Free EC-COUNCIL 312-49v11 Practice Test & Real Exam Questions

Laura, a CHFI certified investigator, has been brought in to investigate a major incident at a software development company. A disgruntled employee had injected malicious code into several core products, causing significant damage to the company's reputation and bottom line. Laura had to decide the best way to gather evidence from the suspect's heavily used workstation, which has been running continuously for weeks and may contain critical evidence in RAM. What data acquisition strategy should Laura adopt to maximize the evidence gathered?

Examination of a computer by a technically unauthorized person will almost always result in:

Amelia, a cloud security analyst, is investigating a security breach in a cloud-based system where an adversary has managed to execute malicious code within the cloud environment. The attack was executed by intercepting and manipulating a SOAP message during transmission, duplicating the body of the message, and sending it to the server as though it was from a legitimate user. This manipulation resulted in the adversary gaining unauthorized access to the cloud system. What type of cloud-based attack did the adversary perform in this situation?

Greg, a seasoned CHFI professional, has been contracted to investigate a case of intellectual property theft at a major software company. While working on the case, he discovered that the company's email server might hold crucial evidence. However, the server is shared with a different company, and accessing it might risk violating that company's privacy rights. To respect the rules and regulations about the search and seizure of evidence, what should Greg's initial approach be in this scenario?

A security analyst identifies an influx of network traffic from an IoT HVAC system in a multinational corporation. The corporation is concerned about a possible HVAC attack. What should the security analyst prioritize to mitigate this potential threat?

A renowned global retail corporation recently underwent a sophisticated attack cyber-attack leading to a significant loss of data. The company had invested heavily in its Security Operations Center (SOC) which was expected to act as the first line of defense against such cyber threats.
However, the SOC was unable to detect the attack until it was too late. In retrospect what aspect of the SOC's role in computer forensics might have been overlooked in this scenario?

Detective Harris is leading a digital forensics investigation into a cyberattack on a local bank's database. During the investigation, Detective Harris emphasizes the importance of maintaining the integrity of the evidence. He instructs his team to follow the established rules of thumb for data acquisition to ensure the admissibility of evidence in court. In Detective Harris's digital forensics investigation of the cyberattack on the bank's database, what step is crucial to preserving the original evidence and ensuring its integrity?

A system administrator is configuring a new storage array for a critical application and selects a RAID level that uses data stripping and dedicated parity. The RAID setup requires a minimum of three disks, and it ensures data is striped at the byte level across multiple drives, with one drive set aside to store the parity information for fault tolerance. After configuring the RAID system, the administrator tests its ability to tolerate a single drive failure and confirms the system can still function without data loss. Which RAID level is the system administrator using in this scenario?

Dariel, a forensic investigator, has been assigned to investigate a recent security incident that occurred within the organization's network. As part of the investigation, Dariel installs a command-line interface packet sniffer on a Unix-based system to monitor and capture network traffic, looking for signs of unauthorized access or malicious activity. The captured data will help Dariel identify the sources of the security breach and trace the attacker's actions through the network. The tool used must be efficient for analyzing real-time network traffic and capable of running on a Unix-based operating system. Which of the following tools did Dariel employ in the above scenario?

The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in Linux.
Identify the Apache error log from the following logs.