CHFI v10 312-49v10 Dumps Full Questions with Free PDF Questions to Pass [Q215-Q236]

CHFI v10 312-49v10 Dumps Full Questions with Free PDF Questions to Pass

100% Updated EC-COUNCIL 312-49v10 Enterprise PDF Dumps

EC-COUNCIL 312-49v10 Exam Syllabus Topics:

Topic	Details
Topic 1	Database Forensics Network Forensics Windows Forensics
Topic 2	Data Acquisition and Duplication Linux and Mac Forensics
Topic 3	Defeating Anti-Forensics Techniques Malware Forensics

 

NEW QUESTION 215
When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

• A. The computer will be set in a constant reboot state
• B. The wrong partition may be set to active
• C. All virtual memory will be deleted
• D. This action can corrupt the disk

Answer: D

 

NEW QUESTION 216
Which of the following is a device monitoring tool?

• A. Capsa
• B. Driver Detective
• C. RAM Capturer
• D. Regshot

Answer: A

 

NEW QUESTION 217
Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

• A. Data collection
• B. First response
• C. Secure the evidence
• D. Data analysis

Answer: B

 

NEW QUESTION 218
Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?

• A. Author of the report
• B. Incident summary
• C. Purpose of the report
• D. Speculation or opinion as to the cause of the incident

Answer: D

 

NEW QUESTION 219
When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called "INFO2" in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________.

• A. Reboot Windows
• B. Download the file from Microsoft website
• C. Undo the last action performed on the system
• D. Use a recovery tool to undelete the file

Answer: C

 

NEW QUESTION 220
You should make at least how many bit-stream copies of a suspect drive?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: A

 

NEW QUESTION 221
Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?

• A. Both Civil and Criminal Investigations
• B. Civil Investigation
• C. Criminal Investigation
• D. Administrative Investigation

Answer: D

 

NEW QUESTION 222
Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?

• A. Firewall
• B. SIEM
• C. IDS
• D. Domain Controller

Answer: B

 

NEW QUESTION 223
After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts respond to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

• A. A switched network will not respond to packets sent to the broadcast address
• B. Only IBM AS/400 will reply to this scan
• C. Only Unix and Unix-like systems will reply to this scan
• D. Only Windows systems will reply to this scan

Answer: C

 

NEW QUESTION 224
An investigator is analyzing a checkpoint firewall log and comes across symbols. What type of log is he looking at?

• A. Connection rejected
• B. Malicious URL detected
• C. An email marked as potential spam
• D. Security event was monitored but not stopped

Answer: C

 

NEW QUESTION 225
What is the name of the first reserved sector in File allocation table?

• A. Volume Boot Record
• B. Partition Boot Sector
• C. Master Boot Record
• D. BIOS Parameter Block

Answer: C

 

NEW QUESTION 226
What will the following command accomplish?

• A. Test the ability of a router to handle under-sized packets
• B. Test the ability of a WLAN to handle fragmented packets
• C. Test the ability of a router to handle fragmented packets
• D. Test ability of a router to handle over-sized packets

Answer: D

 

NEW QUESTION 227
Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

• A. host-based IDS systems (HIDS)
• B. network-based IDS systems (NIDS)
• C. anomaly detection
• D. signature recognition

Answer: A

 

NEW QUESTION 228
What will the following command accomplish in Linux?
fdisk /dev/hda

• A. Delete all files under the /dev/hda folder
• B. Fill the disk with zeros
• C. Format the hard drive
• D. Partition the hard drive

Answer: D

 

NEW QUESTION 229
On Linux/Unix based Web servers, what privilege should the daemon service be run under?

• A. Something other than root
• B. Root
• C. Guest
• D. You cannot determine what privilege runs the daemon service

Answer: A

 

NEW QUESTION 230
Select the tool appropriate for examining the dynamically linked libraries of an application or malware.

• A. DependencyWalker
• B. ResourcesExtract
• C. PEiD
• D. SysAnalyzer

Answer: A

 

NEW QUESTION 231
In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?

• A. Known-stego attack
• B. Known-cover attack
• C. Chosen-message attack
• D. Known-message attack

Answer: C

 

NEW QUESTION 232
While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

• A. The files have been marked for deletion
• B. The files are corrupt and cannot be recovered
• C. The files have been marked as read-only
• D. The files have been marked as hidden

Answer: A

 

NEW QUESTION 233
What does Locard's Exchange Principle state?

• A. Forensic investigators face many challenges during forensics investigation of a digital crime, such as extracting, preserving, and analyzing the digital evidence
• B. Any information of probative value that is either stored or transmitted in a digital form
• C. Digital evidence must have some characteristics to be disclosed in the court of law
• D. Anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave

Answer: D

 

NEW QUESTION 234
An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level. How long will the team have to respond to the incident?

• A. Two working days
• B. Immediately
• C. One working day
• D. Four hours

Answer: C

 

NEW QUESTION 235
Which among the following files provides email header information in the Microsoft Exchange server?

• A. PRIV.STM
• B. PRIV.EDB
• C. PUB.EDB
• D. gwcheck.db

Answer: B

 

NEW QUESTION 236
......

Use Valid Exam 312-49v10 by Actual4Exams Books For Free Website: https://www.actual4exams.com/312-49v10-valid-dump.html

Free CHFI v10 312-49v10 Official Cert Guide PDF Download: https://drive.google.com/open?id=1X0aXW7GTfxsifKrZTD-myRpzcMwNBCH9