The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 221
Which of the following is NOT a physical evidence?
A. Removable media
B. Cables
C. Image file on a hard disk
D. Publications
Correct Answer:
C. Image file on a hard disk
Exam Question 222
During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?
A. Coordinated Universal Time
B. Universal Computer Time
C. Universal Time for Computers
D. Correlated Universal Time
Correct Answer:
A. Coordinated Universal Time
Exam Question 223
Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.
A. Adjacent memory locations
B. Adjacent bit blocks
C. Adjacent buffer locations
D. Adjacent string locations
Correct Answer:
A. Adjacent memory locations
Exam Question 224
Which of the following is a part of a Solid-State Drive (SSD)?
A. Head
B. Cylinder
C. NAND-based flash memory
D. Spindle
Correct Answer:
C. NAND-based flash memory
Exam Question 225
Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses’ testimony during federal legal proceedings?
A. SWGDE & SWGIT
B. IOCE
C. Frye
D. Daubert
Correct Answer:
D. Daubert
Exam Question 226
Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?
A. ISO 9660
B. ISO/IEC 13940
C. ISO 9060
D. IEC 3490
Correct Answer:
A. ISO 9660
Exam Question 227
What value of the “Boot Record Signature” is used to indicate that the boot-loader exists?
A. AA55
B. 00AA
C. AA00
D. A100
Correct Answer:
A. AA55
Exam Question 228
Which of the following is a MAC-based File Recovery Tool?
A. VirtualLab
B. GetDataBack
C. Cisdem DataRecovery 3
D. Smart Undeleter
Correct Answer:
C. Cisdem DataRecovery 3
Exam Question 229
Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the organization’s DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry keys will Smith check to find the above information?
A. TypedURLs key
B. MountedDevices key
C. UserAssist Key
D. RunMRU key
Correct Answer:
D. RunMRU key
Exam Question 230
Rusty, a computer forensics apprentice, uses the command nbtstat –c while analyzing the network information in a suspect system. What information is he looking for?
A. Contents of the network routing table
B. Status of the network carrier
C. Contents of the NetBIOS name cache
D. Network connections
Correct Answer:
C. Contents of the NetBIOS name cache