EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) - 312-49v11 Free Exam Questions

QUESTION NO: 1
An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party's claim or defense.

Correct Answer: A Vote an answer
QUESTION NO: 2
The cybersecurity team of a leading software company is investigating an intricate network of infected systems in their infrastructure. Their research leads to a single file suspected to be the root cause of the infection. The malware in question is thought to be a novel one, and no prior information about it is available. What would be the most viable initial step to understanding its potential capabilities and mode of operation?

Correct Answer: C Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 3
Alice decides to make a purchase on a popular e-commerce website. After adding items to her cart and proceeding to checkout, she notices that she is already logged into her account, thanks to the "Remember Me" feature enabled by the website. However, Alice becomes concerned when she realizes that her friend, had previously warned her about the risks of cookie poisoning attacks. Which of the following actions is most advisable for Alice to take next?

Correct Answer: A Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 4
Ryan, a computer forensic investigator, was tasked with a case involving the illegal dissemination of confidential data within a large corporation. The suspected employee worked in an office where everyone had access to a Network Attached Storage (NAS) device, making it an area of interest.
The NAS used a Linux-based filesystem. A recent upgrade led to a complete wipe and restoration of the data on the NAS. To complicate matters, the corporation also had a Storage Area Network (SAN) in use, suspected to be another source of confidential data leakage. Understanding the idiosyncrasies of NAS and SAN storage systems, what is the best approach for Ryan to begin his investigation?

Correct Answer: A Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 5
Sophia, a forensic investigator, is analyzing a file suspected to be an image. She is examining the file's hexadecimal signature to identify its format. Upon inspection, she notices that the first three bytes of the file are 47 49 46 in hexadecimal. Based on this information, which of the following image formats is the file most likely to be?

Correct Answer: D Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 6
In which IoT attack does the attacker use multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks?

Correct Answer: A Vote an answer
QUESTION NO: 7
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

Correct Answer: B Vote an answer
QUESTION NO: 8
Theodore, a forensic expert, was tasked with investigating a cybercrime involving a Windows operating system running on NTFS. In the course of the investigation, he accessed and analyzed several metadata files stored in the root directory of the file system. These metadata files maintain records for every file stored on the system, including information such as file names, sizes, timestamps, and location on disk. While examining these files, Theodore was able to discover crucial data that helped track malicious events linked to the cybercrime.
Which of the following system files did Theodore access to retrieve these records?

Correct Answer: C Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 9
For the purpose of preserving the evidentiary chain of custody, which of the following labels is not appropriate?

Correct Answer: C Vote an answer
QUESTION NO: 10
You, as a forensic investigator, have been assigned to investigate a case involving the suspect's email communication. During the investigation, you discover that the emails from the suspect's Trash folder may contain crucial evidence. The emails are stored in .pst files, and you must extract and analyze all relevant email messages, including those that were deleted or marked as corrupted. To ensure the integrity of the data, you need a tool that can efficiently process these files, recover any deleted messages, and provide a clear view of the email contents for analysis.
Which of the following tools would be best suited for this task?

Correct Answer: B Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 11
During a cybercrime investigation involving a large-scale data breach, the investigator uncovers that the evidence is distributed across several cloud-based platforms, with the data hosted on servers in multiple countries. Although the investigator has secured the necessary legal authorizations, including international warrants and data access approvals, they are encountering significant hurdles in retrieving the data due to the complexities of multi-jurisdictional cloud repositories. These issues are causing considerable delays, hindering the timely collection of critical evidence needed to identify the perpetrators.
What is the primary challenge the investigator is facing in this case?

Correct Answer: D Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 12
During a federal investigation, a lawyer unintentionally discloses privileged information to a federal agency. The disclosure includes sensitive details related to a corporate client's ongoing legal dispute.
In the scenario described, what conditions must be met for the unintentional disclosure to extend the waiver of attorney-client privilege or work-product protection to undisclosed communications in both federal and state proceedings?

Correct Answer: C Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 13
Emma, a forensic investigator, discovers that the attacker has tampered with the timestamp metadata of several files, making it difficult to accurately determine when the files were created, accessed, or modified. Emma needs to identify files with manipulated timestamps to uncover hidden evidence. Which of the following tools can Emma use to detect timestamp modifications on NTFS file systems?

Correct Answer: A Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 14
Investigator Janet comes across a suspicious Windows registry key during a computer hacking forensic investigation. She believes modifying this key is associated with the recent cyberattack on the company's servers. In order to confirm this, Janet needs to reference a timestamp embedded inside the registry key. What is the correct name of this timestamp?

Correct Answer: D Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).

QUALITY AND VALUE

Actual4test Practice Exams are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development - no all study materials.

Tested and Approved

We are committed to the process of vendor and third party approvals. We believe professionals and executives alike deserve the confidence of quality coverage these authorizations provide.

Easy to Pass

If you prepare for the exams using our Actual4test testing engine, It is easy to succeed for all certifications in the first attempt. You don't have to deal with all dumps or any free torrent / rapidshare all stuff.

Try Before Buy

Actual4test offers free demo of each product. You can check out the interface, question quality and usability of our practice exams before you decide to buy.