ECCouncil Computer Hacking Forensic Investigator (V9) v11.0

Page:    1 / 33   
Exam contains 486 questions

When a system is compromised, attackers often try to disable auditing, in Windows 7; modifications to the audit policy are recorded as entries of Event ID____________.

  • A. 4902
  • B. 3902
  • C. 4904
  • D. 3904


Answer : A

Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for
Images with up to 256 distinct colors per frame.

  • A. 8-bit
  • B. 16-bit
  • C. 24-bit
  • D. 32-bit


Answer : A

Who is responsible for the following tasks?
-> Secure the scene and ensure that it is maintained In a secure state until the

Forensic Team advises -
-> Make notes about the scene that will eventually be handed over to the Forensic

Team -

  • A. Non-Laboratory Staff
  • B. System administrators
  • C. Local managers or other non-forensic staff
  • D. Lawyers


Answer : A

First responder is a person who arrives first at the crime scene and accesses the victim's computer system after the incident. He or She is responsible for protecting, integrating, and preserving the evidence obtained from the crime scene.
Which of the following is not a role of first responder?

  • A. Identify and analyze the crime scene
  • B. Protect and secure the crime scene
  • C. Package and transport the electronic evidence to forensics lab
  • D. Prosecute the suspect in court of law


Answer : D

System software password cracking is defined as cracking the operating system and all other utilities that enable a computer to function

  • A. True
  • B. False


Answer : A

A computer forensic report is a report which provides detailed information on the complete forensics investigation process.

  • A. True
  • B. False


Answer : A

When collecting evidence from the RAM, where do you look for data?

  • A. Swap file
  • B. SAM file
  • C. Data file
  • D. Log file


Answer : A

Which of the following Steganography techniques allows you to encode information that ensures creation of cover for secret communication?

  • A. Substitution techniques
  • B. Transform domain techniques
  • C. Cover generation techniques
  • D. Spread spectrum techniques


Answer : C

Router log files provide detailed Information about the network traffic on the Internet. It gives information about the attacks to and from the networks. The router stores log files in the____________.

  • A. Router cache
  • B. Application logs
  • C. IDS logs
  • D. Audit logs


Answer : A

When NTFS Is formatted, the format program assigns the __________ sectors to the boot sectors and to the bootstrap code

  • A. First 12
  • B. First 16
  • C. First 22
  • D. First 24


Answer : B

Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?

  • A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM
  • B. He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN
  • C. He should again attempt PIN guesses after a time of 24 hours
  • D. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM


Answer : D

Injection flaws are web application vulnerabilities that allow untrusted data to be Interpreted and executed as part of a command or query. Attackers exploit injection flaws by constructing malicious commands or queries that result in data loss or corruption, lack of accountability, or denial of access. Which of the following injection flaws involves the injection of malicious code through a web application?

  • A. SQL Injection
  • B. Password brute force
  • C. Nmap Scanning
  • D. Footprinting


Answer : A

How do you define Technical Steganography?

  • A. Steganography that uses physical or chemical means to hide the existence of a message
  • B. Steganography that utilizes written natural language to hide the message in the carrier in some non-obvious ways
  • C. Steganography that utilizes written JAVA language to hide the message in the carrier in some non-obvious ways
  • D. Steganography that utilizes visual symbols or signs to hide secret messages


Answer : A

Which of the following statements is not a part of securing and evaluating electronic crime scene checklist?

  • A. Locate and help the victim
  • B. Transmit additional flash messages to other responding units
  • C. Request additional help at the scene if needed
  • D. Blog about the incident on the internet


Answer : D

BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color
(16.7 million colors). Each bitmap file contains header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?

  • A. Header
  • B. The RGBQUAD array
  • C. Information header
  • D. Image data


Answer : B

Page:    1 / 33   
Exam contains 486 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy