The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 181
Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host_id, and local path information?
A. host.db
B. sigstore.db
C. config.db
D. filecache.db
Correct Answer:
C. config.db
Exam Question 182
An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?
A. Postmortem Analysis
B. Real-Time Analysis
C. Packet Analysis
D. Malware Analysis
Correct Answer:
A. Postmortem Analysis
Exam Question 183
Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:
A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProfileList
C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegList
D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Regedit
Correct Answer:
A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Exam Question 184
Pagefile.sys is a virtual memory file used to expand the physical memory of a computer. Select the registry path for the page file:
A. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
B. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\System Management
C. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Device Management
D. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters
Correct Answer:
A. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Exam Question 185
The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block?
A. 512 bits
B. 512 bytes
C. 256 bits
D. 256 bytes
Correct Answer:
B. 512 bytes
Exam Question 186
Which of the following technique creates a replica of an evidence media?
A. Data Extraction
B. Backup
C. Bit Stream Imaging
D. Data Deduplication
Correct Answer:
C. Bit Stream Imaging
Exam Question 187
Which among the following search warrants allows the first responder to get the victim’s computer information such as service records, billing records, and subscriber information from the service provider?
A. Citizen Informant Search Warrant
B. Electronic Storage Device Search Warrant
C. John Doe Search Warrant
D. Service Provider Search Warrant
Correct Answer:
B. Electronic Storage Device Search Warrant
Exam Question 188
Casey has acquired data from a hard disk in an open source acquisition format that allows her to generate compressed or uncompressed image files. What format did she use?
A. Portable Document Format
B. Advanced Forensics Format (AFF)
C. Proprietary Format
D. Raw Format
Correct Answer:
B. Advanced Forensics Format (AFF)
Exam Question 189
Which of the following tool creates a bit-by-bit image of an evidence media?
A. Recuva
B. FileMerlin
C. AccessData FTK Imager
D. Xplico
Correct Answer:
C. AccessData FTK Imager
Exam Question 190
Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?
A. Portable Document Format
B. MS-office Word Document
C. MS-office Word OneNote
D. MS-office Word PowerPoint
Correct Answer:
A. Portable Document Format