent through E-mail, PDF passwords are stripped from the document completely

18. How many bits is Source Port Number in TCP Header packet?

19. Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and zombies?

What type of Penetration Testing is Larry planning to carry out?

Router Penetration Testing

DoS Penetration Testing

Firewall Penetration Testing

Internal Penetration Testing

20. If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

deltree command

CMOS

Boot.sys

Scandisk utility

Page 3 of 4

21. Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

Linux/Unix computers are easier to compromise

Linux/Unix computers are constantly talking

Windows computers are constantly talking

Windows computers will not respond to idle scans

22. The offset in a hexadecimal code is:

The last byte after the colon

The 0x at the beginning of the code

The 0x at the end of the code

The first byte after the colon

23. What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

ICMP header field

TCP header field

IP header field

UDP header field

24. To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software .

What group is actively providing tools and creating procedures for testing and validating computer forensics software?

Computer Forensics Tools and Validation Committee (CFTVC)

Association of Computer Forensics Software Manufactures (ACFSM)

National Institute of Standards and Technology (NIST)

Society for Valid Forensics Tools and Testing (SVFTT)

25. In a FAT32 system, a 123 KB file will use how many sectors?

26. After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks.

What countermeasures could he take to prevent DDoS attacks?

Enable direct broadcasts

Disable direct broadcasts

Disable BGP

Enable BGP

27. When obtaining a warrant, it is important to:

particularlydescribe the place to be searched and particularly describe the items to be seized

generallydescribe the place to be searched and particularly describe the items to be seized

generallydescribe the place to be searched and generally describe the items to be seized

particularlydescribe the place to be searched and generally describe the items to be seized

28. Kyle is performing the final testing of an application he developed for the accounting department.

His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command .

What is he testing at this point?

#include #include int main(int argc, char

*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s stringn", argv[0]); return 1; }

strcpy(buffer, argv[1]); return 0; }

Buffer overflow

SQL injection

Format string bug

Kernal injection

29. Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing.

The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room .

What type of attack has the technician performed?

Tailgating

Backtrapping

Man trap attack

Fuzzing

30. When you carve an image, recovering the image depends on which of the following skills?

Recognizing the pattern of the header content

Recovering the image from a tape backup

Recognizing the pattern of a corrupt file

Recovering the image from the tape backup

Page 4 of 4

31. You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network .

Why would you want to initiate a DoS attack on a system you are testing?

Show outdated equipment so it can be replaced

List weak points on their network

Use attack as a launching point to penetrate deeper into the network

Demonstrate that no system can be protected against DoS attacks

32. The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

Locard Exchange Principle

Clark Standard

Kelly Policy

Silver-Platter Doctrine

33. You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.

Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive .

How will these forms be stored to help preserve the chain of custody of the case?

All forms should be placed in an approved secure container because they are now primary evidence in the case.

The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.

The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.

All forms should be placed in the report file because they are now primary evidence in the case.

34. How many sectors will a 125 KB file use in a FAT32 file system?

256

35. To preserve digital evidence, an investigator should ____________________.

Make two copies of each evidence item using a single imaging tool

Make a single copy of each evidence item using an approved imaging tool

Make two copies of each evidence item using different imaging tools

Only store the original evidence item

Welcome To Choose Required IT Certification Exams Online

New Certified Hacking Forensic Investigator (CHFI) Exam 312-49v10 Study Guide

Check Demo OF EC-Council CHFI 312-49v10 Study Guide By Reading The Following 312-49v10 Free Questions

Author

Leave a Reply Cancel reply