CHFIv9 312-49v9 Syllabus Exam Questions Answers

ECCouncil Computer Hacking Forensic Investigator (V9) Questions and Answers

Question 21

Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?

Options:

FAT File System

ReFS

exFAT

NTFS File System

Question 22

While collecting Active Transaction Logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, assigning NULL values implies?

Options:

Start and end points for log sequence numbers are specified

Start and end points for log files are not specified

Start and end points for log files are specified

Start and end points for log sequence numbers are not specified

Question 23

Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?

Options:

Mime-Version header

Content-Type header

Content-Transfer-Encoding header

Errors-To header

Question 24

Which among the following tools can help a forensic investigator to access the registry files during postmortem analysis?

Options:

RegistryChangesView

RegDIIView

RegRipper

ProDiscover

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CHFIv9 312-49v9 Syllabus Exam Questions Answers

ECCouncil Computer Hacking Forensic Investigator (V9) Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer: