Exam Code: 312-49v10 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Computer Hacking Forensic Investigator (CHFI-v10)
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-49v10 Exam.

Free demo questions for EC-Council 312-49v10 Exam Dumps Below:

NEW QUESTION 1

Brian needs to acquire data from RAID storage. Which of the following acquisition methods is recommended to retrieve only the data relevant to the investigation?

  • A. Static Acquisition
  • B. Sparse or Logical Acquisition
  • C. Bit-stream disk-to-disk Acquisition
  • D. Bit-by-bit Acquisition

Answer: B

NEW QUESTION 2

A cybercriminal is attempting to remove evidence from a Windows computer. He deletes the file evldence1.doc. sending it to Windows Recycle Bin. The cybercriminal then empties the Recycle Bin. After having been removed from the Recycle Bin. what will happen to the data?

  • A. The data will remain in its original clusters until it is overwritten
  • B. The data will be moved to new clusters in unallocated space
  • C. The data will become corrupted, making it unrecoverable
  • D. The data will be overwritten with zeroes

Answer: A

NEW QUESTION 3

What malware analysis operation can the investigator perform using the jv16 tool?

  • A. Files and Folder Monitor
  • B. Installation Monitor
  • C. Network Traffic Monitoring/Analysis
  • D. Registry Analysis/Monitoring

Answer: D

NEW QUESTION 4

A packet is sent to a router that does not have the packet destination address in its route table. How will the packet get to its proper destination?

  • A. Root Internet servers
  • B. Border Gateway Protocol
  • C. Gateway of last resort
  • D. Reverse DNS

Answer: C

NEW QUESTION 5

Harold is finishing up a report on a case of network intrusion, corporate spying, and embezzlement that he has been working on for over six months. He is trying to find the right term to use in his report to describe network-enabled spying. What term should Harold use?

  • A. Spycrack
  • B. Spynet
  • C. Netspionage
  • D. Hackspionage

Answer: C

NEW QUESTION 6

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation?

  • A. Image the disk and try to recover deleted files
  • B. Seek the help of co-workers who are eye-witnesses
  • C. Check the Windows registry for connection data (you may or may not recover)
  • D. Approach the websites for evidence

Answer: A

NEW QUESTION 7

What is the first step taken in an investigation for laboratory forensic staff members?

  • A. Packaging the electronic evidence
  • B. Securing and evaluating the electronic crime scene
  • C. Conducting preliminary interviews
  • D. Transporting the electronic evidence

Answer: B

NEW QUESTION 8

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

  • A. mcopy
  • B. image
  • C. MD5
  • D. dd

Answer: D

NEW QUESTION 9

What is the following command trying to accomplish?

  • A. Verify that UDP port 445 is open for the 192.168.0.0 network
  • B. Verify that TCP port 445 is open for the 192.168.0.0 network
  • C. Verify that NETBIOS is running for the 192.168.0.0 network
  • D. Verify that UDP port 445 is closed for the 192.168.0.0 network

Answer: A

NEW QUESTION 10

What technique is used by JPEGs for compression?

  • A. TIFF-8
  • B. ZIP
  • C. DCT
  • D. TCD

Answer: C

NEW QUESTION 11

An investigator seized a notebook device installed with a Microsoft Windows OS. Which type of files would support an investigation of the data size and structure in the device?

  • A. Ext2 and Ext4
  • B. APFSandHFS
  • C. HFS and GNUC
  • D. NTFSandFAT

Answer: D

NEW QUESTION 12

Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the capacity of the described hard drive?
22,164 cylinders/disk
80 heads/cylinder
63 sectors/track

  • A. 53.26 GB
  • B. 57.19 GB
  • C. 11.17 GB
  • D. 10 GB

Answer: A

NEW QUESTION 13

Which among the following acts has been passed by the U.S. Congress to protect investors from the possibility of fraudulent accounting activities by corporations?

  • A. Federal Information Security Management act of 2002
  • B. Gramm-Leach-Bliley act
  • C. Health insurance Probability and Accountability act of 1996
  • D. Sarbanes-Oxley act of 2002

Answer: D

NEW QUESTION 14

What does the Rule 101 of Federal Rules of Evidence states?

  • A. Scope of the Rules, where they can be applied
  • B. Purpose of the Rules
  • C. Limited Admissibility of the Evidence
  • D. Rulings on Evidence

Answer: A

NEW QUESTION 15

Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?

  • A. Sparse File
  • B. Master File Table
  • C. Meta Block Group
  • D. Slack Space

Answer: B

NEW QUESTION 16

allows a forensic investigator to identify the missing links during investigation.

  • A. Evidence preservation
  • B. Chain of custody
  • C. Evidence reconstruction
  • D. Exhibit numbering

Answer: C

NEW QUESTION 17
......

Recommend!! Get the Full 312-49v10 dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/312-49v10-exam-dumps.html (New 701 Q&As Version)