최신EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) - 312-49v11무료샘플문제
문제1
Chloe is a forensic examiner who is currently cracking hashed passwords for a crucial mission and hopefully solve the case. She is using a lookup table used for recovering a plain text password from cipher text; it contains word list and brute-force list along with their computed hash values. Chloe is also using a graphical generator that supports SHA1.
a) What password technique is being used?
b) What tool is Chloe using?
Chloe is a forensic examiner who is currently cracking hashed passwords for a crucial mission and hopefully solve the case. She is using a lookup table used for recovering a plain text password from cipher text; it contains word list and brute-force list along with their computed hash values. Chloe is also using a graphical generator that supports SHA1.
a) What password technique is being used?
b) What tool is Chloe using?
정답: B
문제2
During a ransomware investigation at a law firm in San Francisco, forensic analysts restore encrypted drive images from backups to identify the structure of user data. While examining the recovered disk, they note that the smallest unit of addressable data is 512 bytes and serves as the base element for higher organizational units like clusters and files. Which component of the logical disk structure are they analyzing?
During a ransomware investigation at a law firm in San Francisco, forensic analysts restore encrypted drive images from backups to identify the structure of user data. While examining the recovered disk, they note that the smallest unit of addressable data is 512 bytes and serves as the base element for higher organizational units like clusters and files. Which component of the logical disk structure are they analyzing?
정답: D
설명: (KoreaDumps 회원만 볼 수 있음)
문제3
An investigator is conducting a forensic analysis on a suspect's Microsoft Outlook account. The investigator identifies that the suspect's emails are stored in both .pst (Personal Storage Table) and .ost (Offline Storage Table) files. Since the .ost file is primarily used for offline access to emails in IMAP, Exchange, or Outlook.com accounts, the investigator needs to decide on the appropriate method for acquiring and analyzing the data contained in these files. The investigator is particularly focused on analyzing the .ost file for email evidence. Which of the following steps should the investigator take to properly acquire the email data from the .ost file?
An investigator is conducting a forensic analysis on a suspect's Microsoft Outlook account. The investigator identifies that the suspect's emails are stored in both .pst (Personal Storage Table) and .ost (Offline Storage Table) files. Since the .ost file is primarily used for offline access to emails in IMAP, Exchange, or Outlook.com accounts, the investigator needs to decide on the appropriate method for acquiring and analyzing the data contained in these files. The investigator is particularly focused on analyzing the .ost file for email evidence. Which of the following steps should the investigator take to properly acquire the email data from the .ost file?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제4
During a data breach investigation at a financial firm in Houston, forensic examiners analyze an event log file to determine its integrity status after a system crash. The log indicates that records were written but the file was not properly closed, suggesting potential corruption. Which flag in the ELF_LOGFILE_HEADER structure reflects this condition of uncommitted changes?
During a data breach investigation at a financial firm in Houston, forensic examiners analyze an event log file to determine its integrity status after a system crash. The log indicates that records were written but the file was not properly closed, suggesting potential corruption. Which flag in the ELF_LOGFILE_HEADER structure reflects this condition of uncommitted changes?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제5
During an after-hours investigation at a healthcare provider in Phoenix, Arizona, analysts review Security log entries for group membership changes to trace who initiated access expansion and which account was actually added. Focusing on the event description fields (without altering the original .evtx), which field specifically identifies the account that was added or removed during the group change?
During an after-hours investigation at a healthcare provider in Phoenix, Arizona, analysts review Security log entries for group membership changes to trace who initiated access expansion and which account was actually added. Focusing on the event description fields (without altering the original .evtx), which field specifically identifies the account that was added or removed during the group change?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제6
A financial institution experiences a cyber incident in which customer financial records are exposed, stored data is modified without authorization, and access to critical systems is temporarily disrupted. The incident results in regulatory scrutiny and operational concerns due to the compromise of sensitive organizational information. Which impact on organizational information security is most directly demonstrated by this incident?
A financial institution experiences a cyber incident in which customer financial records are exposed, stored data is modified without authorization, and access to critical systems is temporarily disrupted. The incident results in regulatory scrutiny and operational concerns due to the compromise of sensitive organizational information. Which impact on organizational information security is most directly demonstrated by this incident?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제7
A forensic investigator is examining a data breach at a corporate organization involving unauthorized access to sensitive files. During the investigation, she carefully identifies relevant data, collects it without modifying the original source, preserves its integrity, documents each step of the process, and prepares the findings for potential legal proceedings. What fundamental objective of computer forensics is being applied in this investigation?
A forensic investigator is examining a data breach at a corporate organization involving unauthorized access to sensitive files. During the investigation, she carefully identifies relevant data, collects it without modifying the original source, preserves its integrity, documents each step of the process, and prepares the findings for potential legal proceedings. What fundamental objective of computer forensics is being applied in this investigation?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제8
During a forensic reconstruction of an Intel-based Mac's startup in San Jose, California, examiners must identify the stage that verifies the macOS bootloader before the operating system starts. Which component performs this verification?
During a forensic reconstruction of an Intel-based Mac's startup in San Jose, California, examiners must identify the stage that verifies the macOS bootloader before the operating system starts. Which component performs this verification?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제9
A security research team is creating a dedicated testbed for malware analysis. The team ensures that the test environment is isolated from the functional network, preventing the malware from impacting business operations. The testbed includes virtual machines, victim machines with different configurations (patched and unpatched), and necessary tools such as imaging tools, file analysis tools, and network capture tools. What is the primary benefit of using a sandbox environment in the malware analysis lab?
A security research team is creating a dedicated testbed for malware analysis. The team ensures that the test environment is isolated from the functional network, preventing the malware from impacting business operations. The testbed includes virtual machines, victim machines with different configurations (patched and unpatched), and necessary tools such as imaging tools, file analysis tools, and network capture tools. What is the primary benefit of using a sandbox environment in the malware analysis lab?
정답: D
설명: (KoreaDumps 회원만 볼 수 있음)
문제10
While analyzing NTFS metadata artifacts from a workstation involved in an insider-sabotage investigation, analysts suspect that file timestamps were deliberately manipulated to misrepresent the sequence of events. To validate whether metadata overwriting has occurred, the analysts compare timestamp values maintained by different NTFS attributes. What observation most reliably indicates that timestamping has been performed?
While analyzing NTFS metadata artifacts from a workstation involved in an insider-sabotage investigation, analysts suspect that file timestamps were deliberately manipulated to misrepresent the sequence of events. To validate whether metadata overwriting has occurred, the analysts compare timestamp values maintained by different NTFS attributes. What observation most reliably indicates that timestamping has been performed?
정답: C
설명: (KoreaDumps 회원만 볼 수 있음)