312-49v10 ECCouncil Computer Hacking Forensic Investigator (CHFI-v10) exact Exam Questions

Computer Hacking Forensic Investigator (CHFI-v10)

Last Update 20 hours ago Total Questions : 704

The Computer Hacking Forensic Investigator (CHFI-v10) content is now fully updated, with all current exam questions added 20 hours ago. Deciding to include 312-49v10 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our 312-49v10 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these 312-49v10 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Computer Hacking Forensic Investigator (CHFI-v10) practice test comfortably within the allotted time.

Question # 76

What is an investigator looking for in the rp.log file stored in a system running on Windows 10 operating system?

Restore point interval

Automatically created restore points

System CheckPoints required for restoring

Restore point functions

Question # 77

Which Event Correlation approach assumes and predicts what an attacker can do next after the attack by studying statistics and probability?

Profile/Fingerprint-Based Approach

Bayesian Correlation

Time (Clock Time) or Role-Based Approach

Automated Field Correlation

Question # 78

Which of the following is a responsibility of the first responder?

Determine the severity of the incident

Collect as much information about the incident as possible

Share the collected information to determine the root cause

Document the findings

Question # 79

What value of the " Boot Record Signature " is used to indicate that the boot-loader exists?

AA55

00AA

AA00

A100

Question # 80

Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?

Sparse File

Master File Table

Meta Block Group

Slack Space

Question # 81

What is the investigator trying to analyze if the system gives the following image as output?

All the logon sessions

Currently active logon sessions

Inactive logon sessions

Details of users who can logon

Question # 82

Raw data acquisition format creates _________ of a data set or suspect drive.

Segmented image files

Simple sequential flat files

Compressed image files

Segmented files

Question # 83

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit

if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Question # 84

The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers written under oath, written requests for admissions of fact and examination of the scene is a description of what legal term?

Detection

Hearsay

Spoliation

Discovery

Question # 85

While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?

Keep the information of file for later review

Destroy the evidence

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

Present the evidence to the defense attorney

Question # 86

If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

true

false

Question # 87

When obtaining a warrant, it is important to:

particularlydescribe the place to be searched and particularly describe the items to be seized

generallydescribe the place to be searched and particularly describe the items to be seized

generallydescribe the place to be searched and generally describe the items to be seized

particularlydescribe the place to be searched and generally describe the items to be seized

Question # 88

Which of the following statements is true with respect to SSDs (solid-state drives)?

Like HDDs. SSDs also have moving parts

SSDs cannot store non-volatile data

SSDs contain tracks, clusters, and sectors to store data

Faster data access, lower power usage, and higher reliability are some of the m < ijor advantages of SSDs over HDDs

Question # 89

Which of the following tools will allow a forensic Investigator to acquire the memory dump of a suspect machine so that It may be Investigated on a forensic workstation to collect evidentiary data like processes and Tor browser artifacts?

DB Browser SQLite

Bulk Extractor

Belkasoft Live RAM Capturer and AccessData FTK imager

Hex Editor