312-49試験無料問題集（150題）「EC-COUNCIL Computer Hacking Forensic Investigator 認定」

出題：1

What advantage does the tool Evidor have over the built-in Windows search?

A. It can find files hidden within ADS

B. It can search slack space

C. It can find deleted files even after they have been physically removed

D. It can find bad sectors on the hard drive

正解：B 解答を投票する

出題：2

In the following email header, where did the email first originate from?

A. Simon1.state.ok.gov.us

B. Smtp1.somedomain.com

C. Somedomain.com

D. David1.state.ok.gov.us

正解：A 解答を投票する

出題：3

When cataloging digital evidence, the primary goal is to

A. Not remove the evidence from the scene

B. Make bit-stream images of all hard drives

C. Not allow the computer to be turned off

D. Preserve evidence integrity

正解：D 解答を投票する

出題：4

When operating systems mark a cluster as used but not allocated, the cluster is considered as _________

A. Lost

B. Corrupt

C. Unallocated

D. Bad

正解：A 解答を投票する

出題：5

What must be obtained before an investigation is carried out at a location?

A. Subpoena

B. Modus operandi

C. Search warrant

D. Habeas corpus

正解：C 解答を投票する

出題：6

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

A. Lossful compression

B. Time-loss compression

C. Lossless compression

D. Lossy compression

正解：D 解答を投票する

出題：7

With regard to using an antivirus scanner during a computer forensics investigation, you should:

A. Never run a scan on your forensics workstation because it could change your system configurationNever run a scan on your forensics workstation because it could change your system? configuration

B. Scan the suspect hard drive before beginning an investigation

C. Scan your forensics workstation before beginning an investigation

D. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation

正解：C 解答を投票する

出題：8

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

A. Password.conf

B. AMS

C. SAM

D. Shadow file

正解：C 解答を投票する

出題：9

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation? Choose the most feasible option.

A. Check the Windows registry for connection data (You may or may not recover)

B. Seek the help of co-workers who are eye-witnesses

C. Approach the websites for evidence

D. Image the disk and try to recover deleted files

正解：D 解答を投票する

出題：10

How many times can data be written to a DVD+R disk?

A. Twice

B. Once

C. Zero

D. Infinite

正解：B 解答を投票する

312-49試験無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator 認定」