Exam (elaborations)
CHFI Missed Questions and Answers | Latest update 100% Pass
- Course
- Institution
CHFI Missed Questions and Answers | Latest update 100% Pass
[Show more]
Content preview
CHFI Missed Questions and Answers | Latest update100% Pass
When searching through file headers for picture file formats, what should be searched to find
a JPEG file in hexadecimal format?
A. FF D8 FF E0 00 10
B. FF FF FF FF FF FF
C. FF 00 FF 00 FF 00
D. EF 00 EF 00 EF 00 - ✔✔A. FF D8 FF E0 00 10
What type of file is represented by a colon (:) with a name following it in the Master
FileTable (MFT) of an NTFS disk?
A. Compressed file
B. Data stream file
C. Encrypted file
D. Reserved file - ✔✔B. Data stream file
When carrying out a forensics investigation, why should you never delete a partition on a
dynamic disk?
,A. All virtual memory will be deleted
B. The wrong partition may be set to active
C. This action can corrupt the disk
D. The computer will be set in a constant reboot state - ✔✔C. This action can corrupt the disk
Jacob is a computer forensics investigator with over 10 years experience in investigations and
has written over 50 articles on computer forensics. He has been called upon as a qualified
witness to testify the accuracy and integrity of the technical log files gathered in an
investigation into computer fraud. What is the term used for Jacob testimony in this
case?computer fraud. What is the term used for Jacob? testimony in this case?
A. Justification
B. Authentication
C. Reiteration
D. Certification - ✔✔B. Authentication
What is the slave device connected to the secondary IDE controller on a Linux OS referred to?
A. hda
B. hdd
C. hdb
D. hdc - ✔✔B. hdd
,During an investigation, an employee was found to have deleted harassing emails that were sent
to someone else. The company was using Microsoft Exchange and had message tracking
enabled. Where could the investigator search to find the message tracking log file on the
Exchange server?
A. C:\Program Files\Exchsrvr\servername.log
B. D:\Exchsrvr\Message Tracking\servername.log
C. C:\Exchsrvr\Message Tracking\servername.log
D. C:\Program Files\Microsoft Exchange\srvr\servername.log - ✔✔A.
C:\Program Files\Exchsrvr\servername.log
What file is processed at the end of a Windows XP boot to initialize the logon dialog box?
A. NTOSKRNL.EXE
B. NTLDR
C. LSASS.EXE
D. NTDETECT.COM - ✔✔C. LSASS.EXE
Paraben Lockdown device uses which operating system to write hard drive
data?Paraben?Lockdown device uses which operating system to write hard drive data?
A. Mac OS
B. Red Hat
, C. Unix
D. Windows - ✔✔D. Windows
A picture file is recovered from a computer under investigation. During the investigation
process, the file is enlarged 500% to get a better view of its contents. The picture quality is not
degraded at all from this process. What kind of picture is this file?its contents. The picture?
quality is not degraded at all from this process. What kind of picture is this file?
A. Raster image
B. Vector image
C. Metafile image
D. Catalog image - ✔✔B. Vector image
What advantage does the tool Evidor have over the built-in Windows search?
A. It can find deleted files even after they have been physically removed
B. It can find bad sectors on the hard drive
C. It can search slack space
D. It can find files hidden within ADS - ✔✔C. It can search slack space
In the context of file deletion process, which of the following statement holds true?
A. When files are deleted, the data is overwritten and the cluster marked as available
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Examsplug. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
81298 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now
