412-79V8 Exam Questions

You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the s...

You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that customers reported to them that whenever they entered the web address o...

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and...

As a CHFI professional, which of the following is the most important to your professional reputation?

You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tool...

When cataloging digital evidence, the primary goal is to:

The police believe that Mevin Mattew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellu...

A law enforcement officer may only search for and seize criminal evidence with _____________, which are facts or circumstances that would lead a reasonable person to believe a crim...

You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzli...

You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when...

This attack uses social engineering techniques to trick users into accessing a fake Web site and divulging personal information. Attackers send a legitimate-looking e-mail asking u...

How many bits encryption does SHA-1 use?

What does ICMP (type 11, code 0) denote?

An Expert witness give an opinion if:

Printing under a Windows Computer normally requires which one of the following files types to be created?

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacke...

To preserve digital evidence, an investigator should ____________________

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

During the course of a corporate investigation, you find that an Employee is committing a crime. Can the Employer file a criminal complain with Police?

The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

This organization maintains a database of hash signatures for known software:

One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extensio...

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company,...

Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What...

What information do you need to recover when searching a victims computer for a crime committed with specific e-mail message?

One way to identify the presence of hidden partitions on a suspects hard drive is to:

What does mactime, an essential part of the coroners toolkit do?

The use of warning banners helps a company avoid litigation by overcoming an employees assumed ____________ When connecting to the companys intranet, network or Virtual Private Net...

Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reach...

When investigating a Windows System, it is important to view the contents of the page or swap file because:

A state department site was recently attacked and all the servers had their disks eraseD. The incident response team sealed the area and commenced investigation. During evidence co...

Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

What should you do when approached by a reporter about a case that you are working on or have worked on?

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each fil...

You are working in the security Department of law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing...

Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they...

You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firms employees. You meet...

Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The ma...

At what layer of the OSI model do routers function on?

An "idle" system is also referred to as what?

What operating system would respond to the following command?

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

How many bits is Source Port Number in TCP Header packet?

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server na...

You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product...

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to swit...

You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics laB. How many law-enf...

An attacker injects malicious query strings in user input fields to bypass web service authentication mechanisms and to access back-end databases. Which of the following attacks is...