Download CHFI-11 Certification Exam Questions and Answers and more Exams Computer Science in PDF only on Docsity!
CHFI-11 Questions and Answers Already
Passed
Which of the following commands shows you all of the network services running on Windowsbased servers?
A. Net start
B. Net use
C. Net Session
D. Net share ✔✔Answer: A
QUESTION 2
Data compression involves encoding the data to take up less storage space and less bandwidth for transmission. It helps in saving cost and high data manipulation in many business applications.
Which data compression technique maintains data integrity?
A. Lossless compression
B. Lossy compression
C. Speech encoding compression
D. Lossy video compression ✔✔Answer: A
QUESTION 3
Which of the following statements is incorrect related to acquiring electronic evidence at crime
scene?
A. Sample banners are used to record the system activities when used by the unauthorized user
B. In warning banners, organizations give clear and unequivocal notice to intruders that by signing
onto the system they are expressly consenting to such monitoring
C. The equipment is seized which is connected to the case, knowing the role of the computer which
will indicate what should be taken
D. At the time of seizing process, you need to shut down the computer immediately ✔✔Answer:
D
QUESTION 4
Centralized logging is defined as gathering the computer system logs for a group of systems in a
centralized location.
It is used to efficiently monitor computer system logs with the frequency required to detect
security violations and unusual activity.
Which of the following standard is based on a legal precedent regarding the admissibility of
scientific examinations or experiments in legal cases?
A. Daubert Standard
B. Schneiderman Standard
C. Frye Standard
D. FERPA standard ✔✔Answer: C
QUESTION 8
Injection flaws are web application vulnerabilities that allow untrusted data to be Interpreted and
executed as part of a command or query. Attackers exploit injection flaws by constructing
malicious commands or queries that result in data loss or corruption, lack of accountability, or
denial of access. Which of the following injection flaws involves the injection of malicious code
through a web application?
A. SQL Injection
B. Password brute force
C. Nmap Scanning
D. Footprinting ✔✔Answer: A
QUESTION 9
Which of the following approaches checks and compares all the fields systematically and
intentionally for positive and negative correlation with each other to determine the correlation
across one or multiple fields?
A. Graph-based approach
B. Neural network-based approach
C. Rule-based approach
D. Automated field correlation approach ✔✔Answer: D
QUESTION 10
Which of the following commands shows you the NetBIOS name table each?
A. nbtstat -n
B. nbtstat -c
C. nbtstat -r
D. nbtstat -s ✔✔Answer: A
QUESTION 11
What is a bit-stream copy?
C. The tool must have the ability to be held up to scientific and peer review
D. The tool should not compute a hash value for the complete bit stream copy generated from an
image file of the source ✔✔Answer: D
QUESTION 13
Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center,
typically reaching a value of ___________.
A. 1023
B. 1020
C. 1024
D. 2023 ✔✔Answer: A
QUESTION 14
What is the goal of forensic science?
A. To determine the evidential value of the crime scene and related evidence
B. Mitigate the effects of the information security breach
C. Save the good will of the investigating organization
D. It is a disciple to deal with the legal processes ✔✔Answer: A
QUESTION 15
Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and
their variations such as
http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd.
Identify the attack referred.
A. Directory traversal
B. SQL Injection
C. XSS attack
D. File injection ✔✔Answer: A
QUESTION 16
Which Is a Linux journaling file system?
A. Ext
B. HFS
C. FAT
D. BFS ✔✔Answer: A
about the subscriber. Its main function entails authenticating the user of the cell phone to the
network to gain access to subscribed services. SIM contains a 20-digit long Integrated Circuit
Card identification (ICCID) number, identify the issuer identifier Number from the ICCID below.
A. 89
B. 44
C. 245252
D. 001451548 ✔✔Answer: C
QUESTION 20
Recovery of the deleted partition is the process by which the investigator evaluates and extracts
the deleted partitions.
A. True
B. False ✔✔Answer: A
QUESTION 21
If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally
allocated to this file?
A. 4 Sectors
B. 5 Sectors
C. 6 Sectors
D. 7 Sectors ✔✔Answer: C
QUESTION 22
What is a SCSI (Small Computer System Interface)?
A. A set of ANSI standard electronic interfaces that allow personal computers to communicate with
peripheral hardware such as disk drives, tape drives. CD-ROM drives, printers, and scanners
B. A standard electronic interface used between a computer motherboard's data paths or bus and
the computer's disk storage devices
C. A "plug-and-play" interface, which allows a device to be added without an adapter card and
without rebooting the computer
D. A point-to-point serial bi-directional interface for transmitting data between computer devices at
data rates of up to 4 Gbps ✔✔Answer: A
QUESTION 23
D. SHA-512 ✔✔Answer: B
QUESTION 26
LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the
hard disk.
A. Sequential number
B. Index number
C. Operating system number
D. Sector number ✔✔Answer: A
QUESTION 27
Which of the following attacks allows attacker to acquire access to the communication channels
between the victim and server to extract the information?
A. Man-in-the-middle (MITM) attack
B. Replay attack
C. Rainbow attack
D. Distributed network attack ✔✔Answer: A
QUESTION 28
SMTP (Simple Mail Transfer protocol) receives outgoing mail from clients and validates source
and destination addresses, and also sends and receives emails to and from other SMTP servers.
A. True
B. False ✔✔Answer: A
QUESTION 29
In Windows 7 system files, which file reads the Boot.ini file and loads Ntoskrnl.exe. Bootvid.dll.
Hal.dll, and boot-start device drivers?
A. Ntldr
B. Gdi32.dll
C. Kernel32.dll
D. Boot.in ✔✔Answer: A
QUESTION 30
What is the "Best Evidence Rule"?
A. It states that the court only allows the original evidence of a document, photograph, or recording
QUESTION 32
What is the smallest allocation unit of a hard disk?
A. Cluster
B. Spinning tracks
C. Disk platters
D. Slack space ✔✔Answer: A
QUESTION 33
An Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the
millisecond of computer clock times in a network of computers. Which of the following statement
is true for NTP Stratum Levels?
A. Stratum-0 servers are used on the network; they are not directly connected to computers which
then operate as stratum-1 servers
B. Stratum-1 time server is linked over a network path to a reliable source of UTC time such as
GPS, WWV, or CDMA transmissions
C. A stratum-2 server is directly linked (not over a network path) to a reliable source of UTC time
such as GPS, WWV, or CDMA transmissions
D. A stratum-3 server gets its time over a network link, via NTP, from a stratum-2 server, and so
on ✔✔Answer: D
QUESTION 34
An expert witness is a witness, who by virtue of education, profession, or experience, is believed
to have special knowledge of his/her subject beyond that of the average person, sufficient that
others legally depend upon his/her opinion.
A. True
B. False ✔✔Answer: A
QUESTION 35
Physical security recommendations: There should be only one entrance to a forensics lab
A. True
B. False ✔✔Answer: A
A forensic investigator is a person who handles the complete Investigation process, that is, the
preservation, identification, extraction, and documentation of the evidence. The investigator has
many roles and responsibilities relating to the cybercrime analysis. The role of the forensic
investigator is to:
A. Take permission from all employees of the organization for investigation
B. Harden organization network security
C. Create an image backup of the original evidence without tampering with potential evidence
D. Keep the evidence a highly confidential and hide the evidence from law enforcement agencies
✔✔Answer: C
QUESTION 39
Digital photography helps in correcting the perspective of the Image which Is used In taking the
measurements of the evidence. Snapshots of the evidence and incident-prone areas need to be
taken to help in the forensic process. Is digital photography accepted as evidence in the court of
law?
A. Yes
B. No ✔✔Answer: A
QUESTION 40
Which one of the following is not a consideration in a forensic readiness planning checklist?
A. Define the business states that need digital evidence
B. Identify the potential evidence available
C. Decide the procedure for securely collecting the evidence that meets the requirement fn a
forensically sound manner
D. Take permission from all employees of the organization ✔✔Answer: D
QUESTION 41
Shortcuts are the files with the extension .Ink that are created and are accessed by the users.
These files provide you with information about:
A. Files or network shares
B. Running application
C. Application logs
D. System logs ✔✔Answer: A
QUESTION 42
A computer forensic report is a report which provides detailed information on the complete
