EC-COUNCIL 312-49v11 問題集

質問 1：
During a recent network intrusion investigation, a CHFI received logs from Juniper IDS, Check Point IPS, and a Kippo Honeypot. Which log provides information about the network traffic and bandwidth adjustment, aiding in business risk valuation?
A. Kippo Honeypot
B. Juniper IDS
C. Check Point IPS
D. None of the above
正解：B

質問 2：
In an echo data hiding technique, the secret message is embedded into a __________as an echo.
A. Pseudo-random signal
B. Phase spectrum of a digital signal
C. Pseudo- spectrum signal
D. Cover audio signal
正解：D

質問 3：
During an Investigation. Noel found a SIM card from the suspect's mobile. The ICCID on the card is 8944245252001451548.
What does the first four digits (89 and 44) In the ICCID represent?
A. Issuer identifier number and TAC
B. Industry identifier and country code
C. TAC and industry identifier
D. Country code and industry identifier
正解：B

質問 4：
Before performing a logical or physical search of a drive in Encase, what must be added to the program?
A. Hash sets
B. Keywords
C. Bookmarks
D. File signatures
正解：B

質問 5：
Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?
A. Civil Investigation
B. Administrative Investigation
C. Criminal Investigation
D. Both Civil and Criminal Investigations
正解：B

質問 6：
Which code does the FAT file system use to mark the file as deleted?
A. E5H
B. 5EH
C. ESH
D. H5E
正解：A

質問 7：
SO/IEC 17025 is an accreditation for which of the following:
A. Chain of custody
B. Encryption
C. Forensics lab licensing
D. CHFI issuing agency
正解：C

質問 8：
As part of an ongoing cyber investigation in a rapidly expanding organization, the Computer Hacking Forensic Investigator (CHFI) has to choose the most effective Security Information and Event Management (SIEM) tool for the company's ever-growing IT infrastructure. This SIEM tool must efficiently collect, index, and alert real-time machine data and offer functionalities for rapid detection and response to both internal and external threats. Additionally, the tool should be capable of leveraging Al-powered machine learning for actionable insights. Based on these requirements, the investigator should consider the following:
A. Both Splunk ES and IBM QRadar, but IBM QRadar has an edge due to prebuilt reports and templates
B. Splunk Enterprise Security (ES) only
C. Both Splunk ES and IBM QRadar, but Splunk ES has an edge due to Al-powered machine learning capabilities
D. IBM QRadar only
正解：C

質問 9：
A Computer Hacking Forensic Investigator (CHFI) is examining a compromised Macintosh computer. The system was found to be missing the pre-linked kernel at
/System/Library/Caches/com.apple.kernelcaches. What is the next step that the Macintosh boot process will take to load the operating system in such a scenario?
A. The boot loader will attempt to load the mkext cache file containing a set of device drivers
B. The boot loader will search for drivers in the/System/Library/Extensions directory
C. The system will initialize the I/O kit and link the loaded drivers to the kernel
D. The boot loader will pass control to BootX (PowerPC) or boot.efi (Intel)
正解：B