Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 774 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 774
Topic #: 1
[All 312-49v10 Questions]

A Computer Hacking Forensic Investigator (CHFI) is trying to identify a hidden data leak happening through seemingly benign PDF documents sent from a corporate network. While examining a suspicious PDF, he discovers a series of unexpected objects in the file’s body. Given the following hex signatures of various file formats: JPEG (0xffd8), BMP (0x424d), GIF (0x474946), and PNG (0x89504e), which of the following actions should he take next?

  • A. Search for the existence of the hex signature 0x89504e in the PDF's body as a PNC could be embedded
  • B. Check for the existence of the hex signature 0xffd8 in the PDF's body as a JPEG could be hidden
  • C. Examine the cross-reference table (xref table) for any unusual links to objects
  • D. Verify if the PDF document ends with the %EOF value
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Elb at May 29, 2024, 1:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
aqeel1506
4 months ago
In the scenario where a Computer Hacking Forensic Investigator (CHFI) is examining a suspicious PDF document for hidden data leaks and has discovered unexpected objects in the file’s body, the most appropriate next step would be: C. Examine the cross-reference table (xref table) for any unusual links to objects Explanation: The cross-reference table (xref table) in a PDF file contains references to all the objects within the PDF, inclu ding their locations. Examining the xref table can help identify any unusual or unexpected links to embedded objects, which may indicate hidden data or steganographic techniques being used to leak information.
upvoted 1 times
...
Elb
5 months, 4 weeks ago
Selected Answer: B
The first bits of a file represent the file type, and JPEG files start with the binary value 0xffd8 (start of image; SOI) and end with the binary value 0xffd9 (end of image; EOI). Therefore, ffd8 (the 0x is implied) at the beginning represents a JPEG file when viewed with a hex editor.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel