The EC-Council 312-49 Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the CHFI certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guide for the EC-Council Computer Hacking Forensic Investigator will help guide you through the study process for your certification.
312-49 EC-Council Computer Hacking Forensic Investigator Exam Summary
Exam Name: EC-Council Computer Hacking Forensic Investigator (CHFI)
Exam Code: 312-49
Exam Price: $500 (USD)
Duration: 240 mins
Number of Questions: 150
Passing Score: 70%
Reference Books: Courseware
Schedule Exam: Pearson VUE
Sample Questions: EC-Council CHFI Sample Questions
Recommended Practice: EC-Council 312-49 Certification Practice Exam
Exam Syllabus: 312-49 EC-Council Computer Hacking Forensic Investigator (CHFI)
1. Computer Forensics in Today’s World
2. Computer Forensics Investigation Process
3. Understanding Hard Disks and File Systems
4. Operating System Forensics
5. Defeating Anti-Forensics Techniques
6. Data Acquisition and Duplication
7. Network Forensics
8. Investigating Web Attacks
9. Database Forensics
10. Cloud Forensics
11. Malware Forensics
12. Investigating Email Crimes
13. Mobile Forensics
14. Investigative Reports
EC-Council 312-49 Certification Sample Questions and Answers
To make you familiar with EC-Council Computer Hacking Forensic Investigator (312-49) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for CHFI v9 312-49 Certification to test your understanding of EC-Council 312-49 process with real EC-Council certification exam environment.
312-49 EC-Council Computer Hacking Forensic Investigator Sample Questions:-
01. Syslog is a client/server protocol standard for forwarding log messages across an IP network. Syslog uses ___________to transfer log messages in a clear text format.
a) TCP
b) FTP
c) SMTP
d) POP
Answer: a
02. What is the First Step required in preparing a computer for forensics investigation?
a) Do not turn the computer off or on, run any programs, or attempt to access data on a computer
b) Secure any relevant media
c) Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
d) Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination
Answer: a
03. A forensic investigator is a person who handles the complete Investigation process, that is, the preservation, identification, extraction, and documentation of the evidence. The investigator has many roles and responsibilities relating to the cybercrime analysis. The role of the forensic investigator is to:
a) Take permission from all employees of the organization for investigation
b) Harden organization network security
c) Create an image backup of the original evidence without tampering with potential evidence
d) Keep the evidence a highly confidential and hide the evidence from law enforcement agencies
Answer: c
04. File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?
a) The last letter of a file name is replaced by a hex byte code E5h
b) The operating system marks the file's name in the MFT with a special character that indicates that the file has been deleted
c) Corresponding clusters in FAT are marked as used
d) The computer looks at the clusters occupied by that file and does not avails space to store a new file
Answer: b
05. BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?
a) Header
b) The RGBQUAD array
c) Information header
d) Image data
Answer: b
06. When collecting evidence from the RAM, where do you look for data?
a) Swap file
b) SAM file
c) Data file
d) Log file
Answer: a
07. Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?
a) 18 USC 7029
b) 18 USC 7030
c) 18 USC 7361
d) 18 USC 7371
Answer: b
08. LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.
a) Sequential number
b) Index number
c) Operating system number
d) Sector number
Answer: a
09. How do you define Technical Steganography?
a) Steganography that uses physical or chemical means to hide the existence of a message
b) Steganography that utilizes written natural language to hide the message in the carrier in some non-obvious ways
c) Steganography that utilizes written JAVA language to hide the message in the carrier in some non-obvious ways
d) Steganography that utilizes visual symbols or signs to hide secret messages
Answer: a
10. Which is not a part of environmental conditions of a forensics lab?
a) Large dimensions of the room
b) Good cooling system to overcome excess heat generated by the work station
c) Allocation of workstations as per the room dimensions
d) Open windows facing the public road
Answer: d
留言