312-49試験無料問題集（150題）「EC-COUNCIL Computer Hacking Forensic Investigator 認定」

出題：1

What technique is used by JPEGs for compression?

A. TIFF-8

B. ZIP

C. DCT

D. TCD

正解：C 解答を投票する

出題：2

Where does Encase search to recover NTFS files and folders?

A. MFT

B. MBR

C. HAL

D. Slack space

正解：A 解答を投票する

出題：3

What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

A. Every byte of the file(s) is given an MD5 hash to match against a master file

B. Every byte of the file(s) is encrypted using three different methods

C. Every byte of the file(s) is verified using 32-bit CRC

D. Every byte of the file(s) is copied to three different hard drives

正解：C 解答を投票する

出題：4

A computer forensics investigator is inspecting the firewall logs for a large financial institution that has employees working 24 hours a day, 7 days a week.

What can the investigator infer from the screenshot seen below?

A. Buffer overflow attempt on the firewall.

B. A smurf attack has been attempted

C. A denial of service has been attempted

D. Network intrusion has occurred

正解：D 解答を投票する

出題：5

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as ow level? How long will the team have to respond to the incident?the investigation, the CEO informs them that the incident will be classified as ?ow level? How long will the team have to respond to the incident?

A. One working day

B. Four hours

C. Immediately

D. Two working days

正解：A 解答を投票する

出題：6

You are called in to assist the police in an investigation involving a suspected drug dealer.
The police searched the suspect house after aYou are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect? house after a warrant was obtained and they located a floppy disk in the suspect bedroom. The disk contains several files, but they appear to be passwordwarrant was obtained and they located a floppy disk in the suspect? bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you could use to obtain the password?

A. Maximum force and thesaurus attack

B. Minimum force and appendix attack

C. Brute force and dictionary attack

D. Limited force and library attack

正解：C 解答を投票する

出題：7

Why is it still possible to recover files that have been emptied from the Recycle Bin on a
Windows computer?

A. The data will reside in the L2 cache on a Windows computer until it is manually deleted

B. The data is moved to the Restore directory and is kept there indefinitely

C. It is not possible to recover data that has been emptied from the Recycle Bin

D. The data is still present until the original location of the file is used

正解：D 解答を投票する

出題：8

When investigating a computer forensics case where Microsoft Exchange and Blackberry
Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?

A. Blackberry desktop redirector

B. Microsoft Exchange server

C. Blackberry Enterprise server

D. RIM Messaging center

正解：B 解答を投票する

出題：9

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

A. Chain of custody

B. Law of probability

C. Policy of separation

D. Rules of evidence

正解：A 解答を投票する

出題：10

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

A. Fill the disk with zeros

B. Copy files from the master disk to the slave disk on the secondary IDE controller

C. Fill the disk with 4096 zeros

D. Low-level format

正解：A 解答を投票する

312-49試験無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator 認定」