The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 121
What type of equipment would a forensics investigator store in a StrongHold bag?
A. PDAPDA?
B. Backup tapes
C. Hard drives
D. Wireless cards
Correct Answer:
D. Wireless cards
Exam Question 122
If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?
A. Lossful compression
B. Lossy compression
C. Lossless compression
D. Time-loss compression
Correct Answer:
B. Lossy compression
Exam Question 123
When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?
A. All virtual memory will be deleted
B. The wrong partition may be set to active
C. This action can corrupt the disk
D. The computer will be set in a constant reboot state
Correct Answer:
C. This action can corrupt the disk
Exam Question 124
What is one method of bypassing a system BIOS password?
A. Removing the processor
B. Removing the CMOS battery
C. Remove all the system memory
D. Login to Windows and disable the BIOS password
Correct Answer:
B. Removing the CMOS battery
Exam Question 125
What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?
A. Every byte of the file(s) is given an MD5 hash to match against a master file
B. Every byte of the file(s) is verified using 32-bit CRC
C. Every byte of the file(s) is copied to three different hard drives
D. Every byte of the file(s) is encrypted using three different methods
Correct Answer:
B. Every byte of the file(s) is verified using 32-bit CRC
Exam Question 126
A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?
A. Searching for evidence themselves would not have any ill effects
B. Searching could possibly crash the machine or device
C. Searching creates cache files, which would hinder the investigation
D. Searching can change date/time stamps
Correct Answer:
D. Searching can change date/time stamps
Exam Question 127
In the following directory listing:
Which file should be used to restore archived email messages for someone using Microsoft Outlook?
Which file should be used to restore archived email messages for someone using Microsoft Outlook?
A. Outlook bak
B. Outlook ost
C. Outlook NK2
D. Outlook pst
Correct Answer:
D. Outlook pst
Exam Question 128
Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused.
In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case?
A. Grill cipher
B. Null cipher
C. Text semagram
D. Visual semagram
Correct Answer:
A. Grill cipher
Exam Question 129
When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?
A. Proxify.net
B. Dnsstuff.com
C. Samspade.org
D. Archive.org
Correct Answer:
D. Archive.org
Exam Question 130
Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?
A. Typography
B. Steganalysis
C. Picture encoding
D. Steganography
Correct Answer:
D. Steganography