Computer Forensics and Cybersecurity Concepts, Exams of Information Technology

A wide range of topics related to computer forensics and cybersecurity, including questions on hard disk allocation units, operating system logs, mobile device management, expert witness qualifications, computer forensics processes, steganography, disk imaging tools, network attacks, and more. A comprehensive overview of key concepts and principles in these fields, making it a valuable resource for students, researchers, and professionals interested in understanding the technical and legal aspects of digital investigations and cybersecurity. The questions cover a diverse range of topics, from low-level hardware and software details to high-level security strategies and legal frameworks, providing a well-rounded introduction to the subject matter.

Typology: Exams

2023/2024

Available from 09/28/2024

Emma_Johnson
Emma_Johnson 🇬🇧

2.1K documents

1 / 49

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CHFI Exam Questions WITH EXPERTLY VERIFIED
ANSWERS
A312-49v9 V8.02_formatted
QUESTION 1
The Recycle Bin is located on the Windows desktop. When you delete an item from the hard disk,
Windows sends that deleted item to the Recycle Bin and the icon changes to full of empty, but items
deleted from removable media, such as a floppy disk or network drive, are not stored in the Recycle
Bin. What is the size limit for Recycle Bin in Vista and later versions of the Windows?
A. No size limits
QUESTION 2
Which of the following is not an example of a cyber-crime?
B.
Firing an employee for misconduct
QUESTION 3
Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, “X" represents
the .
A. Drive name
QUESTION 4
Which of the following statement is not correct when dealing with a powered-on computer at the
crime scene?
D. If the computer is switched off. power on the computer to take screenshot of the desktop
QUESTION 5
Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center,
typically reaching a value of .
A. 1023
QUESTION 6
Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in
a predefined interval of time.
Which type of correlation will you use if your organization wants to use different OS and network
hardware platforms throughout the network?
B. Cross-platform correlation
QUESTION 7
Which root folder (hive) of registry editor contains a vast array of configuration information for the
system, including hardware settings and software settings?
B. HKEY_CURRENT_USER
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31

Partial preview of the text

Download Computer Forensics and Cybersecurity Concepts and more Exams Information Technology in PDF only on Docsity!

CHFI Exam Questions WITH EXPERTLY VERIFIED

ANSWERS

A312-49v9 V8.02_formatted QUESTION 1 The Recycle Bin is located on the Windows desktop. When you delete an item from the hard disk, Windows sends that deleted item to the Recycle Bin and the icon changes to full of empty, but items deleted from removable media, such as a floppy disk or network drive, are not stored in the Recycle Bin. What is the size limit for Recycle Bin in Vista and later versions of the Windows? A. No size limits QUESTION 2 Which of the following is not an example of a cyber-crime? B. Firing an employee for misconduct QUESTION 3 Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, “X" represents the. A. Drive name QUESTION 4 Which of the following statement is not correct when dealing with a powered-on computer at the crime scene? D. If the computer is switched off. power on the computer to take screenshot of the desktop QUESTION 5 Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of. A. 1023 QUESTION 6 Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time. Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network? B. Cross-platform correlation QUESTION 7 Which root folder (hive) of registry editor contains a vast array of configuration information for the system, including hardware settings and software settings? B. HKEY_CURRENT_USER

QUESTION 8

Hard disk data addressing is a method of allotting addresses to each of data on a hard disk A. Physical block QUESTION 9

Which mobile operating system architecture is represented here? C. Android OS Architecture QUESTION 16 All the Information about the user activity on the network, like details about login and logoff attempts, is collected in the security log of the computer. When a user's login is successful, successful audits generate an entry whereas unsuccessful audits generate an entry for failed login attempts in the logon event ID table. In the logon event ID table, which event ID entry (number) represents a successful logging on to a computer? A. 528 QUESTION 17 What is the first step that needs to be carried out to investigate wireless attacks? A. Obtain a search warrant QUESTION 18 Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the system? A. Net sessions QUESTION 19 Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts? A. This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date QUESTION 20 When NTFS Is formatted, the format program assigns the sectors to the boot sectors and to the bootstrap code B. First 16 QUESTION 21 What is the goal of forensic science? A. To determine the evidential value of the crime scene and related evidence

QUESTION 22

Smith, an employee of a reputed forensic Investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in hacking of organization DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry key Smith will check to find the above information? C. RunMRU key

actually launching the file under any circumstances QUESTION 31

The need for computer forensics is highlighted by an exponential increase in the number of cybercrimes and litigations where large organizations were involved. Computer forensics plays an important role in tracking the cyber criminals. The main role of computer forensics is to: D. Extract, process, and interpret the factual evidence so that it proves the attacker's actions in the court QUESTION 32 How do you define Technical Steganography? A. Steganography that uses physical or chemical means to hide the existence of a message QUESTION 33 Which of the following is not a part of disk imaging tool requirements? D. The tool should not compute a hash value for the complete bit stream copy generated from an image file of the source QUESTION 34 A forensic investigator is a person who handles the complete Investigation process, that is, the preservation, identification, extraction, and documentation of the evidence. The investigator has many roles and responsibilities relating to the cybercrime analysis. The role of the forensic investigator is to: C. Create an image backup of the original evidence without tampering with potential evidence QUESTION 35 What document does the screenshot represent?

analyzing evidence?

A. The American Society of Crime Laboratory Directors (ASCLD) QUESTION 40 Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server's root directory? C. Directory traversal QUESTION 41 Raw data acquisition format creates of a data set or suspect drive. A. Simple sequential flat files QUESTION 42 JPEG is a commonly used method of compressing photographic Images. It uses a compression algorithm to minimize the size of the natural image, without affecting the quality of the image. The JPEG lossy algorithm divides the image in separate blocks of. B. 8x8 pixels QUESTION 43 Which of the following attacks allows attacker to acquire access to the communication channels between the victim and server to extract the information? A. Man-in-the-middle (MITM) attack QUESTION 44 Injection flaws are web application vulnerabilities that allow untrusted data to be Interpreted and executed as part of a command or query. Attackers exploit injection flaws by constructing malicious commands or queries that result in data loss or corruption, lack of accountability, or denial of access. Which of the following injection flaws involves the injection of malicious code through a web application? A. SQL Injection QUESTION 45 What is a first sector ("sector zero") of a hard disk? A. Master boot record QUESTION 46 Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is: A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\ProfileList QUESTION 47 Netstat is a tool for collecting Information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers? A. netstat -ano

International Mobile Equipment Identifier (IMEI) is a 15-dlgit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits of an IMEI number that provide information about the model and origin of the mobile device is also known as: A. Type Allocation Code (TAC) QUESTION 49 The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format includes basic items, such as client IP address, user name, date and time, service and instance, server name and IP address, request type, target of operation, etc. Identify the service status code from the following IIS log. 192.168.100.150, -, 03/6/11, 8:45:30, W3SVC2, SERVER, 172.15.10.30, 4210, 125, 3524, 100, 0, GET, / dollerlogo.gif, D. 100 QUESTION 50 The evolution of web services and their increasing use in business offers new attack vectors in an application framework. Web services are based on XML protocols such as web Services Definition Language (WSDL) for describing the connection points, Universal Description, Discovery, and Integration (UDDI) for the description and discovery of Web services and Simple Object Access Protocol (SOAP) for communication between Web services that are vulnerable to various web application threats. Which of the following layer in web services stack is vulnerable to fault code leaks? C. Discovery Layer QUESTION 51 A mobile operating system is the operating system that operates a mobile device like a mobile phone, smartphone, PDA, etc. It determines the functions and features available on mobile devices such as keyboards, applications, email, text messaging, etc. Which of the following mobile operating systems is free and open source? B. Android QUESTION 52 Digital evidence validation involves using a hashing algorithm utility to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a disk drive or file. Which of the following hash algorithms produces a message digest that is 128 bits long? B. MD QUESTION 53 An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthorized access, as well as misuse. Which of the following intrusion detection systems audit events that occur on a specific host? B. Host-based intrusion detection QUESTION 54 Wireless network discovery tools use two different methodologies to detect, monitor and log a WLAN

device (i.e. active scanning and passive scanning). Active scanning methodology involves and waiting for responses from available wireless networks.

B. 18 U.S.C. 1030 Fraud and related activity in connection with computers

QUESTION 64

In a FAT32 system, a 123 KB file will use how many sectors? E. 246 Correct Answer: E QUESTION 65 The refers to handing over the results of private investigations to the authorities because of indications of criminal activity. D. Silver-Platter Doctrine QUESTION 66 Where is the default location for Apache access logs on a Linux computer? A. usr/local/apache/logs/access_log QUESTION 67 Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd. From the log, the investigator can see where the person in question went on the Internet. From the log, it appears that the user was manually typing in different user ID numbers. What technique this user was trying? A. Parameter tampering QUESTION 68 Harold is finishing up a report on a case of network intrusion, corporate spying, and embezzlement that he has been working on for over six months. He is trying to find the right term to use in his report to describe network- enabled spying. What term should Harold use? C. Netspionage What is considered a grant of a property right given to an individual who discovers or invents a new

QUESTION 70

When an investigator contacts by telephone the domain administrator or controller listed by a who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records? D. Title 18, Section 2703(f) QUESTION 71 If you come across a sheepdip machine at your client site, what would you infer? C. A sheepdip computer is used only for virus-checking QUESTION 72 To calculate the number of bytes on a disk, the formula is: CHS** D. number of cylinders x number of heads x number of sides x 512 bytes per sector QUESTION 73 You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors? B. 0:1709, 150 QUESTION 74 A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108: TCP TTL: 43 TOS: 0x0 ID: 29726 IpLen: 20 DgmLen: 52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103: UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen: Len: 64 01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A ................ 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................ 00 00 00 11 00 00 00 00 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103: UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen: Len: 1084 47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 G..c............

3A B1 5E E5 00 00 00 09 6C 6F 63 61 6C 68 6F 73 :.^.....localhost