EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 Exam Questions and Answers – Page 3

The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.

Exam Question 201

Which of the following tool enables a user to reset his/her lost admin password in a Windows system?

A. Advanced Office Password Recovery
B. Active@ Password Changer
C. Smartkey Password Recovery Bundle Standard
D. Passware Kit Forensic

Correct Answer:
B. Active@ Password Changer

Exam Question 202

Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?

A. Accunetix
B. Nikto
C. Snort
D. Kismet

Correct Answer:
C. Snort

Exam Question 203

In Steganalysis, which of the following describes a Known-stego attack?

A. The hidden message and the corresponding stego-image are known
B. During the communication process, active attackers can change cover
C. Original and stego-object are available and the steganography algorithm is known
D. Only the steganography medium is available for analysis

Correct Answer:
C. Original and stego-object are available and the steganography algorithm is known

Exam Question 204

Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?

A. filecache.db
B. config.db
C. sigstore.db
D. Sync_config.db

Correct Answer:
D. Sync_config.db

Exam Question 205

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

A. Volume Boot Record
B. Master Boot Record
C. GUID Partition Table
D. Master File Table

Correct Answer:
D. Master File Table

Exam Question 206

Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?

A. gif
B. bmp
C. jpeg
D. png

Correct Answer:
C. jpeg

Exam Question 207

Jacky encrypts her documents using a password. It is known that she uses her daughter’s year of birth as part of the password. Which password cracking technique would be optimal to crack her password?

A. Rule-based attack
B. Brute force attack
C. Syllable attack
D. Hybrid attack

Correct Answer:
A. Rule-based attack

Exam Question 208

NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:

A. FAT does not index files
B. NTFS is a journaling file system
C. NTFS has lower cluster size space
D. FAT is an older and inefficient file system

Correct Answer:
C. NTFS has lower cluster size space

Exam Question 209

How will you categorize a cybercrime that took place within a CSP’s cloud environment?

A. Cloud as a Subject
B. Cloud as a Tool
C. Cloud as an Audit
D. Cloud as an Object

Correct Answer:
D. Cloud as an Object

Exam Question 210

The process of restarting a computer that is already turned on through the operating system is called?

A. Warm boot
B. Ice boot
C. Hot Boot
D. Cold boot

Correct Answer:
A. Warm boot