The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 241
Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?
A. TestDisk for Windows
B. R-Studio
C. Windows Password Recovery Bootdisk
D. Passware Kit Forensic
Correct Answer:
D. Passware Kit Forensic
Exam Question 242
An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?
A. Equipment Identity Register (EIR)
B. Electronic Serial Number (ESN)
C. International mobile subscriber identity (IMSI)
D. Integrated circuit card identifier (ICCID)
Correct Answer:
B. Electronic Serial Number (ESN)
Exam Question 243
Which command line tool is used to determine active network connections?
A. netsh
B. nbstat
C. nslookup
D. netstat
Correct Answer:
D. netstat
Exam Question 244
Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device.
Where is TAC located in mobile devices?
A. International Mobile Equipment Identifier (IMEI)
B. Integrated circuit card identifier (ICCID)
C. International mobile subscriber identity (IMSI)
D. Equipment Identity Register (EIR)
Correct Answer:
A. International Mobile Equipment Identifier (IMEI)
Exam Question 245
What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?
A. Disk deletion
B. Disk cleaning
C. Disk degaussing
D. Disk magnetization
Correct Answer:
C. Disk degaussing
Exam Question 246
What is the investigator trying to view by issuing the command displayed in the following screenshot?
What is the investigator trying to view by issuing the command displayed in the following screenshot?
A. List of services stopped
B. List of services closed recently
C. List of services recently started
D. List of services installed
Correct Answer:
D. List of services installed
Exam Question 247
Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?
A. Cross Examination
B. Direct Examination
C. Indirect Examination
D. Witness Examination
Correct Answer:
A. Cross Examination
Exam Question 248
Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.
A. Statement of personal or family history
B. Prior statement by witness
C. Statement against interest
D. Statement under belief of impending death
Correct Answer:
D. Statement under belief of impending death
Exam Question 249
Which of the following is a responsibility of the first responder?
A. Determine the severity of the incident
B. Collect as much information about the incident as possible
C. Share the collected information to determine the root cause
D. Document the findings
Correct Answer:
B. Collect as much information about the incident as possible
Exam Question 250
NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?
A. Encrypted FEK
B. Checksum
C. EFS Certificate Hash
D. Container Name
Correct Answer:
B. Checksum