Skip to Content

EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 Exam Questions and Answers – Page 3

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.

Exam Question 251

If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.

A. Slack space
B. Deleted space
C. Sector space
D. Cluster space

Correct Answer:
A. Slack space

Exam Question 252

Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?

A. Sparse File
B. Master File Table
C. Meta Block Group
D. Slack Space

Correct Answer:
B. Master File Table

Exam Question 253

Select the data that a virtual memory would store in a Windows-based system.

A. Information or metadata of the files
B. Documents and other files
C. Application data
D. Running processes

Correct Answer:
D. Running processes

Exam Question 254

Which principle states that “anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave”?

A. Locard’s Exchange Principle
B. Enterprise Theory of Investigation
C. Locard’s Evidence Principle
D. Evidence Theory of Investigation

Correct Answer:
A. Locard’s Exchange Principle

Exam Question 255

During an investigation, Noel found the following SIM card from the suspect’s mobile. What does the code 89 44 represent?

During an investigation, Noel found the following SIM card from the suspect's mobile. What does the code 89 44 represent?

During an investigation, Noel found the following SIM card from the suspect’s mobile. What does the code 89 44 represent?

A. Issuer Identifier Number and TAC
B. Industry Identifier and Country code
C. Individual Account Identification Number and Country Code
D. TAC and Industry Identifier

Correct Answer:
B. Industry Identifier and Country code

Exam Question 256

Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?

A. FAT File System
B. ReFS
C. exFAT
D. NTFS File System

Correct Answer:
D. NTFS File System

Exam Question 257

%3cscript%3ealert(”XXXXXXXX”)%3c/script%3e is a script obtained from a Cross-Site Scripting attack.
What type of encoding has the attacker employed?

A. Double encoding
B. Hex encoding
C. Unicode
D. Base64

Correct Answer:
B. Hex encoding

Exam Question 258

Which of the following is a device monitoring tool?

A. Capsa
B. Driver Detective
C. Regshot
D. RAM Capturer

Correct Answer:
A. Capsa

Exam Question 259

While analyzing a hard disk, the investigator finds that the file system does not use UEFI-based interface.
Which of the following operating systems is present on the hard disk?

A. Windows 10
B. Windows 8
C. Windows 7
D. Windows 8.1

Correct Answer:
C. Windows 7

Exam Question 260

Which of the following Perl scripts will help an investigator to access the executable image of a process?

A. Lspd.pl
B. Lpsi.pl
C. Lspm.pl
D. Lspi.pl

Correct Answer:
D. Lspi.pl