Pass the ECCouncil CHFIv9 312-49v9 Questions and answers with ExamsMirror

In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

When a router receives an update for its routing table, what is the metric value change to that path?

Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program. What part of the analysis is he performing?

Wireless access control attacks aim to penetrate a network by evading WLAN access control measures such as AP MAC filters and Wi-Fi port access controls. Which of the following wireless access control attacks allow the attacker to set up a rogue access point outside the corporate perimeter and then lure the employees of the organization to connect to it?

While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

What will the following command accomplish in Linux?

fdisk /dev/hda

When reviewing web logs, you see an entry for resource not found in the HTTP status code field.

What is the actual error code that you would see in the log for resource not found?

A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this?

In the following email header, where did the email first originate from?

Which of the following tool captures and allows you to interactively browse the traffic on a network?

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

Which of the following stages in a Linux boot process involve initialization of the system’s hardware?

Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first response while maintaining the integrity of evidence?

Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system?