Computer Hacking Forensic Investigator (CHFI-v10) (312-49v10) Free Practice Test

Question 1

Richard is extracting volatile data from a system and uses the command doskey/history. What is he trying to extract?

A. History of the browser

B. Passwords used across the system

C. Previously typed commands

D. Events history

Correct Answer: C

Question 2

What malware analysis operation can the investigator perform using the jv16 tool?

A. Files and Folder Monitor

B. Network Traffic Monitoring/Analysis

C. Installation Monitor

D. Registry Analysis/Monitoring

Correct Answer: D

Question 3

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

A. Inculpatory evidence

B. Exculpatory evidence

C. Terrible evidence

D. Mandatory evidence

Correct Answer: B

Question 4

Derrick, a forensic specialist, was investigating an active computer that was executing various processes. Derrick wanted to check whether this system was used In an Incident that occurred earlier. He started Inspecting and gathering the contents of RAM, cache, and DLLs to Identify Incident signatures. Identify the data acquisition method employed by Derrick in the above scenario.

A. Non-volatile data acquisition

B. Static data acquisition

C. Live data acquisition

D. Dead data acquisition

Correct Answer: C

Question 5

A packet is sent to a router that does not have the packet destination address in its route table.
How will the packet get to its proper destination?

A. Root Internet servers

B. Gateway of last resort

C. Reverse DNS

D. Border Gateway Protocol

Correct Answer: B

Question 6

Sectors in hard disks typically contain how many bytes?

A. 256

B. 1024

C. 512

D. 2048

Correct Answer: C

Question 7

Windows identifies which application to open a file with by examining which of the following?

A. The file attributes

B. The file signature at the beginning of the file

C. The file Signature at the end of the file

D. The File extension

Correct Answer: D

Question 8

Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?

A. Process Monitor

B. PSLoggedon

C. TCPView

D. Tokenmon

Correct Answer: B

Question 9

While presenting his case to the court, Simon calls many witnesses to the stand to testify. Simon decides to call Hillary Taft, a lay witness, to the stand. Since Hillary is a lay witness, what field would she be considered an expert in?

A. Legal issues

B. No particular field

C. Technical material related to forensics

D. Judging the character of defendants/victims

Correct Answer: B

Question 10

Which OWASP loT vulnerability talks about security flaws such as lack of firmware validation, lack of secure delivery, and lack of anti-rollback mechanisms on loT devices?

A. Insecure default settings

B. Insecure data transfer and storage

C. Lack of secure update mechanism

D. Use of insecure or outdated components

Correct Answer: C

Question 11

Which of the following stages in a Linux boot process involve initialization of the system's hardware?

A. Bootloader Stage

B. BootROM Stage

C. BIOS Stage

D. Kernel Stage

Correct Answer: C

Question 12

William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?

A. Apache error log

B. The common log format of Apache access log

C. IIS log

D. The combined log format of Apache access log

Correct Answer: B

Welcome to TestSimulate

EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v10) (312-49v10) Free Practice Test