The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 231
The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in Linux. Identify the Apache error log from the following logs.
A. http://victim.com/scripts/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..% c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+C:\Winnt\system32\Logfiles\W3SVC1
B. [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test
C. 127.0.0.1 – frank [10/Oct/2000:13:55:36 -0700]”GET /apache_pb.gif HTTP/1.0″ 200 2326
D. 127.0.0.1 – – [10/Apr/2007:10:39:11 +0300] ] [error] “GET /apache_pb.gif HTTP/1.0” 200 2326
Correct Answer:
B. [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test
Exam Question 232
Which part of Metasploit framework helps users to hide the data related to a previously deleted file or currently unused by the allocated file.
A. Waffen FS
B. RuneFS
C. FragFS
D. Slacker
Correct Answer:
D. Slacker
Exam Question 233
Which one of the following is not a first response procedure?
A. Preserve volatile data
B. Fill forms
C. Crack passwords
D. Take photos
Correct Answer:
C. Crack passwords
Exam Question 234
Graphics Interchange Format (GIF) is a ____ RGB bitmap image format for images with up to 256 distinct colors per frame.
A. 8-bit
B. 32-bit
C. 16-bit
D. 24-bit
Correct Answer:
A. 8-bit
Exam Question 235
Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?
A. SWGDE & SWGIT
B. Daubert
C. Frye
D. IOCE
Correct Answer:
C. Frye
Exam Question 236
What malware analysis operation can the investigator perform using the jv16 tool?
A. Files and Folder Monitor
B. Installation Monitor
C. Network Traffic Monitoring/Analysis
D. Registry Analysis/Monitoring
Correct Answer:
D. Registry Analysis/Monitoring
Exam Question 237
Which of the following email headers specifies an address for mailer-generated errors, like “no such user” bounce messages, to go to (instead of the sender’s address)?
A. Mime-Version header
B. Content-Type header
C. Content-Transfer-Encoding header
D. Errors-To header
Correct Answer:
D. Errors-To header
Exam Question 238
When a user deletes a file, the system creates a $I file to store its details. What detail does the $I file not contain?
A. File Size
B. File origin and modification
C. Time and date of deletion
D. File Name
Correct Answer:
B. File origin and modification
Exam Question 239
Which of the following registry hive gives the configuration information about which application was used to open various files on the system?
A. HKEY_CLASSES_ROOT
B. HKEY_CURRENT_CONFIG
C. HKEY_LOCAL_MACHINE
D. HKEY_USERS
Correct Answer:
A. HKEY_CLASSES_ROOT
Exam Question 240
Select the tool appropriate for examining the dynamically linked libraries of an application or malware.
A. DependencyWalker
B. SysAnalyzer
C. PEiD
D. ResourcesExtract
Correct Answer:
A. DependencyWalker
