Eccouncil 312-49v10 practice test

Computer Hacking Forensic Investigator (CHFI-v10) Exam

Last exam update: Nov 23 ,2023
Page 1 out of 40
Viewing questions 1-15 out of 601

Question 1

Which program uses different techniques to conceal a malware's code, thereby making it difficult for
security mechanisms to detect or remove it?

  • A. Dropper
  • B. Packer
  • C. Injector
  • D. Obfuscator
Answer:

D

Discussions
0 / 1000

Question 2

Which of these rootkit detection techniques function by comparing a snapshot of the file system,
boot records, or memory with a known and trusted baseline?

  • A. Signature-Based Detection
  • B. Integrity-Based Detection
  • C. Cross View-Based Detection
  • D. Heuristic/Behavior-Based Detection
Answer:

B

Discussions
0 / 1000

Question 3

Which forensic investigation methodology believes that criminals commit crimes solely to benefit
their criminal enterprises?

  • A. Scientific Working Group on Digital Evidence
  • B. Daubert Standard
  • C. Enterprise Theory of Investigation
  • D. Fyre Standard
Answer:

C

Discussions
0 / 1000

Question 4

Which of the following Linux command searches through the current processes and lists the process
IDs those match the selection criteria to stdout?

  • A. pstree
  • B. pgrep
  • C. ps
  • D. grep
Answer:

B

Discussions
0 / 1000

Question 5

Which of these ISO standards define the file system for optical storage media, such as CD-ROM and
DVD-ROM?

  • A. ISO 9660
  • B. ISO 13346
  • C. ISO 9960
  • D. ISO 13490
Answer:

A

Discussions
0 / 1000

Question 6

In Linux OS, different log files hold different information, which help the investigators to analyze
various issues during a security incident. What information can the investigators obtain from the log
file
var/log/dmesg?

  • A. Kernel ring buffer information
  • B. All mail server message logs
  • C. Global system messages
  • D. Debugging log messages
Answer:

A

Discussions
0 / 1000

Question 7

What is the location of a Protective MBR in a GPT disk layout?

  • A. Logical Block Address (LBA) 2
  • B. Logical Block Address (LBA) 0
  • C. Logical Block Address (LBA) 1
  • D. Logical Block Address (LBA) 3
Answer:

C

Discussions
0 / 1000

Question 8

Smith is an IT technician that has been appointed to his company's network vulnerability assessment
team. He is the only IT employee on the team. The other team members include employees from
Accounting, Management, Shipping, and Marketing. Smith and the team members are having their
first meeting to discuss how they will proceed. What is the first step they should do to create the
network
vulnerability assessment plan?

  • A. Their first step is to make a hypothesis of what their final findings will be.
  • B. Their first step is to create an initial Executive report to show the management team.
  • C. Their first step is to analyze the data they have currently gathered from the company or interviews.
  • D. Their first step is the acquisition of required documents, reviewing of security policies and compliance.
Answer:

D

Discussions
0 / 1000

Question 9

What does Locard's Exchange Principle state?

  • A. Any information of probative value that is either stored or transmitted in a digital form
  • B. Digital evidence must have some characteristics to be disclosed in the court of law
  • C. Anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave
  • D. Forensic investigators face many challenges during forensics investigation of a digital crime, such as extracting, preserving, and analyzing the digital evidence
Answer:

C

Discussions
0 / 1000

Question 10

Which among the following web application threats is resulted when developers expose various
internal implementation objects, such as files, directories, database records, or key-through
references?

  • A. Remote File Inclusion
  • B. Cross Site Scripting
  • C. Insecure Direct Object References
  • D. Cross Site Request Forgery
Answer:

C

Discussions
0 / 1000

Question 11

Which of the following components within the android architecture stack take care of displaying
windows owned by different applications?

  • A. Media Framework
  • B. Surface Manager
  • C. Resource Manager
  • D. Application Framework
Answer:

D

Discussions
0 / 1000

Question 12

James, a hacker, identifies a vulnerability in a website. To exploit the vulnerability, he visits the login
page and notes down the session ID that is created. He appends this session ID to the login URL and
shares the link with a victim. Once the victim logs into the website using the shared URL, James
reloads the webpage (containing the URL with the session ID appended) and now, he can browse the
active session of the victim. Which attack did James successfully execute?

  • A. Cross Site Request Forgery
  • B. Cookie Tampering
  • C. Parameter Tampering
  • D. Session Fixation Attack
Answer:

D

Discussions
0 / 1000

Question 13

POP3 is an Internet protocol, which is used to retrieve emails from a mail server. Through which port
does an email client connect with a POP3 server?

  • A. 110
  • B. 143
  • C. 25
  • D. 993
Answer:

A

Discussions
0 / 1000

Question 14

In which cloud crime do attackers try to compromise the security of the cloud environment in order
to steal data or inject a malware?

  • A. Cloud as an Object
  • B. Cloud as a Tool
  • C. Cloud as an Application
  • D. Cloud as a Subject
Answer:

D

Discussions
0 / 1000

Question 15

Checkpoint Firewall logs can be viewed through a Check Point Log viewer that uses icons and colors
in the log table to represent different security events and their severity. What does the icon in the
checkpoint logs represent?

  • A. The firewall rejected a connection
  • B. A virus was detected in an email
  • C. The firewall dropped a connection
  • D. An email was marked as potential spam
Answer:

C

Discussions
0 / 1000
To page 2