Free Download Lastest Pass4sure EC-Council CHFI 312-49v8 Exam Questions

Computer Hacking Forensic Investigator v8 Exam: 312-49v8 Exam
312-49v8 Questions & Answers
Exam Code: 312-49v8
Exam Name: Computer Hacking Forensic Investigator v8 Exam
Q & A: 180 Q&As

If a PDA is seized in an investigation while the device is turned on, what would be the proper
A. Keep the device powered on
B. Turn off the device immediately
C. Remove the battery immediately
D. Remove any memory cards immediately
Answer: A

What hashing method is used to password protect Blackberry devices?
B. RC5
C. MD5
D. SHA-1
Answer: D

You have been asked to investigate the possibility of computer fraud in the finance department of
a company. It is suspected that a staff member has been committing finance fraud by printing
cheques that have not been authorized. You have exhaustively searched all data files on a bitmap
image of the target computer, but have found no evidence. You suspect the files may not have
been saved.
What should you examine next in this case?
A. The registry
B. The swapfile
C. The recycle bin
D. The metadata
Answer: B

With regard to using an antivirus scanner during a computer forensics investigation, you should:
A. Scan the suspect hard drive before beginning an investigation
B. Never run a scan on your forensics workstation because it could change your system configuration
C. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
D. Scan your forensics workstation before beginning an investigation
Answer: D

What layer of the OSI model do TCP and UDP utilize?
A. Data Link
B. Network
C. Transport
D. Session
Answer: C

When making the preliminary investigations in a sexual harassment case, how many investigators
are you recommended having?
A. One
B. Two
C. Three
D. Four
Answer: B

When investigating a network that uses DHCP to assign IP addresses, where would you look to
determine which system (MAC address) had a specific IP address at a specific time?
A. On the individual computer ARP cache On the individual computer? ARP cache
B. In the Web Server log files
C. In the DHCP Server log files
D. There is no way to determine the specific IP address
Answer: C

What type of equipment would a forensics investigator store in a StrongHold bag?
B. Backup tapes
C. Hard drives
D. Wireless cards
Answer: D

When performing a forensics analysis, what device is used to prevent the system from recording
data on an evidence disk?
A. Write-blocker
B. Protocol analyzer
C. Firewall
D. Disk editor
Answer: A

If you are concerned about a high level of compression but not concerned about any possible data
loss, what type of compression would you use?
A. Lossful compression
B. Lossy compression
C. Lossless compression
D. Time-loss compression
Answer: B

You are working in the Security Department of a law firm. One of the attorneys asks you about the
topic of sending fake email because he has a client who has been charged with doing just that. His
client alleges that he is innocent and that there is no way for a fake email to actually be sent. You
inform the attorney that his client is mistaken and that fake email is a possibility and that you can
prove it. You return to your desk and craft a fake email to the attorney that appears to come from
his boss. What port do you send the email to on the company SMTP server fake email to the
attorney that appears to come from his boss. What port do you send the email to on the company
SMTP server?
A. 10
B. 25
C. 110
D. 135
Answer: B

The efforts to obtain information before a trial by demanding documents, depositions, questions
and answers written under oath, written requests for admissions of fact, and examination of the
scene is a description of what legal term?
A. Detection
B. Hearsay
C. Spoliation
D. Discovery
Answer: D

An investigator is searching through the firewall logs of a company and notices ICMP packets that
are larger than 65,536 bytes. What type of activity is the investigator seeing?
A. Smurf
B. Ping of death
C. Fraggle
D. Nmap scan
Answer: B

What type of file is represented by a colon (:) with a name following it in the Master File Table
(MFT) of an NTFS disk?
A. Compressed file
B. Data stream file
C. Encrypted file
D. Reserved file
Answer: B

…go to to download the full version Q&As.


Why Choose Lead2pass?

If you want to pass the exam successfully in first attempt you have to choose the best IT study material provider, in my opinion, Lead2pass is one of the best way to prepare for the exam.

Lead2pass Testking Pass4sure Actualtests Others
$99.99 $124.99 $125.99 $189 $29.99-$49.99
Real Questions
Error Correction
Printable PDF
Premium VCE
VCE Simulator
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back