CHFI EXAM WITH COMPLETE SOLUTIONS 100%
CORRECT LATEST UPDATE
What is First Step that must be taken to prepare a computer for forensics investigation?
A. Do not turn the computer off or on, run any programs, or attempt to access data on a
computer
B. Secure any relevant media
C. Suspend automated document destruction and recycling policies that may pertain to
any relevant media or users at Issue
D. What type of data are you looking for, what information are you trying to find and what
is the level of priority of the investigation - ANSWER a
Network forensics could be defined as sniffing, recording, gathering and analyzing the
network traffic and event logs to investigate a network security incident
A. True
B. False - ANSWER a
Which of the following commands shows the names of all open shared files on a server,
as well as how many file locks are applied to each file?
A. Net sessions
B. Net file
C. Netconfig
D. Net share - ANSWER b
,It acts like the Recycle Bin metaphor of throwing files away, but it also allows users to
recover and restore the files. Once the file is moved into the recycle bin, a record is
inserted into the log file that exists inside the Recycle Bin.
Which of the following contains records corresponding to each deleted file in the
Recycle Bin?
A. INFO2 file
B. INFO1 file
C. LOGINFO2 file
D. LOGINFO1 file - ANSWER a
Email archiving is the systematic process of saving and securing the data in emails so it
can be easily accessible in record time. There are two major types of archives; these
are Local Archive and Server Storage Archive. When dealing with a local archive, which
of the following statements is correct?
A. The webmail is difficult to deal with, as there is no offline archive in most of the cases,
so consult your counsel on the case as to the best way to approach and gain access to
the required data on servers.
B. Local archives do not have evidentiary value as email client can modify the message
data
a. The information and settings of the server are stored on a local system in server
storage archives while the information stored on the mail server about the local email
client is stored as local archives.
C. The local archives must be stored along with the server storage archives to present it
in court of law
D. The server storage archives are the information and settings of the server stored on a
local system while the local archives are the information stored on the mail server about
the local email client ANSWER a
Which of the following e-mail headers specifies an address to which mailer-generated
errors are sent, other than the sender's address, such as "no such user" bounce
,messages?
A. Errors-To header
B. Content-Transfer-Encoding header
C. Mime-Version header
D. Content-Type header - ANSWER a
Which of the following will show all of the network services that are running on
Windows-based servers?
A. Net start
B. Net use
C. Net Session
D. Net share - ANSWER a
Email archiving is a systematic approach to store and preserve the information carried
in emails so that it can be accessed conveniently at some later stage.
A. True
B. False - ANSWER a
SAM is a registry file within Windows that stores passwords in a hashed format.
SAM file in Windows is stored at :
A. C:\\windows\\system32\\config\\SAM
B. C:\\windows\\system32\\con\\SAM
C. C:\\windows\\system32\\Boot\\SAM
, D. C:\\windows\\system32\\drivers\\SAM - ANSWER a
FAT32 is a 32-bit version of FAT file system that is using smaller clusters and results in
efficient storage capacity. What is a maximum drive size supported?
A. 1 terabytes
B. 2 terabytes
C. 3 terabytes
D. 4 terabytes - ANSWER b
At which step of the computer forensics investigation methodology would you run MD5
checksum on the evidence?
A. Obtain search warrant
B. Evaluate and secure the scene
C. Collect the evidence
D. Acquire the data - ANSWER d
Network forensics enables Investigators 10 analyze network traffic and logs to trace the
location of an attack system
Network forensics may disclose: (Choose three)
A. Origin of security incidents' and network attacks
B. Course of the attack
C. Methods of intrusion by attackers
D. Hardware configuration of the attacker's system - ANSWER a b c
CORRECT LATEST UPDATE
What is First Step that must be taken to prepare a computer for forensics investigation?
A. Do not turn the computer off or on, run any programs, or attempt to access data on a
computer
B. Secure any relevant media
C. Suspend automated document destruction and recycling policies that may pertain to
any relevant media or users at Issue
D. What type of data are you looking for, what information are you trying to find and what
is the level of priority of the investigation - ANSWER a
Network forensics could be defined as sniffing, recording, gathering and analyzing the
network traffic and event logs to investigate a network security incident
A. True
B. False - ANSWER a
Which of the following commands shows the names of all open shared files on a server,
as well as how many file locks are applied to each file?
A. Net sessions
B. Net file
C. Netconfig
D. Net share - ANSWER b
,It acts like the Recycle Bin metaphor of throwing files away, but it also allows users to
recover and restore the files. Once the file is moved into the recycle bin, a record is
inserted into the log file that exists inside the Recycle Bin.
Which of the following contains records corresponding to each deleted file in the
Recycle Bin?
A. INFO2 file
B. INFO1 file
C. LOGINFO2 file
D. LOGINFO1 file - ANSWER a
Email archiving is the systematic process of saving and securing the data in emails so it
can be easily accessible in record time. There are two major types of archives; these
are Local Archive and Server Storage Archive. When dealing with a local archive, which
of the following statements is correct?
A. The webmail is difficult to deal with, as there is no offline archive in most of the cases,
so consult your counsel on the case as to the best way to approach and gain access to
the required data on servers.
B. Local archives do not have evidentiary value as email client can modify the message
data
a. The information and settings of the server are stored on a local system in server
storage archives while the information stored on the mail server about the local email
client is stored as local archives.
C. The local archives must be stored along with the server storage archives to present it
in court of law
D. The server storage archives are the information and settings of the server stored on a
local system while the local archives are the information stored on the mail server about
the local email client ANSWER a
Which of the following e-mail headers specifies an address to which mailer-generated
errors are sent, other than the sender's address, such as "no such user" bounce
,messages?
A. Errors-To header
B. Content-Transfer-Encoding header
C. Mime-Version header
D. Content-Type header - ANSWER a
Which of the following will show all of the network services that are running on
Windows-based servers?
A. Net start
B. Net use
C. Net Session
D. Net share - ANSWER a
Email archiving is a systematic approach to store and preserve the information carried
in emails so that it can be accessed conveniently at some later stage.
A. True
B. False - ANSWER a
SAM is a registry file within Windows that stores passwords in a hashed format.
SAM file in Windows is stored at :
A. C:\\windows\\system32\\config\\SAM
B. C:\\windows\\system32\\con\\SAM
C. C:\\windows\\system32\\Boot\\SAM
, D. C:\\windows\\system32\\drivers\\SAM - ANSWER a
FAT32 is a 32-bit version of FAT file system that is using smaller clusters and results in
efficient storage capacity. What is a maximum drive size supported?
A. 1 terabytes
B. 2 terabytes
C. 3 terabytes
D. 4 terabytes - ANSWER b
At which step of the computer forensics investigation methodology would you run MD5
checksum on the evidence?
A. Obtain search warrant
B. Evaluate and secure the scene
C. Collect the evidence
D. Acquire the data - ANSWER d
Network forensics enables Investigators 10 analyze network traffic and logs to trace the
location of an attack system
Network forensics may disclose: (Choose three)
A. Origin of security incidents' and network attacks
B. Course of the attack
C. Methods of intrusion by attackers
D. Hardware configuration of the attacker's system - ANSWER a b c
