312-49v11試験無料問題集（1006題）「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) 認定」

出題：1

Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host_id, and local path information?

A. config.db

B. sigstore.db

C. host.db

D. filecache.db

正解：A 解答を投票する

出題：2

Which of the following statements is TRUE with respect to the Registry settings in the user start- up folder HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\.

A. All values in this subkey run when specific user logs on and then the values are deleted

B. All the values in this key are executed at system start-up

C. All the values in this subkey run when specific user logs on, as this setting is user-specific

D. The string specified in the value run executes when user logs on

正解：A 解答を投票する

出題：3

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level. How long will the team have to respond to the incident?

A. One working day

B. Four hours

C. Immediately

D. Two working days

正解：A 解答を投票する

出題：4

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network

A. 32-bit address

B. 24-bit address

C. 48-bit address

D. 16-bit address

正解：C 解答を投票する

出題：5

Which of the following is NOT an anti-forensics technique?

A. Data Deduplication

B. Steganography

C. Encryption

D. Password Protection

正解：A 解答を投票する

出題：6

In Steganalysis, which of the following describes a Known-stego attack?

A. Only the steganography medium is available for analysis

B. Original and stego-object are available and the steganography algorithm is known

C. The hidden message and the corresponding stego-image are known

D. During the communication process, active attackers can change cover

正解：B 解答を投票する

出題：7

Mobile phone forensics is the science of recovering digital evidence from a mobile phone under forensically sound conditions.

A. True

B. False

正解：A 解答を投票する

出題：8

Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?

A. Dynamic

B. Hybrid

C. Static

D. Volatile

正解：B 解答を投票する

出題：9

Brian has the job of analyzing malware for a software security company. Brian has setup a virtual environment that includes virtual machines running various versions of OSes. Additionally, Brian has setup separated virtual networks within this environment The virtual environment does not connect to the company's intranet nor does it connect to the external Internet. With everything setup, Brian now received an executable file from client that has undergone a cyberattack. Brian ran the executable file In the virtual environment to see what it would do. What type of analysis did Brian perform?

A. Static OS analysis

B. Static malware analysis

C. Status malware analysis

D. Dynamic malware analysis

正解：D 解答を投票する

出題：10

Router log files provide detailed Information about the network traffic on the Internet. It gives information about the attacks to and from the networks. The router stores log files in the____________.

A. IDS logs

B. Audit logs

C. Application logs

D. Router cache

正解：D 解答を投票する

出題：11

Steve received a mail that seemed to have come from her bank. The mail has instructions for Steve to click on a link and provide information to avoid the suspension of her account. The link in the mail redirected her to a form asking for details such as name, phone number, date of birth, credit card number or PIN, CW code, SNNs, and email address. On a closer look, Steve realized that the URL of the form in not the same as that of her bank's. Identify the type of external attack performed by the attacker In the above scenario?

A. Espionage

B. Taiigating

C. Brute-force

D. Aphishing

正解：D 解答を投票する

出題：12

During an ongoing cybercrime investigation involving a significant amount of encrypted communication, a Computer Hacking Forensic Investigator (CHFI) believes the suspect's computer holds crucial evidence. However, there's a high chance that the suspect could destroy the evidence before obtaining a warrant. Which action is legally permissible in this circumstance according to the US courts?

A. The investigator can seize the evidence without a warrant but must immediately seek a retroactive warrant

B. The investigator can seize the evidence without a warrant if there's probable cause to believe that the computer holds evidence of the crime

C. The investigator should wait for a warrant regardless of potential evidence destruction

D. The investigator cannot seize the evidence without the suspect's consent, even if there's an imminent risk of evidence destruction

正解：B 解答を投票する

出題：13

An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthorized access, as well as misuse.
Which of the following intrusion detection systems audit events that occur on a specific host?

A. Host-based intrusion detection

B. Network-based intrusion detection

C. File integrity checking

D. Log file monitoring

正解：A 解答を投票する

出題：14

A forensic investigator discovers an Android smartwatch at the crime scene during an investigation. The investigator realizes the smartwatch was potentially involved in the crime, but the device associated with it was not found at the scene. What is the most suitable initial step for the investigator to retrieve meaningful data from the smartwatch?

A. The investigator should immediately turn off the smartwatch to prevent data manipulation

B. The investigator should directly analyze data stored on the smartwatch using IoT forensics tools

C. The investigator should start by understanding the smartwatch's basic framework, including its APIs

D. The investigator should first physically dismantle the smartwatch to access its internal storage

正解：C 解答を投票する

出題：15

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

A. Steganography

B. Rootkit

C. Key escrow

D. Offset

正解：A 解答を投票する

出題：16

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

A. LSASS.EXE

B. NTOSKRNL.EXE

C. NTDETECT.COM

D. NTLDR

正解：A 解答を投票する

出題：17

An Investigator Is checking a Cisco firewall log that reads as follows:
Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to
10.0.0.33 on Interface outside
What does %ASA-1-106021 denote?

A. Type of request

B. Mnemonic message

C. Firewall action

D. Type of traffic

正解：C 解答を投票する

出題：18

Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of ___________.

A. 1024

B. 1020

C. 1023

D. 2023

正解：C 解答を投票する

312-49v11試験無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) 認定」