100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
C702 CHFI Questions and Answers $15.49   Add to cart

Exam (elaborations)

C702 CHFI Questions and Answers

 4 views  0 purchase
  • Course
  • C702
  • Institution
  • C702

Which of the following is true regarding computer forensics? A. Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them. B. Computer forensics deals with the process of finding evidence related to a d...

[Show more]

Preview 4 out of 31  pages

  • August 2, 2024
  • 31
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • C702
  • C702
avatar-seller
ExamArsenal
C702 Questions and Answers Which documentation should a forensic examiner prepare prior to a dynamic analysis? Ans- The full path and location of the file being investigated What allows for a lawful search to be conducted without a warrant or probable cause? Ans- Consent of person with authority A forensic investigator is tasked with retrieving evidence where the primary server has been erased. The investigator needs to rely on network logs and backup tapes to base their conclusions on while testifying in court. Which information found in rules of evidence, Rule 1001, helps determine if this testimony is acceptable to the court? Ans- Definition of original evidence When can a forensic invest igator collect evidence without formal consent? Ans- When properly worded banners are displayed on the computer screen Who determines whether a forensic investigation should take place if a situation is undocumented in the standard operating procedure s? Ans- Decision maker Which situation leads to a civil investigation? Ans- Disputes between two parties that relate to a contract violation Which rule does a forensic investigator need to follow? Ans- Use well -known standard procedures What is the focus of Locard's exchange principle? Ans- Anyone entering a crime scene takes something with them and leaves something behind. What is the focus of the enterprise theory of investigation (ETI)? Ans- Solving one crime can tie it back t o a criminal organization's activities. A forensic investigator is searching a Windows XP computer image for information about a deleted Word document. The investigator already viewed the sixth file that was deleted from the computer. Two additional files were deleted. What is the name of the last file the investigator opens? Ans- $R7.doc What is a benefit of a web application firewall (WAF)? Ans- Acts as a reverse proxy to inspect all HTTP traffic How does a hacker bypass a web application firew all (WAF) with the toggle case technique? Ans- By randomly capitalizing some of the characters During a recent scan of a network, a network administrator sent ICMP echo 8 packets to each IP address being used in the network. The ICMP echo 8 packets contained an invalid media access control (MAC) address. Logs showed that one device replied with ICMP echo 0 packets. What does the reply from the single device indicate? Ans- The machine is in promiscuous mode. What is the goal for an attacker using a directory traversal attack? Ans- To access areas in the system in which the attacker should not have access A forensic investigator is performing malware analysis on a Windows computer. The investigator believes malware has replaced the legitimate dr ivers with fake versions. What should the investigator look at to confirm these suspicions? Ans- The digital signatures on the drivers

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ExamArsenal. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $15.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

62890 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$15.49
  • (0)
  Add to cart