Computer Hacking Forensic Investigator (CHFI) Version 9 Test

Which is not a requirement under the CAN-SPAM act?

Options are :

  • identifying the commercial email as an ad
  • not using deceptive subject lines
  • honoring opt-out requests within 30 days (Correct)
  • including a valid physical postal mailing address in the email

Answer : honoring opt-out requests within 30 days

Explanation (Chapter 12): Opt-out requests should be honored within 10 business days under the CAN-SPAM act.

Fred needs to recover a RAID drive.  Which tool can he use?

Options are :

  • RAID23
  • RAID64
  • EaseUS
  • TotalRecall (Correct)

Answer : TotalRecall

Explanation (Chapter 5): TotalRecall can be used to recover RAID drives. EaseUS offers specific file searching. The other two answers are made up.

ECCouncil ECSS Certified Security Specialist Practice Exam Set 2

These commands can be used in Linux.

Options are :

  • dd and dcfldd (Correct)
  • dd and lfox
  • dcfldd and hash -l
  • hfs and hfs -list

Answer : dd and dcfldd

Explanation (Chapter 4): dd and dcfldd are Linux commands. The other answers are incorrect because they do not contain both of these commands.

The attorney that called the witness to the stand is asking the questions, this would be called:

Options are :

  • direct examination (Correct)
  • contempt of court
  • cross examination
  • E Pluribus Unum

Answer : direct examination

Explanation (Chapter 14): This would be considered direct examination. Cross-Examination is when the witness is questioned by the attorney that DID NOT call them to the stand. The other answers are made up.

This file type is device independent.

Options are :

  • HVX
  • DOC
  • XLS
  • PDF (Correct)

Answer : PDF

Explanation (Chapter 3): PDF files can be opened across many operating system environments. DOC and XLS are limited to Windows (or by using something Windows compatible, like Wine in Linux). HVX is made up.

ECCouncil ECSS Certified Security Specialist Practice Exam Set 9

What is not a challenge of log management?

Options are :

  • log creation and storage
  • log analysis
  • log generation (Correct)
  • log protection

Answer : log generation

Explanation (Chapter 7): Log generation is not a challenge of log management. The other three answers are the challenges of log management.

This level of RAID does not even implement even one of the standard techniques of parity, mirroring, or striping.

Options are :

  • RAID 3
  • RAID 10
  • RAID 2 (Correct)
  • RAID 0

Answer : RAID 2

Explanation (Chapter 3): RAID 2 is the level of RAID that does not even implement even one of the standard techniques of parity, mirroring, or striping.

This Tasklist command is used to run the command with the account permissions of the user specified.

Options are :

  • /v
  • /u (Correct)
  • /s
  • /user_special

Answer : /u

Explanation (Chapter 6): /u is correct. /s is used to specify the name or IP address of a remote computer. /v specifies that verbose task information be displayed in the output. /user_special is made up.

ECCouncil 312-76Disaster Recover Professional Practice Exam Set 8

POP3 is used for:

Options are :

  • deleting emails
  • IMAP emails only
  • retrieving emails (Correct)
  • sending emails

Answer : retrieving emails

Explanation (Chapter 12): POP3 is used for retrieving emails form the email server. SMTP is used for sending emails. The other answers are not applicable.

All of the following are Windows file recovery tools EXCEPT:

Options are :

  • Total Recall
  • Glary Undelete
  • Stellar Phoenix
  • File Salvage (Correct)

Answer : File Salvage

Explanation (Chapter 5): File Salvage is a tool for Mac OS that can be used to recover files from crashed or virus corrupted hard drive

This type of analysis is ongoing and returns simultaneously, so that attacks can be responded to immediately. 

Options are :

  • Postmortem analysis
  • Deceased analysis
  • Real-Time analysis (Correct)
  • Disk Removal analysis

Answer : Real-Time analysis

Explanation (Chapter 7): Real-Time analysis is correct. Postmortem analysis occurs after the incident has taken place. The other two answers are made up and are incorrect.

ECCouncil EC1-349 Computer Hack Forensic Investigator Exam Set 5

This mobile API provides telephony services, like making calls, receiving calls, and SMS.

Options are :

  • GUI
  • OS
  • Phone (Correct)
  • Kernel

Answer : Phone

Explanation (Chapter 13): The Phone API provides telephony services, like making calls, receiving calls, and SMS. The GUI API is responsible for creating menus and submenus in designing applications. The OS API schedules multiple tasks, offers synchronization, and priority allocation. Kernel API is a made up answer.

Which of the following is a starting hex value of an image file:

Options are :

  • if d9 ff
  • ff d8 ff (Correct)
  • xx c9 53
  • 99 xd 54

Answer : ff d8 ff

Explanation (Chapter 3): ff d8 ff is the starting hex value of JPEG files. The other choices are made up answers.

This tool offers an “Advanced Deep Scan� mode, that scours a drive to find any traces of files that have been deleted.

Options are :

  • Active@ File Recovery
  • Recuva (Correct)
  • OnTrack Easy Recovery
  • EaseUS

Answer : Recuva

Explanation (Chapter 2 and Chapter 5): Recuva offers the Advanced Deep Scan mode. Active@ File Recovery contains an ISO image. EaseUS supports large hard disks. OnTrack Easy Recovery recovers data and also protects it.

ECCouncil 412-79 Certified Security Analyst (ECSA) Exam Set 8

This tool offers a secure overwrite feature that meets military standards.

Options are :

  • EaseUS
  • Recuva (Correct)
  • Data Rescue 4
  • Recover My Files

Answer : Recuva

Explanation (Chapter 2 and Chapter 5): Recuva securely deleted files with a secure overwrite feature that meets military standards. EaseUS offers precision file searching. Recover My Files offers data-on-the-fly previewing. Data Rescue 4 recovers files from HFS and HFS+ drives.

Tanisha wants to recover files with their original file name.  She should use which of the following tools to accomplish this (choose the best answer)?

Options are :

  • Stellar Phoenix (Correct)
  • Data Rescue 4
  • Total Recall
  • Quick Recovery

Answer : Stellar Phoenix

Explanation (Chapter 5): Stellar Phoenix recovers file with their original file name and supports RAW recovery on lost volumes. Total Recall is used for RAID. Data Rescue 4 recovers files form accidently re-formatted drives. Quick Recovery can recover encrypted files.

This tool offers the ability to “preview data on the fly� and allows you to recover data even if Windows has been reinstalled.

Options are :

  • EaseUS
  • OnTrack Easy Recovery
  • Recover My Files (Correct)
  • Recuva

Answer : Recover My Files

Explanation (Chapter 2 and Chapter 5): Recover My Files allows you to preview data-on-the-fly. Recuva offers an Advanced Deep Scan Mode. EaseUS allows for precise searching. OnTrack Easy Recovery offers recovery and protection.

EC0-232 EC-Council E-Commerce Architect Practice Test Set 9

This tool can recover files from a scratched CD (choose the best answer):

Options are :

  • DiskDigger
  • Total Recall
  • File Salvage (Correct)
  • Data Recovery Pro

Answer : File Salvage

Explanation (Chapter 5): File Salvage can recover form a scratched CD and other media. DiskDigger recovers from hard drives and external memory storage (USB). Total Recall is used for RAID. Data Recovery Pro restores deleted emails and attachments.

David needs a tool that contains an ISO image.  He knows that ______ offers this.

Options are :

  • DiskDigger
  • EaseUS
  • Active@ File Recovery (Correct)
  • Recuva

Answer : Active@ File Recovery

Explanation (Chapter 5): Of the choices listed, only Active@ File Recovery offers the CD/DVD ISO image. DiskDigger offers the thumbnail previews. Recuva offers secure file deletion. EaseUS supports large hard disks.

This tool can be used to recover lost data from RAID and hard drives:

Options are :

  • File Salvage
  • EaseUS
  • DiskDigger
  • Total Recall (Correct)

Answer : Total Recall

Explanation (Chapter 5): Total Recall can be used for RAID. Memorize this for your exam. File Salvage is a Mac OS file recovery tool. DiskDigger offers thumbnail previews of recovered files. EaseUS supports large hard drives.

ECCouncil 712-50 Certified CISO (CCISO) Practice Exam Set 4

This tool supports RAW recovery on lost volumes.

Options are :

  • Capsa
  • Quick Recovery
  • Stellar Phoenix (Correct)
  • DiskDigger

Answer : Stellar Phoenix

Explanation (Chapter 5): Stellar Phoenix supports RAW recovery on lost volumes. Capsa is a network analyzer that can be used to detect Trojans. DiskDigger offers thumbnail previews. Quick Recovery can repair disk bad sectors.

You can check for the creation of new accounts in the administrator group with the ____ command.

Options are :

  • check admin.exe
  • check lusmgr.msc
  • lusrmgr.msc (Correct)
  • lusrmgr.exe

Answer : lusrmgr.msc

Explanation (Note: this is not in the official ECC material, but it was asked for several people on the exam): lusrmgr.msc (management console file) is the correct command. The .exe extension is incorrect. The other answers are made up syntax and are incorrect.

Sally needs a tool that can support large hard disks.  What should she use?

Options are :

  • Undelete Plus
  • Recuva
  • Active@ File Recovery
  • EaseUS (Correct)

Answer : EaseUS

Explanation (Chapter 2 and Chapter 5): EaseUS supports large hard disks. Recuva offers secure file deletion. Undelete Plus can recover even if Windows is reinstalled. Active@ File Recovery contains an ISO image.

EC0-349 ECCouncil Computer Hacking Forensic Investigator Set 4

How can you find scheduled and unscheduled tasks on the local host?

Options are :

  • schtasks.exe (Correct)
  • net local.host
  • use schtasks.exe
  • find schtasks.exe

Answer : schtasks.exe

Explanation (Chapter 8): schtasks.exe allows you to find scheduled and unscheduled tasks on the local host. The other commands are using made up syntax.

William needs a tool that can allow him to specify a specific file type for precise search results.  What tool is this?

Options are :

  • R-Studio
  • Undelete Plus
  • EaseUS (Correct)
  • File Salvage

Answer : EaseUS

Explanation (Chapter 2 and Chapter 5): EaseUS offers the ability to obtain precise search results on files. Undelete Plus recovers files emptied from the Recycle Bin. R-Studio can be used for heavily damaged file systems. File Salvage is a Mac OS tool to recover files.

The nbtstat command can be used for (choose the best answer):

Options are :

  • Linux servers
  • malware execution
  • NetBIOS (Correct)
  • NBT servers

Answer : NetBIOS

Explanation (Chapter 6 and Chapter 8): The best answer here is NetBIOS. NBT servers is made up. you could technically give a Linux machine a NetBIOS name by installing SAMBA, but this is not what the nbtstat command can be used for. Malware execution is not relevant to the nbtstat command and is also incorrect.

ECCouncil 312-50 Certified Ethical Hacker Practice Test Set 4

Sally is an investigator working for Diamond Corp.  She needs to restore lost emails and their attachments.  Which tool should she use (choose the best answer)?

Options are :

  • File Salvage
  • Data Rescue 4
  • DiskDigger
  • Data Recovery Pro (Correct)

Answer : Data Recovery Pro

Explanation (Chapter 5): Data Recovery Pro can be used to restore emails and email attachments. File Salvage recovers lost files in Mac OS. DiskDigger recovers lost files and offers thumbnail previews. Data Rescue 4 is for file recovery in Mac and Windows.

Jose is an investigator with CyberNet, Inc and is investigating an incident.  How does he check to see if sessions have been opened with other systems?

Options are :

  • net analysis
  • net view
  • net use (Correct)
  • net session

Answer : net use

Explanation (Chapter 6 and Chapter 8): net use let's you check to see if sessions are opened with other systems. net view allows you to review file shares to ensure their purpose. net session is used to see open sessions. net analysis is not a valid command.

Sara is investigating an incident and needs to display information about all logged in sessions on a local Windows computer.  Which command should she use?

Options are :

  • net log
  • net view
  • net session (Correct)
  • net use

Answer : net session

Explanation (Chapter 8): net session is used to display information about logged in sessions. net view is used to review file shares and ensure their purpose. net use is used to see if sessions have been opened with other systems. net log is a made up command.

ECCouncil 412-79 Certified Security Analyst (ECSA) Exam Set 7

Jason needs to review file shares on the server.  He knows that he can use this command to review file shares and ensure their purpose.

Options are :

  • msconfig fls
  • net view (Correct)
  • net session
  • net use

Answer : net view

Explanation (Chapter 8): net view is used to review file shares and ensure their purpose. net session shows you active sessions. net use lets you check to see if sessions have been opened with other systems. msconfig fls is a made up command and is incorrect.

This tool recovers data and also protects it.

Options are :

  • EaseUS
  • Advanced Disk Recovery
  • Undelete Plus
  • OnTrack Easy Recovery (Correct)

Answer : OnTrack Easy Recovery

Explanation (Chapter 2 and Chapter 5): OnTrack Easy Recovery offers data protection. The other choices to not specify (in the ECC material) that they protect the data.

Roberta suspects the company’s network has been compromised.  How can she look for unusual network services running?

Options are :

  • net service
  • net start (Correct)
  • net run
  • net process

Answer : net start

Explanation (chapter 8): net start allows you to look for unusual network services that are running. The other answers are made up commands and are incorrect.

EC1-349 ECCouncil Computer Hacking Forensic Investigator Set 2

When a file is deleted in FAT, the first letter of the deleted filename is changed to:

Options are :

  • H5H
  • ESE
  • ESH
  • E5H (Correct)

Answer : E5H

Explanation (Chapter 5): E5H is put at the front of a deleted FAT file. Memorize this as you will likely see it on your exam. The other answers are made up and are incorrect.

This tool can scan and recover encrypted and password-protected files.

Options are :

  • Pandora Recovery
  • Quick Recovery (Correct)
  • DiskDigger
  • R-Studio

Answer : Quick Recovery

Explanation (Chapter 5): Quick Recovery can recover encrypted and password-protected files. DiskDigger offers thumbnail previews. R-studio offers a raw file that can be used for heavily damaged file systems. Pandora Recovery allows you to recover from FAT and NTFS-formatted volumes.

Johnny wants to use the tool that offers thumbnail previews.  He should choose:

Options are :

  • Pandora Recovery
  • R-Studio
  • DiskDigger (Correct)
  • File Salvage

Answer : DiskDigger

Explanation (Chapter 5): DiskDigger offers thumbnail previews of recovered files. None of the other options offer thumbnail previews, so they are incorrect.

EC0-349 Computer Hacking Forensic Investigator Exam Set 8

Roberta is an investigator with DHS.  She is at the scene and needs to locate and recover files deleted from an NTFS-formatted volume.  What should she use?

Options are :

  • R-Studio
  • Pandora Recovery (Correct)
  • Active@ File Recovery
  • Stellar Phoenix

Answer : Pandora Recovery

Explanation (Chapter 5): Pandora Recovery allows you to recover from FAT and NTFS-formatted volumes. Stellar Phoenix recovers files with their original file name. R-Studio can be used for heavily damaged or unknown system recovery. Active@ File Recovery contains the CD/DVD ISO image.

A network administrator, with over 10 years of experience in Cisco systems, is trying to see if any TCP or UDP ports have unusual listening.  What command is she using?

Options are :

  • net tcp_udp
  • net tcp/udp_use
  • netstat -na (Correct)
  • netstat -tu

Answer : netstat -na

Explanation (Chapter 8): netstat-na shows if TCP/UDP ports have unusual listening. The other commands are made up syntax and are incorrect.

The insider threat caused a lot of chaos.  Sally, the digital forensic investigator, needs a tool that can repair and recover disk bad sectors.  Which tool should she use?

Options are :

  • Total Recall
  • SysAnalyzer
  • Quick Recovery (Correct)
  • jv16

Answer : Quick Recovery

Explanation (Chapter 5): Quick Recovery can recover and repair disk bad sectors. jv16 is a registry tool. SysAnalyzer is a malware analysis tool. Total recall is used for RAID.

412-79v8 EC-Council Certified Security Analyst Practice Test Set 2

These store information of files synced to the cloud using Dropbox.

Options are :

  • store.dbx and dropbox.dbx
  • Filecache.dbx and config.dbx (Correct)
  • store.db and dropbox.db
  • config.dbx and Filesystem.dbx

Answer : Filecache.dbx and config.dbx

Explanation Chapter 10: While config.dbx is correct Filesystem.dbx is not. The other answers are made up.

EC0-232 EC-Council E-Commerce Architect Exam Set 9

The investigator is looking to detect something after the incident has ended.

Options are :

  • After-action analysis
  • Post-trial analysis
  • Real-time analysis
  • Post-mortem analysis (Correct)

Answer : Post-mortem analysis

Explanation (Chapter 7): Investigators perform post-mortem analysis after an incident has already occurred. Real-Time analysis is used while an incident is taking place, so there can be an immediate response. Post-trial and After-action are not mentioned in the ECC text.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions