100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
EC-Council CHFI QUESTIONS AND ANSWERS ALL CORRECT $10.99   Add to cart

Exam (elaborations)

EC-Council CHFI QUESTIONS AND ANSWERS ALL CORRECT

 1 view  0 purchase
  • Course
  • Institution

EC-Council CHFI What does the Windows operating system examine to determine which application should be used to open a file? Correct Answer: The file extension Which of the following BEST defines the term e-discovery? Correct Answer: A process of producing electronically stored information ...

[Show more]

Preview 2 out of 6  pages

  • July 14, 2022
  • 6
  • 2021/2022
  • Exam (elaborations)
  • Questions & answers
avatar-seller
EC-Council CHFI
What does the Windows operating system examine to determine which application should be used to
open a file? Correct Answer: The file extension

Which of the following BEST defines the term e-discovery? Correct Answer: A process of producing
electronically stored information for use as evidence.

A CHFI is engaged by the owner of a privately owned pharmaceutical firm to investigate possible
computer abuse by one of the firm's employees. She discovers that the company has never published a
Dervis policy stating that they reserve the right to inspect their computing assets at will. Which of the
following is her BEST recommendation to the owner? Correct Answer: B. Inform the owner that
conducting an investigation without a policy is a violation of the employee's expectation of privacy

Which of the following would best prevent contamination of disk-stored digital evidence? Correct
Answer: A write blocker

You have been asked to investigate after a user has reported a threatening e-mail they have received
from an external source. Which of the following are you most interested in when trying to trace the
source of the message? Correct Answer: The e-mail header

Which of the following standards is based on a legal precedent regarding the admissibility of scientific
examinations or experiments in legal cases? Correct Answer: Frye Standard

What is the name of the standard Linux command that can be used to create bit-stream images? Correct
Answer: dd

During the course of an investigation, you locate evidence that may prove the innocence of the suspect
of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding
process, therefore you report this evidence. This type of evidence is known as: Correct Answer:
Exculpatory evidence

In what circumstance would an expert witness be allowed to state an opinion? Correct Answer: C. the
opinion, inferences, or conclusions depend on special knowledge, skill, or training not within the
ordinary experience of lay jurors

Which of following refers to the location of data that might still exist in a cluster even though the
original file has been overwritten by another file? Correct Answer: B. Slack space

To make sure the evidence you recover and analyze with computer forensics software can be admitted
in court, you must test and validate the software. What group is actively providing tools and creating
procedures for testing and validating computer forensics software? Correct Answer: National Institute
of Standards and Technology (NIST)

What does "message repudiation" refer to in the context De of e-mail investigations? Correct Answer:
Message repudiation means a sender can claim they did not actually send a particular message

, Which of the following BEST defines the term e-discovery? Correct Answer: D. A process of producing
electronically stored information for use as evidence.

Which of the following file systems is most closely associated with the Mac OS? Correct Answer: A. HFS+

of An investigator uses a process comparing monitored events to a specific attack model to determine
whether or not the event qualifies as an intrusion. What is this called? process Correct Answer: A.
Signature-based detection

When obtaining a search warrant it is important to Correct Answer: C. Particularly describe the place to
be searched and particularly describe the items to be seized

One technique for hiding information is to change the file extension from the correct one to one that
Dennis Thibo might not be noticed by an investigator, such as changing a .jpg extension to a .doc
extension so that a picture file appears to be a document. What can an investigator examine to verify
that a file has the correct extension? Correct Answer: B. the file header

When investigating a Windows system, it is important to view the contents of the page file or swap file
because: Correct Answer: C. a large volume of data can exist within the swap file of which the computer
user has no knowledge

If a file on a hard drive has a size of 2600 bytes, how many sectors are normally allocated to this file?
Correct Answer: C. 6 sectors

When investigating a security incident involving a Dennis company-owned mobile device, what would
the incident responder most likely describe as the most serious violation of the company's security
policy requirements? Correct Answer: B. User has modified the default OS of the device

You have been asked to perform a live capture of evidence contained in a desktop PC. Which of the
following is the best order of analysis? Correct Answer: C. RAM, HDD, backup tape

You have used a newly released forensic investigation tool, which does not meet the Daubert Test,
during a case. The case goes to court. What argument could the defense make to weaken case? your
Correct Answer: The tool has not been reviewed and accepted by your peers

While investigating an data breach, you notice that a user from the building maintenance department is
a member of the Domain Administrators in Active Directory, and the group account was used to access
sensitive data. Which of the following does this indicate? Correct Answer: C. Privilege escalation

A forensic practitioner is reviewing the process performed for the protection of digital evidence. Which
of the following findings should be of MOST concern? Correct Answer: C. There are no logs
documenting the transportation of evidence

Which organization is well known for its online collection of digital forensic guidelines, best practices,
and procedure references? Correct Answer: C. SWGDE

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

70055 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.99
  • (0)
  Add to cart