Call 1 (201) 549-9007 (US) | +91 - 836-854-3123 (WhatsApp) Email: [email protected]

Computer Hacking Forensic Investigator v10 – CHFI MOCK QUESTIONS – SET 1

In this CHFI v10 exam question set, we are giving you an overview of the CHFI exam. Our purpose in providing you with this set of CHFI v10 Exam questions is to make you familiar with the types of questions asked in the CHFI Certification exam. Here are some mock Questions and Answers that will help you prepare better for the CHFI v10 Exam. Solve the following questions and see how well prepared you are for the real CHFI v10 Exam Questions.

Let's get started.

  1. Consider a scenario where a forensic investigator is performing malware analysis on a
    memory dump acquired from a victim’s computer. The investigator uses Volatility
    Framework to analyze RAM contents; which plugin helps investigator to identify
    hidden processes or injected code/DLL in the memory dump?
    a) mallist
    b) malfind
    c) pslist
    d) malscan
    Answer : (b) malfind
  2. Chloe is a forensic examiner who is currently cracking hashed passwords for a crucial
    mission and hopefully solves the case. She is using a lookup table used for recovering
    a plain text password from ciphertext; it contains word lists and brute-force lists along
    with their computed hash values. Chloe is also using a graphical generator that
    supports SHA1.
  3. a. What password technique is being used?
    b. What tool is Chloe using?
    a. Rainbow Tables b. Winrtgen
    a. Brute-force b. MScache
    a. Dictionary attack b. Cisco PIX
    a. Cain & Able b. Rten
    Answer: (a) Rainbow Tables b. Winrtgen
  4. Which of the following statements is true regarding the SMTP Server?SMTP server breaks the recipient's address into recipient's name and his/her designation
    before passing it to the DNS server
    a.SMTP server breaks the recipient's address into the recipient's name and domain name before
    passing it to the DNS server
    b.SMTP server breaks the recipient's address into the recipient's name and recipient's address
    before passing it to the DNS server
    c.SMTP server breaks the recipient's address into the recipient's name and his/her initial before
    passing it to the DNS server
    Answer:(a) SMTP server breaks the recipient's address into the recipient's name and domain name before passing it to the DNS server
  5. The storage location of Recycle Bin for NTFS file systems (Windows Vista and later) is
    located at:
    Answer:(a) Drive:\$Recycle.Bin
  6. "In exceptional circumstances, where a person finds it necessary to access original
    data held on a computer or on storage media, that person must be competent to do so
    and be able to explain his/her actions and the impact of those actions on the evidence,
    in the court.” Which ACPO principle states this?
    a.Principle 2
    b.Principle 3
    c.Principle 1
    d.Principle 4
    Answer:(a) Principle 2
  7. Which among the following acts has been passed by the U.S. Congress to protect
    investors from the possibility of fraudulent accounting activities by corporations?Federal Information Security Management act of 2002
    a.Gramm-Leach-Bliley act
    b.Health Insurance Probability and Accountability act of 1996
    c.Sarbanes-Oxley act of 2002Answer: (c) Sarbanes-Oxley act of 2002
  8. Cybercriminals sometimes use compromised computers to commit other crimes,
    which may involve using computers or networks to spread malware or illegal
    information. Which type of cybercrime stops users from using a device or network, or
    prevents a company from providing a software service to its customers?
    a.Ransomware attack
    b.Malware attack
    c.Denial-of-Service (DoS) attack
    Answer: (a) Ransomware attack
  9. Harry has collected a suspicious executable file from an infected system and seeks to
    reverse its machine code to instructions written in assembly language. Which tool
    should he use for this purpose?
    Answer: (a) Ollydbg
  10. Which Federal Rule of Evidence speaks about the Hearsay exception where the
    availability of the declarant is immaterial and certain characteristics of the declarant
    such as present sense impression, excited utterance, and recorded recollection are
    also, observed while giving their testimony?
    a.Rule 803
    b.Rule 801
    c.Rule 802
    d.Rule 804
    Answer: (a) Rule 803
  11. Brian has the job of analyzing malware for a software security company. Brian has
    set up a virtual environment that includes virtual machines running various versions of
    OSes. Additionally, Brian has set up separated virtual networks within this
    environment. The virtual environment does not connect to the company’s intranet nor
    does it connect to the external Internet. With everything set up, Brian now received an
    executable file from a client that has undergone a cyberattack. Brian ran the executable
    file in the virtual environment to see what it would do. What type of analysis did Brian
    a.Dynamic malware analysis
    b.Status malware analysis
    c.Static OS analysis
    d.Static malware analysis
    Answer: (a) Dynamic malware analysis

For more CHFI v10 Exam Questions, Training, and Masterclass Programs please visit our website for exciting offers

You can reach out to us through
Mail:  [email protected]
Phone : +918368545467


Leave a Reply

Your email address will not be published.