Free CHFI MCQ Questions and Answers

Question 1

How many bytes do hard disk sectors normally contain?

Accepted Answer

512

Answer

Hard disk sectors have historically contained 512 bytes of data. While newer 'Advanced Format' drives use 4096-byte (4KB) sectors, they often employ 512-byte sector emulation for compatibility with legacy operating systems and software. Therefore, 512 bytes remains the standard and most commonly encountered sector size in general computer forensics contexts.

Question 2

The following guidelines should be followed when employing an anti-virus scanner for a computer forensics investigation:

Accepted Answer

Scan your forensics workstation before beginning investigation

Answer

Before commencing any computer forensics investigation, it is paramount to scan the forensics workstation with an up-to-date anti-virus program. This ensures that the analysis environment itself is clean and free from malware, which could otherwise compromise the integrity of the investigation, alter evidence, or infect the suspect's data. Scanning the suspect drive directly or during the investigation is generally avoided to prevent altering potential evidence.

Question 3

Office suites like Word, Excel, and PowerPoint generate a code for each document that is based on the Media Access Control (MAC) address, also known as the machine's unique identification. What is the name of this code?

Accepted Answer

The Globally Unique IDentifrier (GUID)

Answer

Microsoft Office documents and many other applications embed a Globally Unique IDentifier (GUID) within their metadata. This 128-bit number serves as a unique identifier for the document or object, ensuring its distinctness across various systems and applications. While its generation might involve system-specific information like a MAC address, the resulting unique code is known as the GUID.

Question 4

A _______________ is an attack where the steps in the attack sequence are carried out by a computer program rather than a hacker.

Accepted Answer

Automated attack

Answer

An automated attack is a type of cyberattack where the sequence of malicious actions is executed by a computer program, script, or botnet rather than requiring direct, real-time human interaction. These attacks are designed to operate autonomously, often scanning for vulnerabilities, exploiting weaknesses, or distributing malware on a large scale without constant human oversight.

Question 5

In a hexadecimal code, the offset is:

Accepted Answer

The Ox at the beginning of the code

Answer

In hexadecimal code, the prefix '0x' is conventionally used to denote that the subsequent characters represent a hexadecimal number. This prefix explicitly indicates the base-16 numbering system, distinguishing it from decimal, binary, or octal representations. Therefore, '0x' marks the beginning of a hexadecimal offset or value.

CHFI - Computer Hacking Forensic Investigator Practice Test

CHFI - Computer Hacking Forensic Investigator Practice Test

Free CHFI MCQ Questions and Answers