The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 91
Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces. What could have prevented this information from being stolen from the laptops?
A. EFS Encryption
B. DFS Encryption
C. IPS Encryption
D. SDW Encryption
Correct Answer:
A. EFS Encryption
Exam Question 92
What is the target host IP in the following command?
c:\>firewalk -F 80 10.10.150.1 172.16.28.95 -p UDP
A. 172.16.28.95
B. 10.10.150.1
C. Firewalk does not scan target hosts
D. This command is using FIN packets, which cannot scan target hosts
Correct Answer:
A. 172.16.28.95
Exam Question 93
John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?
A. Firewalk cannot pass through Cisco firewalls
B. Firewalk sets all packets with a TTL of zero
C. Firewalk cannot be detected by network sniffers
D. Firewalk sets all packets with a TTL of one
Correct Answer:
D. Firewalk sets all packets with a TTL of one
Exam Question 94
After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks.
What countermeasures could he take to prevent DDoS attacks?
A. Enable direct broadcasts
B. Disable direct broadcasts
C. Disable BGP
D. Enable BGP
Correct Answer:
B. Disable direct broadcasts
Exam Question 95
George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as “stealthy” as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?
A. Nessus is too loud
B. Nessus cannot perform wireless testing
C. Nessus is not a network scanner
D. There are no ways of performing a “stealthy” wireless scan
Correct Answer:
A. Nessus is too loud
Exam Question 96
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?
A. src port 23 and dst port 23
B. udp port 22 and host 172.16.28.1/24
C. net port 22
D. src port 22 and dst port 22
Correct Answer:
D. src port 22 and dst port 22
Exam Question 97
Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test.
The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?
A. False negatives
B. False positives
C. True negatives
D. True positives
Correct Answer:
A. False negatives
Exam Question 98
What operating system would respond to the following command?
c:\> nmap -sW 10.10.145.65
A. Windows 95
B. FreeBSD
C. Windows XP
D. Mac OS X
Correct Answer:
B. FreeBSD
Exam Question 99
Paul’s company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?
A. Tailgating
B. Backtrapping
C. Man trap attack
D. Fuzzing
Correct Answer:
A. Tailgating
Exam Question 100
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
A. Guest
B. Root
C. You cannot determine what privilege runs the daemon service
D. Something other than root
Correct Answer:
D. Something other than root