Free 312-49v11 Questions for EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) 312-49v11 Exam as PDF & Practice Test Engine

  • Exam Code/Number: 312-49v11
  • Exam Name/Title: Computer Hacking Forensic Investigator (CHFI-v11)
  • Certification Provider: EC-COUNCIL
  • Corresponding Certification: Certified Ethical Hacker
  • Exam Questions: 482
  • Updated On: Jul 06, 2026
During a typical workday, employees at a reputable financial institution notice unusual behavior on their network. Suddenly, emails flood in from concerned customers reporting suspicious login attempts and strange pop-up messages. Panic ensues as the IT department investigates, discovering signs of an external attack targeting their network security.
What are examples of external attacks that pose a threat to corporate networks?
Correct Answer: C Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Derrick, a forensic specialist, was investigating an active computer that was executing various processes. Derrick wanted to check whether this system was used in an incident that occurred earlier. He started inspecting and gathering the contents of RAM, cache, and DLLs to identify incident signatures. Identify the data acquisition method employed by Derrick in the above scenario.
Correct Answer: C Vote an answer
A digital forensics team is investigating a cyberattack where multiple devices were compromised.
Among the seized devices is an Android smartphone with evidence suggesting interaction with both Windows and Linux systems.
In Android and iOS forensic analysis, why is it important to analyze files associated with Windows and Linux devices?
Correct Answer: C Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
In an investigation involving a corporate data breach, the forensic investigator is tasked with recovering deleted files from a suspect's hard drive. The investigator is careful to confirm that the hard drive remains untouched and reliable, so they create a forensic image of the device and store it in a secure location to maintain its integrity for future analysis. This step is crucial to guarantee that the original data remains unaltered during the investigative process.
Which responsibility of a forensic investigator is being fulfilled in this scenario?
Correct Answer: B Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Forensic investigators respond to a smart home burglary. They identify, collect, and preserve IoT devices, then analyze data from cloud services and synced smartphones. A detailed report is prepared for court presentation, outlining the investigation process and the evidence collected.
Which stage of the IoT forensic process ensures that evidence integrity is maintained by preventing alteration before collection?
Correct Answer: A Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
During an investigation, the first responders stored mobile devices in specific containers to provide network isolation. All the following are examples of such pieces of equipment, except for:
Correct Answer: D Vote an answer
During an investigation, Noel found a SIM card from the suspect's mobile. The ICCID on the card is 8944245252001451548. What does the first four digits (89 and 44) in the ICCID represent?
Correct Answer: C Vote an answer
Which layer in the IoT architecture is comprised of hardware parts such as sensors, RFID tags, and devices that play an important role in data collection?
Correct Answer: B Vote an answer
You're a digital forensics investigator tasked with analyzing a bitmap image file (BMP) to gather information about its structure and contents. Understanding the file structure and data components is essential for conducting a thorough analysis. Which component of a bitmap image file contains data about the type, size, and layout of the file?
Correct Answer: A Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Which part of Metasploit framework helps users to hide the data related to a previously deleted file or currently unused by the allocated file.
Correct Answer: B Vote an answer
Sally accessed the computer system that holds trade secrets of the company where she is employed. She knows she accessed it without authorization and all access (authorized and unauthorized) to this computer is monitored. To cover her tracks, Sally deleted the log entries on this computer. What among the following best describes her action?
Correct Answer: A Vote an answer
A renowned global retail corporation recently underwent a sophisticated attack cyber-attack leading to a significant loss of data. The company had invested heavily in its Security Operations Center (SOC) which was expected to act as the first line of defense against such cyber threats.
However, the SOC was unable to detect the attack until it was too late. In retrospect what aspect of the SOC's role in computer forensics might have been overlooked in this scenario?
Correct Answer: B Vote an answer
Sarah, a security analyst, is reviewing the security audit logs from a Windows machine to detect unauthorized activities. She comes across an event with the ID 4663 in the Windows Event Viewer, which corresponds to a specific type of system interaction. After further analysis, she determines that this event is related to an activity involving critical system objects.
What does Event ID 4663 specifically indicate in relation to Windows security?
Correct Answer: A Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Jane is a forensic investigator at a top cybersecurity firm. While analyzing a suspect's computer for evidence related to a potential data breach, she came across a log file that appeared to have been tampered with. The timestamp of the file seems modified, and some parts of the file seem to have been deliberately deleted. What should Jane do first to ensure the preservation and authenticity of the digital evidence?
Correct Answer: C Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
Lucas, a forensic investigator, has been tasked with analyzing the behavior of a malware sample that has infected a Linux-based system. After executing the malware, Lucas suspects that the malware is performing suspicious activities such as modifying system files, accessing restricted resources, and interacting with the kernel. In order to track the malware's interaction with the operating system, Lucas decides to monitor the system calls made by the malware during its execution. To gather this data, which of the following tools should Lucas use to effectively track and analyze the system calls initiated by the malware, providing insights into how the malware communicates with the OS and performs its malicious activities?
Correct Answer: B Vote an answer
Explanation: Only visible for ExamDiscuss members. You can sign-up / login (it's free).
0
0
0
10