312-49試験無料問題集（150題）「EC-COUNCIL Computer Hacking Forensic Investigator 認定」

出題：1

When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to _________

A. Prevent contamination to the evidence drive

B. Automate collection from image files

C. Acquire data from the host-protected area on a disk

D. Avoiding copying data from the boot partition

正解：A 解答を投票する

出題：2

The newer Macintosh Operating System (MacOS X) is based on:

A. Linux

B. OS/2

C. BSD Unix

D. Microsoft Windows

正解：C 解答を投票する

出題：3

When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

A. The computer will be set in a constant reboot state

B. This action can corrupt the disk

C. The wrong partition may be set to active

D. All virtual memory will be deleted

正解：B 解答を投票する

出題：4

When a router receives an update for its routing table, what is the metric value change to that path?

A. Increased by 1

B. Decreased by 2

C. Decreased by 1

D. Increased by 2

正解：A 解答を投票する

出題：5

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

A. The metadata

B. The recycle bin

C. The swapfile

D. The registry

正解：C 解答を投票する

出題：6

George was recently fired from his job as an IT analyst at Pitts and Company in Dallas
Texas. His main duties as an analyst were to support the company Active Directory structure and to create network polices. George now wants to break into the company network by cracking some ofcompany? Active Directory structure and to create network polices. George now wants to break into the company? network by cracking some of the service accounts he knows about. Which password cracking technique should George use in this situation?

A. Brute force attack

B. Syllable attack

C. Dictionary attack

D. Rule-based attack

正解：D 解答を投票する

出題：7

What type of file is represented by a colon (:) with a name following it in the Master File
Table (MFT) of an NTFS disk?

A. Compressed file

B. Reserved file

C. Data stream file

D. Encrypted file

正解：C 解答を投票する

出題：8

You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question wheather evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?

A. Sign a statement attesting that the evidence is the same as it was when it entered the lab

B. Make MD5 hashes of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab

C. Make MD5 hashes of the evidence and compare it to the standard database developed by NIST

D. There is no reason to worry about this possible claim because state labs are certified

正解：B 解答を投票する

出題：9

What binary coding is used most often for e-mail purposes?

A. SMTP

B. Uuencode

C. MIME

D. IMAP

正解：C 解答を投票する

出題：10

Microsoft Outlook maintains email messages in a proprietary format in what type of file?

A. .pst

B. .mail

C. .doc

D. .email

正解：A 解答を投票する

312-49試験無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator 認定」