Computer Hacking Forensic Investigator v10 – CHFI MOCK QUESTIONS – SET 1

In this CHFI v10 exam question set, we are giving you an overview of the CHFI exam. Our purpose in providing you with this set of CHFI v10 Exam questions is to make you familiar with the types of questions asked in the CHFI Certification exam. Here are some mock Questions and Answers that will help you prepare better for the CHFI v10 Exam. Solve the following questions and see how well prepared you are for the real CHFI v10 Exam Questions.

Let's start the CHFI v10 exam Questions

1. Consider a scenario where a forensic investigator is performing malware analysis on a
memory dump acquired from a victim’s computer. The investigator uses Volatility
Framework to analyze RAM contents; which plugin helps the investigator to identify
hidden processes or injected code/DLL in the memory dump?
a) mallist
b) malfind
c) pslist
d) malscan
Answer : (b) malfind

2. Chloe is a forensic examiner who is currently cracking hashed passwords for a crucial
mission and hopefully solves the case. She is using a lookup table used for recovering
a plain text password from ciphertext; it contains word lists and brute-force lists along
with their computed hash values. Chloe is also using a graphical generator that
supports SHA1.

3 . What password technique is being used?
b. What tool is Chloe using?
a. Rainbow Tables b. Winrtgen
a. Brute-force b. MScache
a. Dictionary attack b. Cisco PIX
a. Cain & Able b. Rten
Answer: (a) Rainbow Tables b. Winrtgen

4 . Which of the following statements is true regarding the SMTP Server?SMTP server breaks the recipient's address into recipient's name and his/her designation
before passing it to the DNS server
a.SMTP server breaks the recipient's address into the recipient's name and domain name before
passing it to the DNS server
b.SMTP server breaks the recipient's address into the recipient's name and recipient's address
before passing it to the DNS server
c.SMTP server breaks the recipient's address into the recipient's name and his/her initial before
passing it to the DNS server
Answer:(a) SMTP server breaks the recipient's address into the recipient's name and domain name before passing it to the DNS server

5. The storage location of Recycle Bin for NTFS file systems (Windows Vista and later) is
located at:
a.Drive:\$Recycle.Bin
b.Drive:\RECYCLER
c.Drive:\REYCLED
d.Drive:\RECYCLE.BIN
Answer:(a) Drive:\$Recycle.Bin

6. In exceptional circumstances, where a person finds it necessary to access original
data held on a computer or on storage media, that person must be competent to do so
and be able to explain his/her actions and the impact of those actions on the evidence,
in the court.” Which ACPO principle states this?
a.Principle 2
b.Principle 3
c.Principle 1
d.Principle 4
Answer:(a) Principle 2

7. Which among the following acts have been passed by the U.S. Congress to protect
investors from the possibility of fraudulent accounting activities by corporations?Federal Information Security Management act of 2002
a.Gramm-Leach-Bliley act
b.Health Insurance Probability and Accountability act of 1996
c.Sarbanes-Oxley act of 2002

Answer: (c) Sarbanes-Oxley act of 2002

8. Cybercriminals sometimes use compromised computers to commit other crimes,
which may involve using computers or networks to spread malware or illegal
information. Which type of cybercrime stops users from using a device or network, or
prevents a company from providing a software service to its customers?
a.Ransomware attack
b.Malware attack
c.Denial-of-Service (DoS) attack
d.Phishing
Answer: (a) Ransomware attack

9. Harry has collected a suspicious executable file from an infected system and seeks to
reverse its machine code to instructions written in assembly language. Which tool
should he use for this purpose?
a.Ollydbg
b.HashCalc
c.BinText
d.oledump
Answer: (a) Ollydbg

10. Which Federal Rule of Evidence speaks about the Hearsay exception where the
availability of the declarant is immaterial and certain characteristics of the declarant
such as present sense impression, excited utterance, and recorded recollection are
also, observed while giving their testimony?
a.Rule 803
b.Rule 801
c.Rule 802
d.Rule 804
Answer: (a) Rule 803

11. Brian has the job of analyzing malware for a software security company. Brian has
set up a virtual environment that includes virtual machines running various versions of
OSes. Additionally, Brian has set up separated virtual networks within this
environment. The virtual environment does not connect to the company’s intranet nor
does it connect to the external Internet. With everything set up, Brian now received an
executable file from a client that has undergone a cyberattack. Brian ran the executable
file in the virtual environment to see what it would do. What type of analysis did Brian
perform?
a.Dynamic malware analysis
b.Status malware analysis
c.Static OS analysis
d.Static malware analysis
Answer: (a) Dynamic malware analysis

For more CHFI v10 Exam Questions, Training, and Masterclass Programs please visit our www.securiumsolutions.org website for exciting offers