Summer Special Sales Coupon - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s55disc

312-49v10 PDF

$49.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

312-49v10 PDF + Testing Engine

$79.2

$175.99

3 Months Free Update

  • Exam Name: Computer Hacking Forensic Investigator (CHFI-v10)
  • Last Update: Aug 8, 2022
  • Questions and Answers: 601
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

312-49v10 Engine

$59.4

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

312-49v10 Computer Hacking Forensic Investigator (CHFI-v10) Questions and Answers

Question # 6

When operating systems mark a cluster as used but not allocated, the cluster is considered as _________

A.

Corrupt

B.

Bad

C.

Lost

D.

Unallocated

Full Access
Question # 7

When a router receives an update for its routing table, what is the metric value change to that path?

A.

Increased by 2

B.

Decreased by 1

C.

Increased by 1

D.

Decreased by 2

Full Access
Question # 8

Which password cracking technique uses every possible combination of character sets?

A.

Rainbow table attack

B.

Brute force attack

C.

Rule-based attack

D.

Dictionary attack

Full Access
Question # 9

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

A.

Searching for evidence themselves would not have any ill effects

B.

Searching could possibly crash the machine or device

C.

Searching creates cache files, which would hinder the investigation

D.

Searching can change date/time stamps

Full Access
Question # 10

What is the smallest physical storage unit on a hard drive?

A.

Track

B.

Cluster

C.

Sector

D.

Platter

Full Access
Question # 11

Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

A.

The data is still present until the original location of the file is used

B.

The data is moved to the Restore directory and is kept there indefinitely

C.

The data will reside in the L2 cache on a Windows computer until it is manually deleted

D.

It is not possible to recover data that has been emptied from the Recycle Bin

Full Access
Question # 12

Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?

A.

Witness Authentication

B.

Direct Examination

C.

Expert Witness

D.

Cross Questioning

Full Access
Question # 13

Which of the following tools will help the investigator to analyze web server logs?

A.

XRY LOGICAL

B.

LanWhois

C.

Deep Log Monitor

D.

Deep Log Analyzer

Full Access
Question # 14

In the following email header, where did the email first originate from?

312-49v10 question answer

A.

Somedomain.com

B.

Smtp1.somedomain.com

C.

Simon1.state.ok.gov.us

D.

David1.state.ok.gov.us

Full Access
Question # 15

In Steganalysis, which of the following describes a Known-stego attack?

A.

The hidden message and the corresponding stego-image are known

B.

During the communication process, active attackers can change cover

C.

Original and stego-object are available and the steganography algorithm is known

D.

Only the steganography medium is available for analysis

Full Access
Question # 16

This type of testimony is presented by someone who does the actual fieldwork and does not offer a view in court.

A.

Civil litigation testimony

B.

Expert testimony

C.

Victim advocate testimony

D.

Technical testimony

Full Access
Question # 17

Who is responsible for the following tasks?

A.

Non-forensics staff

B.

Lawyers

C.

System administrators

D.

Local managers or other non-forensic staff

Full Access
Question # 18

Which of the following tool creates a bit-by-bit image of an evidence media?

A.

Recuva

B.

FileMerlin

C.

AccessData FTK Imager

D.

Xplico

Full Access
Question # 19

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation?

A.

Image the disk and try to recover deleted files

B.

Seek the help of co-workers who are eye-witnesses

C.

Check the Windows registry for connection data (you may or may not recover)

D.

Approach the websites for evidence

Full Access
Question # 20

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

A.

the Microsoft Virtual Machine Identifier

B.

the Personal Application Protocol

C.

the Globally Unique ID

D.

the Individual ASCII String

Full Access
Question # 21

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

A.

The manufacturer of the system compromised

B.

The logic, formatting and elegance of the code used in the attack

C.

The nature of the attack

D.

The vulnerability exploited in the incident

Full Access
Question # 22

As a CHFI professional, which of the following is the most important to your professional reputation?

A.

Your Certifications

B.

The correct, successful management of each and every case

C.

The free that you charge

D.

The friendship of local law enforcement officers

Full Access
Question # 23

During the course of a corporate investigation, you find that an Employee is committing a crime.

Can the Employer file a criminal complaint with Police?

A.

Yes, and all evidence can be turned over to the police

B.

Yes, but only if you turn the evidence over to a federal law enforcement agency

C.

No, because the investigation was conducted without following standard police procedures

D.

No, because the investigation was conducted without warrant

Full Access
Question # 24

At what layer of the OSI model do routers function on?

A.

4

B.

3

C.

1

D.

5

Full Access
Question # 25

Which tool does the investigator use to extract artifacts left by Google Drive on the system?

A.

PEBrowse Professional

B.

RegScanner

C.

RAM Capturer

D.

Dependency Walker

Full Access
Question # 26

Which of the following file contains the traces of the applications installed, run, or uninstalled from a system?

A.

Shortcut Files

B.

Virtual files

C.

Prefetch Files

D.

Image Files

Full Access
Question # 27

Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

A.

Place PDA, including all devices, in an antistatic bag

B.

Unplug all connected devices

C.

Power off all devices if currently on

D.

Photograph and document the peripheral devices

Full Access
Question # 28

Graphics Interchange Format (GIF) is a ____ RGB bitmap image format for images with up to 256 distinct colors per frame.

A.

8-bit

B.

32-bit

C.

16-bit

D.

24-bit

Full Access
Question # 29

An International Mobile Equipment Identifier (IMEI) is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits of an IMEI number that provide information about the model and origin of the mobile device is also known as:

A.

Type Allocation Code (TAC)

B.

Integrated Circuit Code (ICC)

C.

Manufacturer Identification Code (MIC)

D.

Device Origin Code (DOC)

Full Access
Question # 30

Tasklist command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following tasklist commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

A.

tasklist /p

B.

tasklist /v

C.

tasklist /u

D.

tasklist /s

Full Access
Question # 31

Which among the following U.S. laws requires financial institutions—companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance—to protect their customers’ information against security threats?

A.

SOX

B.

HIPAA

C.

GLBA

D.

FISMA

Full Access
Question # 32

Robert is a regional manager working in a reputed organization. One day, he suspected malware attack after unwanted programs started to popup after logging into his computer. The network administrator was called upon to trace out any intrusion on the computer and he/she finds that suspicious activity has taken place within Autostart locations. In this situation, which of the following tools is used by the network administrator to detect any intrusion on a system?

A.

Hex Editor

B.

Internet Evidence Finder

C.

Process Monitor

D.

Report Viewer

Full Access
Question # 33

Robert, a cloud architect, received a huge bill from the cloud service provider, which usually doesn't happen. After analyzing the bill, he found that the cloud resource consumption was very high. He then examined the cloud server and discovered that a malicious code was running on the server, which was generating huge but harmless traffic from the server. This means that the server has been compromised by an attacker with the sole intention to hurt the cloud customer financially. Which attack is described in the above scenario?

A.

XSS Attack

B.

DDoS Attack (Distributed Denial of Service)

C.

Man-in-the-cloud Attack

D.

EDoS Attack (Economic Denial of Service)

Full Access
Question # 34

An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?

A.

Equipment Identity Register (EIR)

B.

Electronic Serial Number (ESN)

C.

International mobile subscriber identity (IMSI)

D.

Integrated circuit card identifier (ICCID)

Full Access
Question # 35

Steve, a forensic investigator, was asked to investigate an email incident in his organization. The organization has Microsoft Exchange Server deployed for email communications. Which among the following files will Steve check to analyze message headers, message text, and standard attachments?

A.

PUB.EDB

B.

PRIV.EDB

C.

PUB.STM

D.

PRIV.STM

Full Access
Question # 36

Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?

A.

ISO 9660

B.

ISO/IEC 13940

C.

ISO 9060

D.

IEC 3490

Full Access
Question # 37

What must an attorney do first before you are called to testify as an expert?

A.

Qualify you as an expert witness

B.

Read your curriculum vitae to the jury

C.

Engage in damage control

D.

Prove that the tools you used to conduct your examination are perfect

Full Access
Question # 38

Which ISO Standard enables laboratories to demonstrate that they comply with quality assurance and provide valid results?

A.

ISO/IEC 16025

B.

ISO/IEC 18025

C.

ISO/IEC 19025

D.

ISO/IEC 17025

Full Access
Question # 39

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

A.

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

B.

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit

C.

if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Full Access
Question # 40

Which among the following search warrants allows the first responder to search and seize the victim’s computer components such as hardware, software, storage devices, and documentation?

A.

John Doe Search Warrant

B.

Citizen Informant Search Warrant

C.

Electronic Storage Device Search Warrant

D.

Service Provider Search Warrant

Full Access
Question # 41

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

A.

Robust copy

B.

Incremental backup copy

C.

Bit-stream copy

D.

Full backup copy

Full Access
Question # 42

The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output?

312-49v10 question answer

A.

dir /o:d

B.

dir /o:s

C.

dir /o:e

D.

dir /o:n

Full Access
Question # 43

companyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware.

A.

Source code review

B.

Reviewing the firewalls configuration

C.

Data items and vulnerability scanning

D.

Interviewing employees and network engineers

Full Access
Question # 44

Andie, a network administrator, suspects unusual network services running on a windows system. Which of the following commands should he use to verify unusual network services started on a Windows system?

A.

net serv

B.

netmgr

C.

lusrmgr

D.

net start

Full Access
Question # 45

Which U.S. law sets the rules for sending emails for commercial purposes, establishes the minimum requirements for commercial messaging, gives the recipients of emails the right to ask the senders to stop emailing them, and spells out the penalties in case the above said rules are violated?

A.

NO-SPAM Act

B.

American: NAVSO P-5239-26 (RLL)

C.

CAN-SPAM Act

D.

American: DoD 5220.22-M

Full Access
Question # 46

Which of the following tools is not a data acquisition hardware tool?

A.

UltraKit

B.

Atola Insight Forensic

C.

F-Response Imager

D.

Triage-Responder

Full Access
Question # 47

Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?

A.

FAT File System

B.

ReFS

C.

exFAT

D.

NTFS File System

Full Access
Question # 48

Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from

Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network

vulnerability assessment plan?

A.

Their first step is to make a hypothesis of what their final findings will be.

B.

Their first step is to create an initial Executive report to show the management team.

C.

Their first step is to analyze the data they have currently gathered from the company or interviews.

D.

Their first step is the acquisition of required documents, reviewing of security policies and compliance.

Full Access
Question # 49

Select the tool appropriate for examining the dynamically linked libraries of an application or malware.

A.

DependencyWalker

B.

SysAnalyzer

C.

PEiD

D.

ResourcesExtract

Full Access
Question # 50

Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?

A.

A text file deleted from C drive in sixth sequential order

B.

A text file deleted from C drive in fifth sequential order

C.

A text file copied from D drive to C drive in fifth sequential order

D.

A text file copied from C drive to D drive in fifth sequential order

Full Access
Question # 51

When is it appropriate to use computer forensics?

A.

If copyright and intellectual property theft/misuse has occurred

B.

If employees do not care for their boss management techniques

C.

If sales drop off for no apparent reason for an extended period of time

D.

If a financial institution is burglarized by robbers

Full Access
Question # 52

In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

A.

Security Administrator

B.

Network Administrator

C.

Director of Information Technology

D.

Director of Administration

Full Access
Question # 53

Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?

A.

Typography

B.

Steganalysis

C.

Picture encoding

D.

Steganography

Full Access
Question # 54

Which of the following are small pieces of data sent from a website and stored on the user’s computer by the user’s web browser to track, validate, and maintain specific user information?

A.

Temporary Files

B.

Open files

C.

Cookies

D.

Web Browser Cache

Full Access
Question # 55

To check for POP3 traffic using Ethereal, what port should an investigator search by?

A.

143

B.

25

C.

110

D.

125

Full Access
Question # 56

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

A.

Net sessions

B.

Net config

C.

Net share

D.

Net use

Full Access
Question # 57

Which of the following standard represents a legal precedent sent in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses’ testimony during federal legal proceedings?

A.

IOCE

B.

SWGDE & SWGIT

C.

Frye

D.

Daubert

Full Access
Question # 58

Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to prepare an investigative report for the president of the company he has been working for. Travis must submit a hard copy and an electronic copy to this president. In what electronic format should Travis send this report?

A.

TIFF-8

B.

DOC

C.

WPD

D.

PDF

Full Access
Question # 59

You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

A.

Polymorphic

B.

Metamorphic

C.

Oligomorhic

D.

Transmorphic

Full Access
Question # 60

You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data.

What method would be most efficient for you to acquire digital evidence from this network?

A.

create a compressed copy of the file with DoubleSpace

B.

create a sparse data copy of a folder or file

C.

make a bit-stream disk-to-image file

D.

make a bit-stream disk-to-disk file

Full Access
Question # 61

While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?

A.

Keep the information of file for later review

B.

Destroy the evidence

C.

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.

Present the evidence to the defense attorney

Full Access
Question # 62

Why should you note all cable connections for a computer you want to seize as evidence?

A.

to know what outside connections existed

B.

in case other devices were connected

C.

to know what peripheral devices exist

D.

to know what hardware existed

Full Access
Question # 63

You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?

A.

Stringsearch

B.

grep

C.

dir

D.

vim

Full Access
Question # 64

The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

A.

Any data not yet flushed to the system will be lost

B.

All running processes will be lost

C.

The /tmp directory will be flushed

D.

Power interruption will corrupt the pagefile

Full Access
Question # 65

To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?

A.

Computer Forensics Tools and Validation Committee (CFTVC)

B.

Association of Computer Forensics Software Manufactures (ACFSM)

C.

National Institute of Standards and Technology (NIST)

D.

Society for Valid Forensics Tools and Testing (SVFTT)

Full Access
Question # 66

You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

A.

Throw the hard disk into the fire

B.

Run the powerful magnets over the hard disk

C.

Format the hard disk multiple times using a low level disk utility

D.

Overwrite the contents of the hard disk with Junk data

Full Access
Question # 67

Windows identifies which application to open a file with by examining which of the following?

A.

The File extension

B.

The file attributes

C.

The file Signature at the end of the file

D.

The file signature at the beginning of the file

Full Access
Question # 68

In the following directory listing,

312-49v10 question answer

Which file should be used to restore archived email messages for someone using Microsoft Outlook?

A.

Outlook bak

B.

Outlook ost

C.

Outlook NK2

D.

Outlook pst

Full Access
Question # 69

If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

A.

true

B.

false

Full Access
Question # 70

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

A.

the attorney-work-product rule

B.

Good manners

C.

Trade secrets

D.

ISO 17799

Full Access
Question # 71

The MD5 program is used to:

A.

wipe magnetic media before recycling it

B.

make directories on an evidence disk

C.

view graphics files on an evidence drive

D.

verify that a disk is not altered when you examine it

Full Access
Question # 72

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florid a. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for. What principal of social engineering did Julia use?

A.

Social Validation

B.

Scarcity

C.

Friendship/Liking

D.

Reciprocation

Full Access
Question # 73

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

A.

ICMP header field

B.

TCP header field

C.

IP header field

D.

UDP header field

Full Access
Question # 74

When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to:

A.

Automate Collection from image files

B.

Avoiding copying data from the boot partition

C.

Acquire data from host-protected area on a disk

D.

Prevent Contamination to the evidence drive

Full Access
Question # 75

What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

A.

Cached password hashes for the past 20 users

B.

Service account passwords in plain text

C.

IAS account names and passwords

D.

Local store PKI Kerberos certificates

Full Access
Question # 76

What TCP/UDP port does the toolkit program netstat use?

A.

Port 7

B.

Port 15

C.

Port 23

D.

Port 69

Full Access
Question # 77

Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security.

Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

A.

Border Gateway Protocol

B.

Cisco Discovery Protocol

C.

Broadcast System Protocol

D.

Simple Network Management Protocol

Full Access
Question # 78

The police believe that Melvin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

A.

The Fourth Amendment

B.

The USA patriot Act

C.

The Good Samaritan Laws

D.

The Federal Rules of Evidence

Full Access
Question # 79

What does the acronym POST mean as it relates to a PC?

A.

Primary Operations Short Test

B.

PowerOn Self Test

C.

Pre Operational Situation Test

D.

Primary Operating System Test

Full Access
Question # 80

____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

A.

Network Forensics

B.

Computer Forensics

C.

Incident Response

D.

Event Reaction

Full Access
Question # 81

What should you do when approached by a reporter about a case that you are working on or have worked on?

A.

Refer the reporter to the attorney that retained you

B.

Say, "no comment"

C.

Answer all the reporter’s questions as completely as possible

D.

Answer only the questions that help your case

Full Access
Question # 82

From the following spam mail header, identify the host IP that sent this spam?

From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001

Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk

(8.11.6/8.11.6) with ESMTP id

fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)

Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by

viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1)

with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)

Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk

From: "china hotel web"

To: "Shlam"

Subject: SHANGHAI (HILTON HOTEL) PACKAGE

Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0

X-Priority: 3 X-MSMail-

Priority: Normal

Reply-To: "china hotel web"

A.

137.189.96.52

B.

8.12.1.0

C.

203.218.39.20

D.

203.218.39.50

Full Access
Question # 83

Which federal computer crime law specifically refers to fraud and related activity in connection with access devices like routers?

A.

18 U.S.C. 1029

B.

18 U.S.C. 1362

C.

18 U.S.C. 2511

D.

18 U.S.C. 2703

Full Access
Question # 84

Which type of attack is possible when attackers know some credible information about the victim's password, such as the password length, algorithms involved, or the strings and characters used in its creation?

A.

Rule-Based Attack

B.

Brute-Forcing Attack

C.

Dictionary Attack

D.

Hybrid Password Guessing Attack

Full Access
Question # 85

During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?

A.

Coordinated Universal Time

B.

Universal Computer Time

C.

Universal Time for Computers

D.

Correlated Universal Time

Full Access
Question # 86

What technique is used by JPEGs for compression?

A.

TIFF-8

B.

ZIP

C.

DCT

D.

TCD

Full Access
Question # 87

When analyzing logs, it is important that the clocks of all the network devices are synchronized. Which protocol will help in synchronizing these clocks?

A.

UTC

B.

PTP

C.

Time Protocol

D.

NTP

Full Access
Question # 88

Which of the following is found within the unique instance ID key and helps investigators to map the entry from USBSTOR key to the MountedDevices key?

A.

ParentIDPrefix

B.

LastWrite

C.

UserAssist key

D.

MRUListEx key

Full Access
Question # 89

When a user deletes a file, the system creates a $I file to store its details. What detail does the $I file not contain?

A.

File Size

B.

File origin and modification

C.

Time and date of deletion

D.

File Name

Full Access
Question # 90

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

A.

DevScan

B.

Devcon

C.

fsutil

D.

Reg.exe

Full Access