The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 211
Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?
A. netstat – r
B. netstat – ano
C. netstat – b
D. netstat – s
Correct Answer:
B. netstat – ano
Exam Question 212
Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to analyze the DBX files?
A. Microsoft Outlook
B. Eudora
C. Mozilla Thunderbird
D. Microsoft Outlook Express
Correct Answer:
D. Microsoft Outlook Express
Exam Question 213
Which network attack is described by the following statement? “At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries.”
A. Man-in-the-Middle Attack
B. Sniffer Attack
C. Buffer Overflow
D. DDoS
Correct Answer:
D. DDoS
Exam Question 214
To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong?
A. Post-investigation Phase
B. Reporting Phase
C. Pre-investigation Phase
D. Investigation Phase
Correct Answer:
C. Pre-investigation Phase
Exam Question 215
Which tool does the investigator use to extract artifacts left by Google Drive on the system?
A. PEBrowse Professional
B. RegScanner
C. RAM Capturer
D. Dependency Walker
Correct Answer:
C. RAM Capturer
Exam Question 216
BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains a header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?
A. Information header
B. Image data
C. The RGBQUAD array
D. Header
Correct Answer:
A. Information header
Exam Question 217
Identify the file system that uses $BitMap file to keep track of all used and unused clusters on a volume.
A. NTFS
B. FAT
C. EXT
D. FAT32
Correct Answer:
A. NTFS
Exam Question 218
Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?
A. OpenGL/ES and SGL
B. Surface Manager
C. Media framework
D. WebKit
Correct Answer:
A. OpenGL/ES and SGL
Exam Question 219
You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which among the following MySQL Utilities allow you to do so?
A. mysqldump
B. myisamaccess
C. myisamlog
D. myisamchk
Correct Answer:
C. myisamlog
Exam Question 220
Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID “WIN-ABCDE12345F.” Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?
A. WIN-ABCDE12345F.err
B. WIN-ABCDE12345F-bin.n
C. WIN-ABCDE12345F.pid
D. WIN-ABCDE12345F.log
Correct Answer:
D. WIN-ABCDE12345F.log