CHFI Test 2024 Questions with 100%
Correct Verified Answers
MAC filtering address length - ✅48-bit address
command in windows 7 to access the arp table - ✅C;\arp -a
wis a root folder of the registry editor - ✅hkey_users
command that will allow you to look at which sessions the machine has opened with
other systems - ✅net use
A set of ANSI standard electronic interfaces that allow personal computers to communicate
with
peripheral hardware such as disk drives, tape drives. CD-ROM drives, printers, and scanners -
✅what is a scsi
windows command that displays the network configuration of nics - ✅ipconfig /all
linux journaling file system - ✅ext3
steganography types hide the secret message in a specifically designed pattern on
the document that is unclear to the average reader - ✅Open code steganography
,provide an Interface between end users and web servers through a set of web
pages that are generated at the server-end or contain script code to be executed
dynamically within
the client Web browser - ✅web applications
an attack that sends dns packets to non-company configured IP - ✅dns poisoning
table is used to covert huge word lists into password hashes - ✅Rainbow tables
a communication standard used in serial communication of data acquistion systems - ✅rs2332
an incorrect procedure when preserving digital evidence - ✅extract windows event viewr
log files
an aspect of organizational security, especially focusing on IT security - ✅application security
checks and compares all the fields systematically and
intentionally for positive and negative correlation with each other to determine the
correlation across one or multiple fields - ✅automated field correlation approach
the processes and techniques used to collect, aggregate, and analyze
computer-generated log messages. It consists of the hardware, software, network and media
used to
generate, transmit, store, analyze, and dispose of log data - ✅Log management
Data files from original evidence should _____ be used for forensics analysis - ✅never
,do not turn the computer off or on, run any programs, or attempt to access data on a
computer - ✅the first step required in preparing a computer for forensics investigation is
the sniffing recording acquisition and analysis of the the network traffic and event logs in
order to investigate a network security incident - ✅network forensics
which of the follwing commands shows you the names of all open shared files on a server
and number of file locks on each file - ✅net file
file that contains records that correspond to each deleted file in the recycle bin - ✅info2 file
no offline archive - ✅local archives are difficult to deal with webmail as there is ___ _____ ___
in most cases
email header specifies an address for mailer-generated erros, like "no such user" bounce
messages - ✅errors-to header
command that shows you all of the nerwork services running on windows-based servers -
✅net start
____ _____ is a systematic approach to save and protect the data contained in eamils so that it
can tie easily accessed at a later date - ✅email archiving
shows you the netbios name table - ✅nbstat -n
, the registry file that stores passwords in a hashed format.
- ✅c:\windows\system32\config\SAM
2 terabytes - ✅what is the maximum drive size supported by FAT32
Acquire the data - ✅which step of the computer forensics investigation methodology
would you run MD5 checksum on the evidence
source of security incidents and network attacks, path of the attack, intrusion techniques used
by attackers - ✅network forensics can revel
810D - ✅The message length of the following hex viewer record
protocol that works under the transport layer of tcp/ip - ✅udp
reviewing the case investigators request for service, identify the legal authority for the forensic
examination request, discuss whether other forensic processes need to be performed on the
evidence - ✅the case assessment includes
which of the following wireless access control attacks allows the attacker to set up a rogue
access point outside the corporate perimeter, and then lure the employees of the
organization to connect to it - ✅client mis-association
the operating system marks the files name in the mft with a special character that
indicates that the file has been deleted - ✅what happens when a file is deleted in
windows
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller KenAli. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.