CHFI Exam Questions with Verified Answers Graded
A+
A312-49v9 V8.02_formatted
QUESTION 1
The Recycle Bin is located on the Windows desktop. When you delete an item
from the hard disk, Windows sends that deleted item to the Recycle Bin and the
icon changes to full of empty, but items deleted from removable media, such as
a floppy disk or network drive, are not stored in the Recycle Bin. What is the
size limit for Recycle Bin in Vista and later versions of the Windows?
A. No size limits
QUESTION 2
Which of the following is not an example of a cyber-crime?
B. Firing an employee for misconduct
QUESTION 3
Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext,
where, “X" represents the .
A. Drive name
QUESTION 4
Which of the following statement is not correct when dealing with a powered-
on computer at the crime scene?
D. If the computer is switched off. power on the computer to take screenshot of
the desktop
QUESTION 5
Tracks numbering on a hard disk begins at 0 from the outer edge and moves
towards the center, typically reaching a value of .
A. 1023
QUESTION 6
,Event correlation is a procedure that is assigned with a new meaning for a set
of events that occur in a predefined interval of time.
Which type of correlation will you use if your organization wants to use
different OS and network hardware platforms throughout the network?
B. Cross-platform correlation
QUESTION 7
Which root folder (hive) of registry editor contains a vast array of configuration
information for the system, including hardware settings and software settings?
B. HKEY_CURRENT_USER
QUESTION 8
Hard disk data addressing is a method of allotting addresses to each of data on a
hard disk
A. Physical block
QUESTION 9
,How do you define forensic computing?
A. It is the science of capturing, processing, and investigating data security
incidents and making it acceptable to a court of law.
QUESTION 10
What is the smallest allocation unit of a hard disk?
A. Cluster
QUESTION 11
Which one of the following statements is not correct while preparing for
testimony?
B. Do not determine the basic facts of the case before beginning and examining
the evidence
QUESTION 12
Which of the following statements is not a part of securing and evaluating
electronic crime scene checklist?
D. Blog about the incident on the internet
QUESTION 13
The Apache server saves diagnostic information and error messages that it
encounters while processing requests. The default path of this file is
usr/local/apache/logs/error.log in Linux. Identify the Apache error log from the
following logs.
B. [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server
configuration:
/export/home/live/ap/htdocs/test
QUESTION 14
Operating System logs are most beneficial for Identifying or Investigating
suspicious activities involving a particular host. Which of the following Operating
System logs contains information about operational actions performed by OS
components?
A. Event logs
, QUESTION 15
A mobile operating system manages communication between the mobile
device and other compatible devices like computers, televisions, or printers.
A+
A312-49v9 V8.02_formatted
QUESTION 1
The Recycle Bin is located on the Windows desktop. When you delete an item
from the hard disk, Windows sends that deleted item to the Recycle Bin and the
icon changes to full of empty, but items deleted from removable media, such as
a floppy disk or network drive, are not stored in the Recycle Bin. What is the
size limit for Recycle Bin in Vista and later versions of the Windows?
A. No size limits
QUESTION 2
Which of the following is not an example of a cyber-crime?
B. Firing an employee for misconduct
QUESTION 3
Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext,
where, “X" represents the .
A. Drive name
QUESTION 4
Which of the following statement is not correct when dealing with a powered-
on computer at the crime scene?
D. If the computer is switched off. power on the computer to take screenshot of
the desktop
QUESTION 5
Tracks numbering on a hard disk begins at 0 from the outer edge and moves
towards the center, typically reaching a value of .
A. 1023
QUESTION 6
,Event correlation is a procedure that is assigned with a new meaning for a set
of events that occur in a predefined interval of time.
Which type of correlation will you use if your organization wants to use
different OS and network hardware platforms throughout the network?
B. Cross-platform correlation
QUESTION 7
Which root folder (hive) of registry editor contains a vast array of configuration
information for the system, including hardware settings and software settings?
B. HKEY_CURRENT_USER
QUESTION 8
Hard disk data addressing is a method of allotting addresses to each of data on a
hard disk
A. Physical block
QUESTION 9
,How do you define forensic computing?
A. It is the science of capturing, processing, and investigating data security
incidents and making it acceptable to a court of law.
QUESTION 10
What is the smallest allocation unit of a hard disk?
A. Cluster
QUESTION 11
Which one of the following statements is not correct while preparing for
testimony?
B. Do not determine the basic facts of the case before beginning and examining
the evidence
QUESTION 12
Which of the following statements is not a part of securing and evaluating
electronic crime scene checklist?
D. Blog about the incident on the internet
QUESTION 13
The Apache server saves diagnostic information and error messages that it
encounters while processing requests. The default path of this file is
usr/local/apache/logs/error.log in Linux. Identify the Apache error log from the
following logs.
B. [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server
configuration:
/export/home/live/ap/htdocs/test
QUESTION 14
Operating System logs are most beneficial for Identifying or Investigating
suspicious activities involving a particular host. Which of the following Operating
System logs contains information about operational actions performed by OS
components?
A. Event logs
, QUESTION 15
A mobile operating system manages communication between the mobile
device and other compatible devices like computers, televisions, or printers.
