Free CHFI MCQ Questions and Answers

Question 1

How many bytes do hard disk sectors normally contain?

Accepted Answer

512

Answer

256

Answer

2048

Answer

1024

Question 2

The following guidelines should be followed when employing an anti-virus scanner for a computer forensics investigation:

Accepted Answer

Scan your forensics workstation before beginning investigation

Answer

Never run a scan on your forensics workstation because it could change your systems configuration

Answer

Scan your forensics workstation at intervals of no more than once every five minutes during an investigation

Answer

Scan the suspect hard drive before beginning an investigation

Question 3

Office suites like Word, Excel, and PowerPoint generate a code for each document that is based on the Media Access Control (MAC) address, also known as the machine's unique identification. What is the name of this code?

Accepted Answer

The Globally Unique IDentifrier (GUID)

Answer

The Personal Application Protocol

Answer

The Microsoft Virtual Machine Identifier

Answer

The Individual ASCII String

Question 4

A _______________ is an attack where the steps in the attack sequence are carried out by a computer program rather than a hacker.

Accepted Answer

Automated attack

Answer

Blackout attack

Answer

Distributed attack

Answer

Central processing attack

Question 5

In a hexadecimal code, the offset is:

Accepted Answer

The Ox at the beginning of the code

Answer

The Ox at the end of the code

Answer

The first byte after the colon

Answer

The last byte after the colon

Question 6

Due to his visits to sexual websites and image downloads, a suspect is accused of abusing computer resources. The goal of the investigation is to show that the suspect actually went to these places. The suspect, however, has deleted the cookie cache and wiped the search history. In addition, he deleted any photographs he may have downloaded. What steps can the investigator take to demonstrate the infraction?

Accepted Answer

Image the disk and try to recover deleted files

Answer

Check the Windows registry for connection data (you may or may not cover)

Answer

Approach the websites for evidence

Answer

Seek the help of co-workers who are eye-witnesses

Question 7

Corporate investigations are often simpler than those conducted by the government because:

Accepted Answer

The investigator does not have to get a warrant

Answer

The investigator has to get a warrant

Answer

The users can load whatever they want on their machines

Answer

The users have standard corporate equipment and software