The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 31
Sectors in hard disks typically contain how many bytes?
A. 256
B. 512
C. 1024
D. 2048
Correct Answer:
B. 512
Exam Question 32
Area density refers to:
A. the amount of data per disk
B. the amount of data per partition
C. the amount of data per square inch
D. the amount of data per platter
Correct Answer:
A. the amount of data per disk
Exam Question 33
Corporate investigations are typically easier than public investigations because:
A. the users have standard corporate equipment and software
B. the investigator does not have to get a warrant
C. the investigator has to get a warrant
D. the users can load whatever they want on their machines
Correct Answer:
B. the investigator does not have to get a warrant
Exam Question 34
Which of the following should a computer forensics lab used for investigations have?
A. isolation
B. restricted access
C. open access
D. an entry log
Correct Answer:
B. restricted access
Exam Question 35
You should make at least how many bit-stream copies of a suspect drive?
A. 1
B. 2
C. 3
D. 4
Correct Answer:
B. 2
Exam Question 36
Why should you note all cable connections for a computer you want to seize as evidence?
A. to know what outside connections existed
B. in case other devices were connected
C. to know what peripheral devices exist
D. to know what hardware existed
Correct Answer:
A. to know what outside connections existed
Exam Question 37
What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?
A. ICMP header field
B. TCP header field
C. IP header field
D. UDP header field
Correct Answer:
B. TCP header field
Exam Question 38
What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?
A. forensic duplication of hard drive
B. analysis of volatile data
C. comparison of MD5 checksums
D. review of SIDs in the Registry
Correct Answer:
C. comparison of MD5 checksums
Exam Question 39
Which response organization tracks hoaxes as well as viruses?
A. NIPC
B. FEDCIRC
C. CERT
D. CIAC
Correct Answer:
D. CIAC
Exam Question 40
Which federal computer crime law specifically refers to fraud and related activity in connection with access devices like routers?
A. 18 U.S.C. 1029
B. 18 U.S.C. 1362
C. 18 U.S.C. 2511
D. 18 U.S.C. 2703
Correct Answer:
A. 18 U.S.C. 1029