312-49v9 V8.02_ CHFI QUESTIONS

312-49v9 V8.02_formatted QUESTION 1 The Recycle Bin is located on the Windows desktop. When you delete an item from the hard disk, Windows sends that deleted item to the Recycle Bin and the icon changes to full of empty, but items deleted from removable media, such as a floppy disk or network drive, are not stored in the Recycle Bin. What is the size limit for Recycle Bin in Vista and later versions of the Windows? A. No size limits QUESTION 2 Which of the following is not an example of a cyber-crime? B. Firing an employee for misconduct QUESTION 3 Files stored in the Recycle Bin in its physical location are renamed as D, where, “X" represents the . A. Drive name QUESTION 4 Which of the following statement is not correct when dealing with a powered-on computer at the crime scene? D. If the computer is switched off. power on the computer to take screenshot of the desktop QUESTION 5 Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of . A. 1023 QUESTION 6 Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time. Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network? B. Cross-platform correlation QUESTION 7 Which root folder (hive) of registry editor contains a vast array of configuration information for the system, including hardware settings and software settings? B. HKEY_CURRENT_USER QUESTION 8 Hard disk data addressing is a method of allotting addresses to each of data on a hard disk A. Physical block QUESTION 9 How do you define forensic computing? A. It is the science of capturing, processing, and investigating data security incidents and making it acceptable to a court of law. QUESTION 10 What is the smallest allocation unit of a hard disk? A. Cluster QUESTION 11 Which one of the following statements is not correct while preparing for testimony? B. Do not determine the basic facts of the case before beginning and examining the evidence QUESTION 12 Which of the following statements is not a part of securing and evaluating electronic crime scene checklist? D. Blog about the incident on the internet QUESTION 13 The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/ in Linux. Identify the Apache error log from the following logs. B. [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test QUESTION 14 Operating System logs are most beneficial for Identifying or Investigating suspicious activities involving a particular host. Which of the following Operating System logs contains information about operational actions performed by OS components? A. Event logs QUESTION 15 A mobile operating system manages communication between the mobile device and other compatible devices like computers, televisions, or printers. Which mobile operating system architecture is represented here? C. Android OS Architecture QUESTION 16 All the Information about the user activity on the network, like details about login and logoff attempts, is collected in the security log of the computer. When a user's login is successful, successful audits generate an entry whereas unsuccessful audits generate an entry for failed login attempts in the logon event ID table. In the logon event ID table, which event ID entry (number) represents a successful logging on to a computer? A. 528 QUESTION 17 What is the first step that needs to be carried out to investigate wireless attacks? A. Obtain a search warrant QUESTION 18 Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the system? A. Net sessions QUESTION 19 Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts? A. This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date QUESTION 20 When NTFS Is formatted, the format program assigns the sectors to the boot sectors and to the bootstrap code B. First 16 QUESTION 21 What is the goal of forensic science? A. To determine the evidential value of the crime scene and related evidence QUESTION 22 Smith, an employee of a reputed forensic Investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in hacking of organization DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry key Smith will check to find the above information? C. RunMRU key