EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) - 312-49v11 Exam Practice Test
In an intrusion investigation at a biotech startup in San Diego, California, analysts review application and shell logs from a Linux web server. They observe a pattern where a second command runs only when the preceding command fails with a non-zero exit status, appearing in user-supplied input that the application forwarded to the system shell. To confirm the command-chaining mechanism used by the attacker, which operator should investigators look for in the logged input?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
During a late-night investigation at a tech firm ' s office in Seattle, the first responder arrives to find multiple computers displaying active sessions. To ensure a comprehensive record that supports later evidence recreation, which action should the first responder prioritize at the crime scene?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
In a product liability lawsuit at a manufacturing plant in Detroit, Michigan, a compliance officer determines that potentially responsive records are scattered across multiple departmental repositories. This fragmentation complicates retrieval and increases the risk of omissions that could trigger sanctions. During case preparation to support defensible collection, what step should be addressed first?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
During a digital forensics investigation, a mobile device running Android OS is seized from a suspect. Upon examination, files are discovered indicating interactions with both Windows and Linux systems. In Android and iOS forensic analysis, which of the following is a crucial step when examining files associated with Windows and Linux systems?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Megan, a CHFI investigator, is examining a complicated breach at a cutting-edge IoT technology company that designs systems for smart homes. The company ' s IoT devices have experienced a massive scale breach, with numerous devices sending unauthorized data to an external server. The company uses a public cloudbased model to manage IoT devices. The unique problem Megan faces is that the breach did not occur via the traditional IoT vulnerabilities as the devices have been designed with state-of-the-art security features and yet the attacker has managed to bypass all security measures. Which of the following is the most plausible method the attacker could have used to compromise the IoT devices?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
A digital forensics team is investigating a cyberattack where multiple devices were compromised.
Among the seized devices is an Android smartphone with evidence suggesting interaction with both Windows and Linux systems.
In Android and iOS forensic analysis, why is it important to analyze files associated with Windows and Linux devices?
Among the seized devices is an Android smartphone with evidence suggesting interaction with both Windows and Linux systems.
In Android and iOS forensic analysis, why is it important to analyze files associated with Windows and Linux devices?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Martha, a CHFI professional, is assigned a significant case involving a cyber-attack on a major online retail company. Martha is tasked with gathering and examining the digital evidence associated with this attack.
However, the retail company has a global presence with servers located in different jurisdictions worldwide.
Considering the ACPO Principles of Digital Evidence, what should Martha ' s primary concern be when dealing with this multi-jurisdictional case?
However, the retail company has a global presence with servers located in different jurisdictions worldwide.
Considering the ACPO Principles of Digital Evidence, what should Martha ' s primary concern be when dealing with this multi-jurisdictional case?
Correct Answer: A
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Sarah, a forensic investigator, is conducting an investigation on a macOS device that is suspected to have been compromised. She is tasked with gathering evidence of unauthorized access to the system. As part of her investigation, she needs to locate information related to when and who accessed the system. In addition to reviewing general system logs. Sarah knows she must focus on certain types of system files that might provide detailed data on unauthorized activities. Which area of the macOS file system would provide the most relevant information regarding logon attempts and other authentication events?
Correct Answer: A
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
During a document-recovery effort at a publishing house in New York City, forensic examiners carve fragmented text strings from a suspect ' s deleted email archive. The recovered characters represent only English letters, numbers, and basic punctuation encoded in a compact 7-bit format limited to 128 specified symbols. Which encoding standard best matches this constraint for reconstructing readable English content?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
As the lead of the forensic department in a well-known multinational bank, John has been tasked with updating the company ' s forensic readiness plan. The bank has faced several minor cyber incidents over the past year but managed to tackle them promptly without any significant impact. However, the upper management has emphasized the need for more robust preparedness. John already has an incident response plan in place and has ensured that the SOC is adequately equipped with the necessary resources. Given this situation, what could be a valuable addition to John ' s forensic readiness plan to further strengthen the bank ' s ability to deal with future cyber incidents?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
During a forensic investigation on an iOS device, you are tasked with retrieving geolocation data for various applications and system services. After examining the device, you come across several files. Which of the following files contains the geolocation data of applications and system services on iOS devices?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).