Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the ECCouncil CHFIv9 312-49v9 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam 312-49v9 Premium Access

View all detail and faqs for the 312-49v9 exam

Go to Exam

519 Students Passed

96% Average Score

92% Same Questions
Viewing page 1 out of 12 pages
Viewing questions 1-15 out of questions
Questions # 1:

Select the data that a virtual memory would store in a Windows-based system.

Options:

A.

Information or metadata of the files

B.

Documents and other files

C.

Application data

D.

Running processes

Questions # 2:

Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

Options:

A.

Expert Witness

B.

Evidence Examiner

C.

Forensic Examiner

D.

Defense Witness

Questions # 3:

Which of these rootkit detection techniques function by comparing a snapshot of the file system, boot records, or memory with a known and trusted baseline?

Options:

A.

Signature-Based Detection

B.

Integrity-Based Detection

C.

Cross View-Based Detection

D.

Heuristic/Behavior-Based Detection

Questions # 4:

POP3 is an Internet protocol, which is used to retrieve emails from a mail server. Through which port does an email client connect with a POP3 server?

Options:

A.

110

B.

143

C.

25

D.

993

Questions # 5:

What does Locard's Exchange Principle state?

Options:

A.

Any information of probative value that is either stored or transmitted in a digital form

B.

Digital evidence must have some characteristics to be disclosed in the court of law

C.

Anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave

D.

Forensic investigators face many challenges during forensics investigation of a digital crime, such as extracting, preserving, and analyzing the digital evidence

Questions # 6:

Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.

Options:

A.

Statement of personal or family history

B.

Prior statement by witness

C.

Statement against interest

D.

Statement under belief of impending death

Questions # 7:

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

Options:

A.

DevScan

B.

Devcon

C.

fsutil

D.

Reg.exe

Questions # 8:

Raw data acquisition format creates _________ of a data set or suspect drive.

Options:

A.

Segmented image files

B.

Simple sequential flat files

C.

Compressed image files

D.

Segmented files

Questions # 9:

During an investigation of an XSS attack, the investigator comes across the term “[a-zA-Z0-9\%]+” in analyzed evidence details. What is the expression used for?

Options:

A.

Checks for upper and lower-case alphanumeric string inside the tag, or its hex representation

B.

Checks for forward slash used in HTML closing tags, its hex or double-encoded hex equivalent

C.

Checks for opening angle bracket, its hex or double-encoded hex equivalent

D.

Checks for closing angle bracket, hex or double-encoded hex equivalent

Questions # 10:

Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?

Options:

A.

Tokenmon

B.

PSLoggedon

C.

TCPView

D.

Process Monitor

Questions # 11:

A Linux system is undergoing investigation. In which directory should the investigators look for its current state data if the system is in powered on state?

Options:

A.

/auth

B.

/proc

C.

/var/log/debug

D.

/var/spool/cron/

Questions # 12:

Buffer overflow vulnerabilities, of web applications, occurs when the application fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the _________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.

Options:

A.

Adjacent buffer locations

B.

Adjacent string locations

C.

Adjacent bit blocks

D.

Adjacent memory locations

Questions # 13:

What is the location of a Protective MBR in a GPT disk layout?

Options:

A.

Logical Block Address (LBA) 2

B.

Logical Block Address (LBA) 0

C.

Logical Block Address (LBA) 1

D.

Logical Block Address (LBA) 3

Questions # 14:

What is cold boot (hard boot)?

Options:

A.

It is the process of restarting a computer that is already in sleep mode

B.

It is the process of shutting down a computer from a powered-on or on state

C.

It is the process of restarting a computer that is already turned on through the operating system

D.

It is the process of starting a computer from a powered-down or off state

Questions # 15:

Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?

Options:

A.

A text file deleted from C drive in sixth sequential order

B.

A text file deleted from C drive in fifth sequential order

C.

A text file copied from D drive to C drive in fifth sequential order

D.

A text file copied from C drive to D drive in fifth sequential order

Viewing page 1 out of 12 pages
Viewing questions 1-15 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PCNSE
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA