Cybersecurity Training

Computer Hacking Forensic Investigator (CHFI) Exam Practice

Showing 1-10 of 190 questions
Questions per page:
Question 1

Jason, a certified ethical hacker, is hired by a major e-commerce company to evaluate their network's security. As part of his reconnaissance, Jason is trying to gain as much information as possible about the company's public-facing servers without arousing suspicion. His goal is to find potential points of entry and map out the network infrastructure for further examination. Which technique should Jason employ to gather this information without alerting the company's intrusion detection systems (IDS)?

A.
Jason should use a DNS zone transfer to gather information about the company's servers.
B.
Jason should use passive reconnaissance techniques such as WHOIS lookups, NS lookups, and web research.
Correct Answer
C.
Jason should directly connect to each server and attempt to exploit known vulnerabilities.
D.
Jason should perform a ping sweep to identify all the live hosts in the company's IP range.
Question 2

James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources. What is the framework used by James to conduct footprinting and reconnaissance activities?

A.
OSINT framework
Correct Answer
B.
WebSploit Framework
C.
SpeedPhish Framework
D.
Browser Exploitation Framework
Question 3

Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks and gain insight into attacker methodologies. He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process, he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks. What is the type of threat intelligence collected by Arnold in the above scenario?

A.
Strategic threat intelligence
B.
Tactical threat intelligence
C.
Operational threat intelligence
Correct Answer
D.
Technical threat intelligence
Question 4

What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne

A.
Vulnerability hunting program
B.
Bug bounty program
Correct Answer
C.
White-hat hacking program
D.
Ethical hacking program
Question 5

During an ethical hacking engagement, you have been assigned to evaluate the security of a large organization's network. While examining the network traffic, you notice numerous incoming requests on various ports from different locations that show a pattern of an orchestrated attack. Based on your analysis, you deduce that the requests are likely to be automated scripts being run by unskilled hackers. What type of hacker classification does this scenario most likely represent

A.
Black Hats trying to exploit system vulnerabilities for malicious intent.
B.
White Hats conducting penetration testing to identify security weaknesses.
C.
Gray Hats testing system vulnerabilities to help vendors improve security.
D.
Script Kiddies trying to compromise the system using pre-made scripts.
Correct Answer
Question 6

Which among the following is the best example of the third step (delivery) in the cyber kill chain?

A.
An intruder creates malware to be used as a malicious attachment to an email.
B.
An intruder's malware is triggered when a target opens a malicious email attachment.
C.
An intruder's malware is installed on a targets machine.
D.
An intruder sends a malicious attachment via email to a target.
Correct Answer
Question 7

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?

A.
Website footprinting
B.
VPN footprinting
C.
Dark web footprinting
Correct Answer
D.
VoIP footpriting
Question 8

Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?

A.
ARIN
Correct Answer
B.
Baidu
C.
DuckDuckGo
D.
AOL
Question 9

A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine. Which of the following advanced operators would allow the pen tester to restrict the search to the organization's web domain?

A.
[location:]
B.
[site:]
Correct Answer
C.
[link:]
D.
[allinurl:]
Question 10

Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information?

A.
LACNIC
B.
APNIC
C.
RIPE
Correct Answer
D.
ARIN
...