The latest EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 exam and earn EC-Council Computer Hacking Forensic Investigator CHFI EC0 312-49 certification.
Exam Question 41
What TCP/UDP port does the toolkit program netstat use?
A. Port 7
B. Port 15
C. Port 23
D. Port 69
Correct Answer:
B. Port 15
Exam Question 42
Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?
A. 18 U.S.C. 1029 Possession of Access Devices
B. 18 U.S.C. 1030 Fraud and related activity in connection with computers
C. 18 U.S.C. 1343 Fraud by wire, radio or television
D. 18 U.S.C. 1361 Injury to Government Property
E. 18 U.S.C. 1362 Government communication systems
F. 18 U.S.C. 1831 Economic Espionage Act
G. 18 U.S.C. 1832 Trade Secrets Act
Correct Answer:
B. 18 U.S.C. 1030 Fraud and related activity in connection with computers
Exam Question 43
In a FAT32 system, a 123 KB file will use how many sectors?
A. 34
B. 25
C. 11
D. 56
Correct Answer:
B. 25
Exam Question 44
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?
A. a write-blocker
B. a protocol analyzer
C. a firewall
D. a disk editor
Correct Answer:
A. a write-blocker
Exam Question 45
Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?
A. A Honeypot that traps hackers
B. A system Using Trojaned commands
C. An environment set up after the user logs in
D. An environment set up before a user logs in
Correct Answer:
A. A Honeypot that traps hackers
Exam Question 46
To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?
A. Computer Forensics Tools and Validation Committee (CFTVC)
B. Association of Computer Forensics Software Manufactures (ACFSM)
C. National Institute of Standards and Technology (NIST)
D. Society for Valid Forensics Tools and Testing (SVFTT)
Correct Answer:
C. National Institute of Standards and Technology (NIST)
Exam Question 47
You have used a newly released forensic investigation tool, which doesn’t meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?
A. The tool hasn’t been tested by the International Standards Organization (ISO)
B. Only the local law enforcement should use the tool
C. The total has not been reviewed and accepted by your peers
D. You are not certified for using the tool
Correct Answer:
C. The total has not been reviewed and accepted by your peers
Exam Question 48
In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the data.
A. Network Forensics
B. Data Recovery
C. Disaster Recovery
D. Computer Forensics
Correct Answer:
D. Computer Forensics
Exam Question 49
When you carve an image, recovering the image depends on which of the following skills?
A. Recognizing the pattern of the header content
B. Recovering the image from a tape backup
C. Recognizing the pattern of a corrupt file
D. Recovering the image from the tape backup
Correct Answer:
A. Recognizing the pattern of the header content
Exam Question 50
When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.
A. A Capital X
B. A Blank Space
C. The Underscore Symbol
D. The lowercase Greek Letter Sigma (s)
Correct Answer:
D. The lowercase Greek Letter Sigma (s)