The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 271
Which among the following laws emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to provide information security for the information systems that support its operations and assets?
A. FISMA
B. HIPAA
C. GLBA
D. SOX
Correct Answer:
A. FISMA
Exam Question 272
Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?
A. Server storage archives are the server information and settings stored on a local system, whereas the local archives are the local email client information stored on the mail server
B. It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers
C. Local archives should be stored together with the server storage archives in order to be admissible in a court of law
D. Local archives do not have evidentiary value as the email client may alter the message data
Correct Answer:
B. It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers
Exam Question 273
What is the framework used for application development for iOS-based mobile devices?
A. Cocoa Touch
B. Dalvik
C. Zygote
D. AirPlay
Correct Answer:
A. Cocoa Touch
Exam Question 274
Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?
A. File fingerprinting
B. Identifying file obfuscation
C. Static analysis
D. Dynamic analysis
Correct Answer:
A. File fingerprinting
Exam Question 275
Which of the following tools is not a data acquisition hardware tool?
A. UltraKit
B. Atola Insight Forensic
C. F-Response Imager
D. Triage-Responder
Correct Answer:
C. F-Response Imager
Exam Question 276
What does the command “C:\>wevtutil gl <log name>” display?
A. Configuration information of a specific Event Log
B. Event logs are saved in .xml format
C. Event log record structure
D. List of available Event Logs
Correct Answer:
A. Configuration information of a specific Event Log
Exam Question 277
Which of the following does Microsoft Exchange E-mail Server use for collaboration of various e-mail applications?
A. Simple Mail Transfer Protocol (SMTP)
B. Messaging Application Programming Interface (MAPI)
C. Internet Message Access Protocol (IMAP)
D. Post Office Protocol version 3 (POP3)
Correct Answer:
B. Messaging Application Programming Interface (MAPI)
Exam Question 278
Which of the following is a precomputed table containing word lists like dictionary files and brute force lists and their hash values?
A. Directory Table
B. Rainbow Table
C. Master file Table (MFT)
D. Partition Table
Correct Answer:
B. Rainbow Table
Exam Question 279
Brian needs to acquire data from RAID storage. Which of the following acquisition methods is recommended to retrieve only the data relevant to the investigation?
A. Static Acquisition
B. Sparse or Logical Acquisition
C. Bit-stream disk-to-disk Acquisition
D. Bit-by-bit Acquisition
Correct Answer:
B. Sparse or Logical Acquisition
Exam Question 280
What technique is used by JPEGs for compression?
A. TIFF-8
B. ZIP
C. DCT
D. TCD
Correct Answer:
C. DCT