The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 131
Where does Encase search to recover NTFS files and folders?
A. MBR
B. MFT
C. Slack space
D. HAL
Correct Answer:
B. MFT
Exam Question 132
Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the capacity of the described hard drive?
22,164 cylinders/disk
80 heads/cylinder
63 sectors/track
A. 53.26 GB
B. 57.19 GB
C. 11.17 GB
D. 10 GB
Correct Answer:
A. 53.26 GB
Exam Question 133
Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to prepare an investigative report for the president of the company he has been working for. Travis must submit a hard copy and an electronic copy to this president. In what electronic format should Travis send this report?
A. TIFF-8
B. DOC
C. WPD
D. PDF
Correct Answer:
D. PDF
Exam Question 134
What is the slave device connected to the secondary IDE controller on a Linux OS referred to?
A. hda
B. hdd
C. hdb
D. hdc
Correct Answer:
B. hdd
Exam Question 135
What will the following command accomplish?
dd if=/dev/xxx of=mbr.backup bs=512 count=1
A. Back up the master boot record
B. Restore the master boot record
C. Mount the master boot record on the first partition of the hard drive
D. Restore the first 512 bytes of the first partition of the hard drive
Correct Answer:
A. Back up the master boot record
Exam Question 136
What advantage does the tool Evidor have over the built-in Windows search?
A. It can find deleted files even after they have been physically removed
B. It can find bad sectors on the hard drive
C. It can search slack space
D. It can find files hidden within ADS
Correct Answer:
C. It can search slack space
Exam Question 137
An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level. How long will the team have to respond to the incident?
A. One working day
B. Two working days
C. Immediately
D. Four hours
Correct Answer:
A. One working day
Exam Question 138
What type of attack sends SYN requests to a target system with spoofed IP addresses?
A. SYN flood
B. Ping of death
C. Cross site scripting
D. Land
Correct Answer:
A. SYN flood
Exam Question 139
What is the CIDR from the following screenshot?
What is the CIDR from the following screenshot?
A. /24A./24A./24
B. /32 B./32 B./32
C. /16 C./16 C./16
D. /8D./8D./8
Correct Answer:
D. /8D./8D./8
Exam Question 140
What must be obtained before an investigation is carried out at a location?
A. Search warrant
B. Subpoena
C. Habeas corpus
D. Modus operandi
Correct Answer:
A. Search warrant