Spring Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the ECCouncil CHFI v10 312-49v10 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam 312-49v10 Premium Access

View all detail and faqs for the 312-49v10 exam

Go to Exam

790 Students Passed

97% Average Score

92% Same Questions
Viewing page 8 out of 15 pages
Viewing questions 106-120 out of questions
Questions # 106:

What will the following URL produce in an unpatched IIS Web Server?

http://www.thetargetsite.com/scripts/..% co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

Options:

A.

Directory listing of C: drive on the web server

B.

Insert a Trojan horse into the C: drive of the web server

C.

Execute a buffer flow in the C: drive of the web server

D.

Directory listing of the C:\windows\system32 folder on the web server

Questions # 107:

Which of the following is NOT an anti-forensics technique?

Options:

A.

Data Deduplication

B.

Steganography

C.

Encryption

D.

Password Protection

Questions # 108:

What is the investigator trying to view by issuing the command displayed in the following screenshot?

Question # 108

Options:

A.

List of services stopped

B.

List of services closed recently

C.

List of services recently started

D.

List of services installed

Questions # 109:

Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?

Options:

A.

Civil Investigation

B.

Administrative Investigation

C.

Both Civil and Criminal Investigations

D.

Criminal Investigation

Questions # 110:

Rusty, a computer forensics apprentice, uses the command nbtstat –c while analyzing the network information in a suspect system. What information is he looking for?

Options:

A.

Contents of the network routing table

B.

Status of the network carrier

C.

Contents of the NetBIOS name cache

D.

Network connections

Questions # 111:

Which of the following stand true for BIOS Parameter Block?

Options:

A.

The BIOS Partition Block describes the physical layout of a data storage volume

B.

The BIOS Partition Block is the first sector of a data storage device

C.

The length of BIOS Partition Block remains the same across all the file systems

D.

The BIOS Partition Block always refers to the 512-byte boot sector

Questions # 112:

What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?

Options:

A.

AA55

B.

00AA

C.

AA00

D.

A100

Questions # 113:

Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying the search process. Which of the following hex codes should she look for to identify image files?

Options:

A.

ff d8 ff

B.

25 50 44 46

C.

d0 0f 11 e0

D.

50 41 03 04

Questions # 114:

Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?

Options:

A.

File fingerprinting

B.

Identifying file obfuscation

C.

Static analysis

D.

Dynamic analysis

Questions # 115:

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network.

Options:

A.

48-bit address

B.

24-bit address

C.

16-bit address

D.

32-bit address

Questions # 116:

Which among the following search warrants allows the first responder to search and seize the victim’s computer components such as hardware, software, storage devices, and documentation?

Options:

A.

John Doe Search Warrant

B.

Citizen Informant Search Warrant

C.

Electronic Storage Device Search Warrant

D.

Service Provider Search Warrant

Questions # 117:

Which of the following Perl scripts will help an investigator to access the executable image of a process?

Options:

A.

Lspd.pl

B.

Lpsi.pl

C.

Lspm.pl

D.

Lspi.pl

Questions # 118:

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

Options:

A.

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

B.

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit

C.

if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Questions # 119:

What is the name of the first reserved sector in File allocation table?

Options:

A.

Volume Boot Record

B.

Partition Boot Sector

C.

Master Boot Record

D.

BIOS Parameter Block

Questions # 120:

Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

Options:

A.

Core Services

B.

Media services

C.

Cocoa Touch

D.

Core OS

Viewing page 8 out of 15 pages
Viewing questions 106-120 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA