100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
EC-Council CHFI V9 312-49v9 Test Questions and answers | GRADED A+ CA$15.24   Add to cart

Exam (elaborations)

EC-Council CHFI V9 312-49v9 Test Questions and answers | GRADED A+

 2 views  0 purchase
  • Course
  • Institution

EC-Council CHFI V9 312-49v9 Test Questions and answers | GRADED A+

Preview 2 out of 5  pages

  • July 14, 2022
  • 5
  • 2021/2022
  • Exam (elaborations)
  • Questions & answers
avatar-seller
EC-Council CHFI V9 312-49v9 Test Questions
What is the First Step required in preparing a computer for forensics investigation?
A. Do not turn the computer off or on, run any programs, or attempt to access data on a computer
B. Secure any relevant media
C. Suspend automated document destruction and recycling policies that may pertain to any relevant
media or users at Issue
D. Identify the type of data you are seeking, the Information you are looking for, and the urgency level of
the examination Correct Answer: A. Do not turn the computer off or on, run any programs, or attempt
to access data on a computer

Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network
traffic and event logs in order to investigate a network security incident.
A. True
B. False Correct Answer: B. False

Which of the following commands shows you the names of all open shared files on a server and number
of file locks on each file?
A. Net sessions
B. Net file
C. Netconfig
D. Net share Correct Answer: B. Net file

The Recycle Bin exists as a metaphor for throwing files away, but it also allows user to retrieve and
restore files. Once the file is moved to the recycle bin, a record is added to the log file that exists in the
Recycle Bin.
Which of the following files contains records that correspond to each deleted file in the Recycle Bin?
A. INFO2 file
B. INFO1 file
C. LOGINFO2 file
D. LOGINFO1 file Correct Answer: A. INFO2 file

Email archiving is a systematic approach to save and protect the data contained in emails so that it can
be accessed fast at a later date. There are two main archive types, namely Local Archive and Server
Storage Archive.
Which of the following statements is correct while dealing with local archives?
A. It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your
counsel on the case as to the best way to approach and gain access to the required data on servers
B. Local archives do not have evidentiary value as the email client may alter the message data
C. Local archives should be stored together with the server storage archives in order to be admissible in
a court of law
D. Server storage archives are the server information and settings stored on a local system whereas the
local archives are the local email client information stored on the mail server Correct Answer: A. It is
difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on
the case as to the best way to approach and gain access to the required data on servers

, Which of the following email headers specifies an address for mailer-generated errors, like "no such
user" bounce messages, to go to (instead of the sender's address)?
A. Errors-To header
B. Content-Transfer-Encoding header
C. Mime-Version header
D. Content-Type header Correct Answer: A. Errors-To header

Which of the following commands shows you all of the network services running on Windows-based
servers?
A. Net start
B. Net use
C. Net Session
D. Net share Correct Answer: A. Net start

Email archiving is a systematic approach to save and protect the data contained in emails so that it can
tie easily accessed at a later date.
A. True
B. False Correct Answer: A. True

Which of the following commands shows you the NetBIOS name table each?
A. nbtstat -n
B. nbtstat -c
C. nbtstat -r
D. nbtstat -s Correct Answer: A. nbtstat -n

Windows Security Accounts Manager (SAM) is a registry file which stores passwords in a hashed format.
SAM file in Windows is located at:
A. C:\windows\system32\config\SAM
B. C:\windows\system32\con\SAM
C. C:\windows\system32\Boot\SAM
D. C:\windows\system32\drivers\SAM Correct Answer: A. C:\windows\system32\config\SAM

FAT32 is a 32-bit version of FAT file system using smaller clusters and results in efficient storage
capacity.
What is the maximum drive size supported?
A. 1 terabytes
B. 2 terabytes
C. 3 terabytes
D. 4 terabytes Correct Answer: B. 2 terabytes

In which step of the computer forensics investigation methodology would you run MD5 checksum on
the evidence?
A. Obtain search warrant
B. Evaluate and secure the scene
C. Collect the evidence
D. Acquire the data Correct Answer: D. Acquire the data

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for CA$15.24. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

76747 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
CA$15.24
  • (0)
  Add to cart