The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 151
Julie is a college student majoring in Information Systems and Computer Science. She is currently writing an essay for her computer crimes class. Julie paper focuses on white-collar crimes in America and how forensics investigators investigate the cases. Julie would like to focus the subject. Julie would like to focus the subject of the essay on the most common type of crime found in corporate America. What crime should Julie focus on?
A. Physical theft
B. Copyright infringement
C. Industrial espionage
D. Denial of Service attacks
Correct Answer:
C. Industrial espionage
Exam Question 152
You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?
A. Network
B. Transport
C. Data Link
D. Session
Correct Answer:
A. Network
Exam Question 153
Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?
A. Network
B. Transport
C. Physical
D. Data Link
Correct Answer:
C. Physical
Exam Question 154
Which program is the bootloader when Windows XP starts up?
A. KERNEL.EXE
B. NTLDR
C. LOADER
D. LILO
Correct Answer:
B. NTLDR
Exam Question 155
What will the following command accomplish in Linux?
fdisk /dev/hda
A. Partition the hard drive
B. Format the hard drive
C. Delete all files under the /dev/hda folder
D. Fill the disk with zeros
Correct Answer:
A. Partition the hard drive
Exam Question 156
In the following email header, where did the email first originate from?
In the following email header, where did the email first originate from?
A. Somedomain.com
B. Smtp1.somedomain.com
C. Simon1.state.ok.gov.us
D. David1.state.ok.gov.us
Correct Answer:
C. Simon1.state.ok.gov.us
Exam Question 157
A computer forensics investigator is inspecting the firewall logs for a large financial institution that has employees working 24 hours a day, 7 days a week.
A computer forensics investigator is inspecting the firewall logs for a large financial institution that has employees working 24 hours a day, 7 days a week.
What can the investigator infer from the screenshot seen below?
A. A smurf attack has been attempted
B. A denial of service has been attempted
C. Network intrusion has occurred
D. Buffer overflow attempt on the firewall.
Correct Answer:
C. Network intrusion has occurred
Exam Question 158
This type of testimony is presented by someone who does the actual fieldwork and does not offer a view in court.
A. Civil litigation testimony
B. Expert testimony
C. Victim advocate testimony
D. Technical testimony
Correct Answer:
D. Technical testimony
Exam Question 159
When is it appropriate to use computer forensics?
A. If copyright and intellectual property theft/misuse has occurred
B. If employees do not care for their boss management techniques
C. If sales drop off for no apparent reason for an extended period of time
D. If a financial institution is burglarized by robbers
Correct Answer:
A. If copyright and intellectual property theft/misuse has occurred
Exam Question 160
What will the following Linux command accomplish?
dd if=/dev/mem of=/home/sam/mem.bin bs=1024
A. Copy the master boot record to a file
B. Copy the contents of the system folder to a file
C. Copy the running memory to a file
D. Copy the memory dump file to an image file
Correct Answer:
C. Copy the running memory to a file