ECCouncil 312-49v11 - Computer Hacking Forensic Investigator Exam
Page: 2 / 30
Total 150 questions
Question #6 (Topic: Exam A)
Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Which of the following tool will help Charles?
A. Xplico
B. Colasoft’s Capsa
C. FileSalvage
D. DriveSpy
Answer: C
Question #7 (Topic: Exam A)
Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name?
A. It is a doc file deleted in seventh sequential order
B. RIYG6VR.doc is the name of the doc file deleted from the system
C. It is file deleted from R drive
D. It is a deleted doc file
Answer: D
Question #8 (Topic: Exam A)
Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server’s root directory?
A. Parameter/form tampering
B. Unvalidated input
C. Directory traversal
D. Security misconfiguration
Answer: C
Question #9 (Topic: Exam A)
Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system?
A. C: $Recycled.Bin
B. C: \$Recycle.Bin
C. C:\RECYCLER
D. C:\$RECYCLER
Answer: B
Question #10 (Topic: Exam A)
Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?
A. filecache.db
B. config.db
C. sigstore.db
D. Sync_config.db
Answer: D
