The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 161
When operating systems mark a cluster as used but not allocated, the cluster is considered as _________
A. Corrupt
B. Bad
C. Lost
D. Unallocated
Correct Answer:
C. Lost
Exam Question 162
While looking through the IIS log file of a web server, you find the following entries:
While looking through the IIS log file of a web server, you find the following entries
What is evident from this log file?
A. Web bugs
B. Cross site scripting
C. Hidden fields
D. SQL injection is possible
Correct Answer:
D. SQL injection is possible
Exam Question 163
Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.
Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.
From the log, the investigator can see where the person in question went on the Internet. From the log, it appears that the user was manually typing in different user ID numbers. What technique this user was trying?
A. Parameter tampering
B. Cross site scripting
C. SQL injection
D. Cookie Poisoning
Correct Answer:
A. Parameter tampering
Exam Question 164
Harold is finishing up a report on a case of network intrusion, corporate spying, and embezzlement that he has been working on for over six months. He is trying to find the right term to use in his report to describe network-enabled spying. What term should Harold use?
A. Spycrack
B. Spynet
C. Netspionage
D. Hackspionage
Correct Answer:
C. Netspionage
Exam Question 165
What is considered a grant of a property right given to an individual who discovers or invents a new machine, process, useful composition of matter or manufacture?
A. Copyright
B. Design patent
C. Trademark
D. Utility patent
Correct Answer:
D. Utility patent
Exam Question 166
Where is the startup configuration located on a router?
A. Static RAM
B. BootROM
C. NVRAM
D. Dynamic RAM
Correct Answer:
C. NVRAM
Exam Question 167
While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?
A. The files have been marked as hidden
B. The files have been marked for deletion
C. The files are corrupt and cannot be recovered
D. The files have been marked as read-only
Correct Answer:
B. The files have been marked for deletion
Exam Question 168
What stage of the incident handling process involves reporting events?
A. Containment
B. Follow-up
C. Identification
D. Recovery
Correct Answer:
C. Identification
Exam Question 169
When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?
A. RIM Messaging center
B. Blackberry Enterprise server
C. Microsoft Exchange server
D. Blackberry desktop redirector
Correct Answer:
C. Microsoft Exchange server
Exam Question 170
What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?
A. Fraggle
B. Smurf scan
C. SYN flood
D. Teardrop
Correct Answer:
A. Fraggle