EC-COUNCIL EC-Council Digital Forensics Essentials (DFE) (112-57) Free Practice Test
Question 1
Which of the following commands can an investigator use to parse GPTs of both types of hard disks, including those formatted with either UEFI or MBR?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 2
Benoy, a security professional at an organization, extracted Apache access log entries to view critical information about all the operations performed on a web server. The Apache access log extracted by Benoy is given below:
"10.10.10.10 - Jason [17/Aug/2019:00:12:34 +0300] "GET /images/content/bg_body_1.jpg HTTP/1.0" 500
1458"
Identify the HTTP status code in the Apache access log entry above that indicates the response was successful.
"10.10.10.10 - Jason [17/Aug/2019:00:12:34 +0300] "GET /images/content/bg_body_1.jpg HTTP/1.0" 500
1458"
Identify the HTTP status code in the Apache access log entry above that indicates the response was successful.
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 3
Which of the following hives in the Windows Registry hierarchical database is volatile in nature and contains file-extension association information and programmatic identifier (ProgID), Class ID (CLSID), and Interface ID (IID) data?
Correct Answer: C
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 4
Jennifer, a forensics investigation team member, was inspecting a compromised system. After gathering all the evidence related to the compromised system, she disconnected the system from the network to stop the spread of the incident to other systems.
Identify the role played by Jennifer in the forensics investigation.
Identify the role played by Jennifer in the forensics investigation.
Correct Answer: C
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 5
Kelvin, a forensic investigator at FinCorp Ltd., was investigating a cybercrime against the company. As part of the investigation process, he needs to recover corrupted and deleted files from a Windows system. Kelvin decided to use an automated tool to recover the damaged, corrupted, or deleted files.
Which of the following forensic tools can help Kelvin in recovering deleted files?
Which of the following forensic tools can help Kelvin in recovering deleted files?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 6
Which of the following measures is defined as the time to move read or write disc heads from one point to another on the disk?
Correct Answer: C
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 7
Which of the following steps in forensic readiness planning provides a backup for future reference and assists in presenting evidence in a court of law?
Correct Answer: C
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 8
Clark, a security professional, identified that one of the systems in the organization is infected with malware and was used for creating a backdoor. Clark employed an automated tool to analyze the system's memory and detect malicious activities performed on the system.
In the above scenario, which of the following tools did Clark employ to detect malicious activities performed on the system?
In the above scenario, which of the following tools did Clark employ to detect malicious activities performed on the system?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).