[Apr-2025] Certified Ethical Hacker 312-49v11 Exam Practice Dumps [Q412-Q436]

QUESTION 412
Which of the following should a computer forensics lab used for investigations have?

QUESTION 413
BMP (Bitmap) is a standard file format for computers running the Windows operating system.
BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?

QUESTION 414
You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

QUESTION 415
Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the system?

QUESTION 416
What is a SCSI (Small Computer System Interface)?

QUESTION 417
During an investigation, Noel found the following SIM card from the suspect’s mobile. What does the code 89 44 represent?

QUESTION 418
What is the following command trying to accomplish?
C:> nmap -sU -p445 192.168.0.0/24

QUESTION 419
Under no circumstances should anyone, with the exception of qualified computer forensics personnel, make any attempts to restore or recover information from a computer system or device that holds electronic information.

QUESTION 420
When a file or folder is deleted, the complete path, including the original file name, is stored in a special hidden file called “INF02” in the Recycled folder. If the INF02 file is deleted, it is re- created when you___________.

QUESTION 421
A CHFI has been asked to recover browser history from a seized Microsoft Edge browser on a Windows system. This is important to pinpoint the suspect’s online activities. The suspect was known to clear their browser history frequently. Which tool and path would most efficiently recover the required data?

QUESTION 422
When monitoring for both intrusion and security events between multiple computers, it is essential that the computers’ clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

QUESTION 423
What does the acronym POST mean as it relates to a PC?

QUESTION 424
What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

QUESTION 425
Identify the file system that uses $BitMap file to keep track of all used and unused clusters on a volume.

QUESTION 426
What advantage does the tool Evidor have over the built-in Windows search?

QUESTION 427
Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

QUESTION 428
An investigator Is examining a file to identify any potentially malicious content. To avoid code execution and still be able to uncover hidden indicators of compromise (IOC), which type of examination should the investigator perform:

QUESTION 429
After a major data breach in a financial institution, a forensic investigator is brought in to determine the source and the extent of the breach. The investigator needs to ensure compliance with the legal standards in their investigations. During the investigation, they stumble upon non- public personal information of consumers stored by the institution and suspect this information was illegally shared with non-affiliated third parties. Which law/regulation should be the investigator s primary concern in this scenario?

QUESTION 430
The status of the network interface cards (NICs) connected to a system gives information about whether the system is connected to a wireless access point and what IP address is being used.
Which command displays the network configuration of the NICs on the system?

QUESTION 431
If you come across a sheepdip machine at your client site, what would you infer?

QUESTION 432
A cybersecurity forensics investigator is tasked with acquiring data from a suspect’s drive for a civil litigation case. The suspect drive is 1TB, and due to time constraints, the investigator decides to prioritize and acquire only data of evidentiary value. The original drive cannot be retained. In this context, which of the following steps should the investigator prioritize?

QUESTION 433
An Investigator Is checking a Cisco firewall log that reads as follows:
Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to
10.0.0.33 on Interface outside
What does %ASA-1-106021 denote?

QUESTION 434
When NTFS Is formatted, the format program assigns the __________ sectors to the boot sectors and to the bootstrap code

QUESTION 435
What does the part of the log, “% SEC-6-IPACCESSLOGP”, extracted from a Cisco router represent?

QUESTION 436
Wireless access control attacks aim to penetrate a network by evading WLAN access control measures, such as AP MAC filters and Wi-Fi port access controls.
Which of the following wireless access control attacks allows the attacker to set up a rogue access point outside the corporate perimeter, and then lure the employees of the organization to connect to it?