[2024] Use Real EC-COUNCIL Dumps - 100% Free 312-49v10 Exam Dumps [Q106-Q127]

[2024] Use Real EC-COUNCIL Dumps - 100% Free 312-49v10 Exam Dumps

Realistic 312-49v10 Dumps Latest EC-COUNCIL Practice Tests Dumps

The CHFI-v10 certification exam covers a range of topics related to computer hacking forensic investigation, including forensic analysis, incident response, and network forensics. 312-49v10 exam is designed to test the candidate's understanding of the tools, techniques, and methodologies used in digital forensics. It also covers the legal and ethical considerations that are critical for professionals working in this field.

 

NEW QUESTION # 106
Which among the following U.S. laws requires financial institutions-companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance-to protect their customers' information against security threats?

• A. HIPAA
• B. FISMA
• C. SOX
• D. GLBA

Answer: D

NEW QUESTION # 107
The working of the Tor browser is based on which of the following concepts?

• A. Static routing
• B. Onion routing
• C. Default routing
• D. Both static and default routing

Answer: B

NEW QUESTION # 108
____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

• A. Network Forensics
• B. Incident Response
• C. Event Reaction
• D. Computer Forensics

Answer: D

NEW QUESTION # 109
Which of the following setups should a tester choose to analyze malware behavior?

• A. A normal system without internet connect
• B. A virtual system with network simulation for internet connection
• C. A normal system with internet connection
• D. A virtual system with internet connection

Answer: B

NEW QUESTION # 110
Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?

• A. An environment set up before a user logs in
• B. A system Using Trojaned commands
• C. A Honeypot that traps hackers
• D. An environment set up after the user logs in

Answer: C

NEW QUESTION # 111
What is the default IIS log location?

• A. SystemDrive\inetpub\LogFiles
• B. %SystemDrive%\inetpub\logs\LogFiles
• C. %SystemDrive\logs\LogFiles
• D. SystemDrive\logs\LogFiles

Answer: B

NEW QUESTION # 112
The MAC attributes are timestamps that refer to a time at which the file was last modified or last accessed or originally created. Which of the following file systems store MAC attributes in Coordinated Universal Time (UTC) format?

• A. Hierarchical File System (HFS)
• B. New Technology File System (NTFS)
• C. File Allocation Table (FAT
• D. Global File System (GFS)

Answer: B

NEW QUESTION # 113
Which of the following files contains the traces of the applications installed, run, or uninstalled from a system?

• A. Virtual Files
• B. Image Files
• C. Prefetch Files
• D. Shortcut Files

Answer: D

NEW QUESTION # 114
Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?

• A. Net config
• B. Net share
• C. Net file
• D. Net sessions

Answer: C

NEW QUESTION # 115
This is a statement, other than one made by the declarant while testifying at the trial or hearing, offered in evidence to prove the truth of the matter asserted. Which among the following is suitable for the above statement?

• A. Hearsay rule
• B. Rule 1001
• C. Limited admissibility
• D. Testimony by the accused

Answer: A

NEW QUESTION # 116
NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?

• A. EFS Certificate Hash
• B. Container Name
• C. Encrypted FEK
• D. Checksum

Answer: D

NEW QUESTION # 117
Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

• A. Logical block
• B. Hard disk block
• C. Operating system block
• D. Physical block

Answer: D

NEW QUESTION # 118
NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:

• A. NTFS has lower cluster size space
• B. FAT does not index files
• C. NTFS is a journaling file system
• D. FAT is an older and inefficient file system

Answer: A

NEW QUESTION # 119
Which part of Metasploit framework helps users to hide the data related to a previously deleted file or currently unused by the allocated file.

• A. RuneFS
• B. FragFS
• C. Slacker
• D. Waffen FS

Answer: C

NEW QUESTION # 120
The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

• A. All running processes will be lost
• B. Power interruption will corrupt the pagefile
• C. Any data not yet flushed to the system will be lost
• D. The /tmp directory will be flushed

Answer: C

NEW QUESTION # 121
Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

• A. SWGDE & SWGIT
• B. Daubert
• C. Frye
• D. IOCE

Answer: C

NEW QUESTION # 122
Which of the following is NOT a part of pre-investigation phase?

• A. Building forensics workstation
• B. Gathering evidence data
• C. Creating an investigation team
• D. Gathering information about the incident

Answer: B

NEW QUESTION # 123
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

• A. a disk editor
• B. a write-blocker
• C. a firewall
• D. a protocol analyzer

Answer: B

NEW QUESTION # 124
As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc. Which of the following commands does she need to execute in order to extract the desired information?

• A. DBCC LOG(Transfers, 1)
• B. DBCC LOG(Transfers, 3)
• C. DBCC LOG(Transfers, 2)
• D. DBCC LOG(Transfers, 0)

Answer: C

NEW QUESTION # 125
An investigator enters the command sqlcmd -S WIN-CQQMK62867E -e -s"," -E as part of collecting the primary data file and logs from a database. What does the "WIN-CQQMK62867E" represent?

• A. Network credentials of the database
• B. Operating system of the system
• C. Name of the Database
• D. Name of SQL Server

Answer: C

NEW QUESTION # 126
Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups?

• A. Data block
• B. Block bitmap block
• C. Superblock
• D. Inode bitmap block

Answer: C

NEW QUESTION # 127
......

312-49v10 Dumps PDF - 312-49v10 Real Exam Questions Answers: https://torrentpdf.actual4exams.com/312-49v10-real-braindumps.html