312-49V8 ECCouncil Computer Hacking Forensic Investigator Set 6

Which of the following is the certifying body of forensics labs that investigate criminal cases by
analyzing evidence?

Options are :

  • The American Forensics Laboratory for Computer Forensics (AFLCF)
  • International Society of Forensics Laboratory (ISFL)
  • The American Forensics Laboratory Society (AFLS)
  • The American Society of Crime Laboratory Directors (ASCLD) (Correct)

Answer : The American Society of Crime Laboratory Directors (ASCLD)

International Mobile Equipment Identifier (IMEI) is a 15-dlgit number that indicates the
manufacturer, model type, and country of approval for GSM devices. The first eight digits of an
IMEI number that provide information about the model and origin of the mobile device is also
known as:

Options are :

  • Device Origin Code (DOC)
  • Integrated Circuit Code (ICC)
  • Type Allocation Code (TAC) (Correct)
  • Manufacturer identification Code (MIC)

Answer : Type Allocation Code (TAC)

Billy, a computer forensics expert, has recovered a large number of DBX files during forensic investigation of a laptop. Which of the following email clients he can use to analyze the DBX files?

Options are :

  • Microsoft Outlook
  • Mozilla Thunderoird
  • Microsoft Outlook Express (Correct)
  • Eudora

Answer : Microsoft Outlook Express

BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP
images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors).
Each bitmap file contains header, the RGBQUAD array, information header, and image data.
Which of the following element specifies the dimensions, compression type, and color format for
the bitmap?

Options are :

  • Header
  • None
  • The RGBQUAD array (Correct)
  • Information header
  • Image data

Answer : The RGBQUAD array

Wi-Fi Protected Access (WPA) is a data encryption method for WLANs based on 802.11
standards. Temporal Key Integrity Protocol (TKIP) enhances WEP by adding a rekeying
mechanism to provide fresh encryption and integrity keys. Temporal keys are changed for

Options are :

  • 20.000 packets
  • 10.000 packets (Correct)
  • 5,000 packets
  • 15,000 packets

Answer : 10.000 packets

Injection flaws are web application vulnerabilities that allow untrusted data to be Interpreted and
executed as part of a command or query. Attackers exploit injection flaws by constructing
malicious commands or queries that result in data loss or corruption, lack of accountability, or
denial of access. Which of the following injection flaws involves the injection of malicious code
through a web application?

Options are :

  • Footprinting
  • SQL Injection (Correct)
  • Nmap Scanning
  • Password brute force

Answer : SQL Injection

Digital evidence validation involves using a hashing algorithm utility to create a binary or
hexadecimal number that represents the uniqueness of a data set, such as a disk drive or file.
Which of the following hash algorithms produces a message digest that is 128 bits long?

Options are :

  • SHA-1
  • CRC-32
  • SHA-512
  • MD5 (Correct)

Answer : MD5

The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format
includes basic items, such as client IP address, user name, date and time, service and instance,
server name and IP address, request type, target of operation, etc. Identify the service status code
from the following IIS log., -, 03/6/11, 8:45:30, W3SVC2, SERVER,, 4210, 125, 3524, 100, 0,
GET, /dollerlogo.gif,

Options are :

  • 100 (Correct)
  • W3SVC2
  • 3524
  • 4210

Answer : 100

JPEG is a commonly used method of compressing photographic Images. It uses a compression
algorithm to minimize the size of the natural image, without affecting the quality of the image. The
JPEG lossy algorithm divides the image in separate blocks of____________.

Options are :

  • 8x8 pixels (Correct)
  • 32x32 pixels
  • 16x16 pixels
  • 4x4 pixels

Answer : 8x8 pixels

A forensic investigator is a person who handles the complete Investigation process, that is, the
preservation, identification, extraction, and documentation of the evidence. The investigator has
many roles and responsibilities relating to the cybercrime analysis. The role of the forensic
investigator is to:

Options are :

  • Take permission from all employees of the organization for investigation
  • Keep the evidence a highly confidential and hide the evidence from law enforcement agencies
  • Create an image backup of the original evidence without tampering with potential evidence (Correct)
  • Harden organization network security

Answer : Create an image backup of the original evidence without tampering with potential evidence

The evolution of web services and their increasing use in business offers new attack vectors in an
application framework. Web services are based on XML protocols such as web Services Definition
Language (WSDL) for describing the connection points, Universal Description, Discovery, and
Integration (UDDI) for the description and discovery of Web services and Simple Object Access
Protocol (SOAP) for communication between Web services that are vulnerable to various web
application threats. Which of the following layer in web services stack is vulnerable to fault code

Options are :

  • Presentation Layer
  • Security Layer
  • Access Layer
  • Discovery Layer (Correct)

Answer : Discovery Layer

An intrusion detection system (IDS) gathers and analyzes information from within a computer or a
network to identify any possible violations of security policy, including unauthorized access, as well
as misuse.
Which of the following intrusion detection systems audit events that occur on a specific host?

Options are :

  • Network-based intrusion detection
  • File integrity checking
  • Host-based intrusion detection (Correct)
  • Log file monitoring

Answer : Host-based intrusion detection

Which of the following attacks allows attacker to acquire access to the communication channels
between the victim and server to extract the information?

Options are :

  • Replay attack
  • Distributed network attack
  • Man-in-the-middle (MITM) attack (Correct)
  • Rainbow attack

Answer : Man-in-the-middle (MITM) attack

Netstat is a tool for collecting Information regarding network connections. It provides a simple view
of TCP and UDP connections, and their state and network traffic statistics.
Which of the following commands shows you the TCP and UDP network connections, listening
ports, and the identifiers?

Options are :

  • netstat ?ano (Correct)
  • netstat ?s
  • netstat ?r
  • netstat ?b

Answer : netstat ?ano

Raw data acquisition format creates ____________of a data set or suspect drive.

Options are :

  • Compressed image files
  • Simple sequential flat files (Correct)
  • Segmented image files
  • Segmented files

Answer : Simple sequential flat files

Which of the following is not a part of disk imaging tool requirements?

Options are :

  • The tool should not compute a hash value for the complete bit stream copy generated from an image file of the source (Correct)
  • The tool should log I/O errors in an accessible and readable form, including the type and location of the error
  • The tool should not change the original content
  • The tool must have the ability to be held up to scientific and peer review

Answer : The tool should not compute a hash value for the complete bit stream copy generated from an image file of the source

What is a first sector ("sector zero") of a hard disk?

Options are :

  • Master boot record (Correct)
  • System boot record
  • Hard disk boot record
  • Secondary boot record

Answer : Master boot record

Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in
Windows 7 is:

Options are :

  • HKEY_LOCAL_MACHlNE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \NetworkList
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentsVersion \setup
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion \ProfileList (Correct)

Answer : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion \ProfileList

Wireless network discovery tools use two different methodologies to detect, monitor and log a
WLAN device (i.e. active scanning and passive scanning). Active scanning methodology involves
____________and waiting for responses from available wireless networks.

Options are :

  • Scanning the network
  • Sniffing the packets from the airwave
  • Inspecting WLAN and surrounding networks
  • Broadcasting a probe request frame (Correct)

Answer : Broadcasting a probe request frame

Which of the following standard is based on a legal precedent regarding the admissibility of
scientific examinations or experiments in legal cases?

Options are :

  • Frye Standard (Correct)
  • Schneiderman Standard
  • FERPA standard
  • Daubert Standard

Answer : Frye Standard

A mobile operating system is the operating system that operates a mobile device like a mobile
phone, smartphone, PDA, etc. It determines the functions and features available on mobile
devices such as keyboards, applications, email, text messaging, etc. Which of the following mobile
operating systems is free and open source?

Options are :

  • Symbian OS
  • Web OS
  • Android (Correct)
  • Apple IOS

Answer : Android

Which of the following attacks allows an attacker to access restricted directories, including
application source code, configuration and critical system files, and to execute commands outside
of the web server's root directory?

Options are :

  • Directory traversal (Correct)
  • Unvalidated input
  • Security misconfiguration
  • Parameter/form tampering

Answer : Directory traversal

Damaged portions of a disk on which no read/Write operation can be performed is known as

Options are :

  • Lost sector
  • Unused sector
  • Empty sector
  • Bad sector (Correct)

Answer : Bad sector

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions