The purpose of this Sample Question Set is to provide you with information about the EC-Council Computer Hacking Forensic Investigator exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the 312-49 certification test. To get familiar with real exam environment, we suggest you try our Sample EC-Council CHFI Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual EC-Council Computer Hacking Forensic Investigator (CHFI) certification exam.
These sample questions are simple and basic questions that represent likeness to the real EC-Council 312-49 exam questions. To assess your readiness and performance with real time scenario based questions, we suggest you prepare with our Premium EC-Council CHFI Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.
EC-Council 312-49 Sample Questions:
01. The file content of evidence files can be viewed using the View Pane. The View pane provides several tabs to view file content.
Which of this tab provides native views of formats supported by Oracle outside in technology?
a) Text tab
b) Hex tab
c) Picture tab
d) Doc tab
02. During live response, you can retrieve and analyze much of the information in the Registry, and the complete data during post-mortem investigation.
Which of this registry Hive contains configuration information relating to which application is used to open various files on the system?
03. Which one of the following is the smallest allocation unit of a hard disk, which contains a set of tracks and sectors ranging from 2 to 32, or more, depending on the formatting scheme?
04. Source Processor automates and streamlines common investigative tasks that collect, analyze, and report on evidence. Which of this source processor module obtains drives and memory from a target machine?
a) Acquisition Module
b) Internet Artifacts Module
c) Personal Information Module
d) File Processor Module
05. Which of this attack technique is the combination of both a brute-force attack and a dictionary attack to crack a password?
a) Hybrid Attack
b) Rule-based Attack
c) Syllable Attack
d) Fusion Attack
06. Mike is a Computer Forensic Investigator. He got a task from an organization to investigate a forensic case. When Mike reached the organization to investigate the place, he found that the computer at the crime scene was switched off.
In this scenario, what do you think Mike should do?
a) He should turn on the computer
b) He should leave the computer off
c) He should turn on the computer and extract the data
d) He should turn on the computer and should start analyzing it
07. The process of examining acquired evidence is cyclical in nature and reflected in the relationship among the four panes of the EnCase interface.
Which of the following pane represents a structured view of all gathered evidence in a Windows-like folder hierarchy?
a) Tree Pane
b) Table Pane
c) View Pane
d) Filter Pane
08. Which type of digital data stores a document file on a computer when it is deleted and helps in the process of retrieving the file until that file space is reused?
b) Transient Data
c) Archival Data
d) Residual Data
09. Redundant Array of Inexpensive Disks (RAID) is a technology that uses multiple smaller disks simultaneously which functions as a single large volume.
In which RAID level disk mirroring is done?
a) RAID Level 3
b) RAID Level 0
c) RAID Level 1
d) RAID Level 5
10. Which of the following is a legal document that demonstrates the progression of evidence as it travels from original evidence location to the forensic laboratory?
a) Chain of Custody
b) Origin of Custody
c) Evidence Document
d) Evidence Examine
Note: For any error in EC-Council Computer Hacking Forensic Investigator (CHFI) (312-49) certification exam sample questions, please update us by writing an email on firstname.lastname@example.org.