The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 Exam Questions and Answers
Exam Question 201
Which of the following tool enables a user to reset his/her lost admin password in a Windows system?
A. Advanced Office Password Recovery
B. Active@ Password Changer
C. Smartkey Password Recovery Bundle Standard
D. Passware Kit Forensic
Correct Answer:
B. Active@ Password Changer
Exam Question 202
Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?
A. Accunetix
B. Nikto
C. Snort
D. Kismet
Correct Answer:
C. Snort
Exam Question 203
In Steganalysis, which of the following describes a Known-stego attack?
A. The hidden message and the corresponding stego-image are known
B. During the communication process, active attackers can change cover
C. Original and stego-object are available and the steganography algorithm is known
D. Only the steganography medium is available for analysis
Correct Answer:
C. Original and stego-object are available and the steganography algorithm is known
Exam Question 204
Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?
A. filecache.db
B. config.db
C. sigstore.db
D. Sync_config.db
Correct Answer:
D. Sync_config.db
Exam Question 205
Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?
A. Volume Boot Record
B. Master Boot Record
C. GUID Partition Table
D. Master File Table
Correct Answer:
D. Master File Table
Exam Question 206
Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?
A. gif
B. bmp
C. jpeg
D. png
Correct Answer:
C. jpeg
Exam Question 207
Jacky encrypts her documents using a password. It is known that she uses her daughter’s year of birth as part of the password. Which password cracking technique would be optimal to crack her password?
A. Rule-based attack
B. Brute force attack
C. Syllable attack
D. Hybrid attack
Correct Answer:
A. Rule-based attack
Exam Question 208
NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:
A. FAT does not index files
B. NTFS is a journaling file system
C. NTFS has lower cluster size space
D. FAT is an older and inefficient file system
Correct Answer:
C. NTFS has lower cluster size space
Exam Question 209
How will you categorize a cybercrime that took place within a CSP’s cloud environment?
A. Cloud as a Subject
B. Cloud as a Tool
C. Cloud as an Audit
D. Cloud as an Object
Correct Answer:
D. Cloud as an Object
Exam Question 210
The process of restarting a computer that is already turned on through the operating system is called?
A. Warm boot
B. Ice boot
C. Hot Boot
D. Cold boot
Correct Answer:
A. Warm boot