Authentic ECCouncil Certification Exam 312-49v11 Questions Answers

Option D is the best answer because removing and reinserting the CMOS battery is a traditional hardware method used to reset stored motherboard configuration settings, including the BIOS password on some systems. CHFI v11 includes Booting Process , Windows Boot Process: BIOS-MBR Method and UEFI-GPT , and under tools it explicitly mentions a Tool to Reset Admin Password , showing that exam candidates are expected to understand system-access and startup-related recovery concepts.

The question is specifically about a BIOS password , not full-disk encryption or operating-system user credentials. Removing the CMOS battery does not decrypt the hard drive and does not normally bypass Windows or Linux user account passwords. Its purpose in this context is to clear or reset firmware-level settings maintained by the motherboard.

Option C is close in wording, but the more precise and intended answer is that the action is being used to reset the BIOS password itself. Therefore, under CHFI operating-system and boot-process concepts, the correct choice is D .

According to CHFI v11 objectives under Computer Forensics Fundamentals and Regulations, Policies, and Ethics , a forensic investigator must ensure that technical investigation activities align with applicable legal and regulatory requirements. The Gramm-Leach-Bliley Act (GLBA) mandates that financial institutions protect customers’ nonpublic personal information (NPI) and respond appropriately to any unauthorized access or disclosure.

When a breach involving GLBA-protected data is identified, the organization must follow a structured incident response and forensic investigation process while maintaining compliance with privacy laws. CHFI v11 emphasizes forensic readiness, legal compliance, and ethical handling of digital evidence. Notifying affected customers of their opt-out rights and implementing safeguards to protect compromised data are core requirements of GLBA’s Privacy Rule and Safeguards Rule.

Ignoring the incident violates forensic and legal responsibilities, while sharing sensitive data with third parties risks further disclosure. Informing law enforcement alone is insufficient if customer notification obligations are not met. Proper customer notification demonstrates due diligence, supports transparency, and reduces legal risk. From a CHFI perspective, this approach ensures lawful evidence handling, regulatory compliance, and preservation of organizational credibility during forensic investigations.

The correct answer is D because a Personal Storage Table file is the Outlook local data container used to store messages and related mailbox items independently on the workstation. Microsoft states that Outlook Data Files .pst contain user messages and other Outlook items such as contacts, appointments, tasks, notes, and journal entries. That matches the artifact set described in the question. By contrast, an .ost file is an offline copy of items that are saved on a mail server and is associated with Exchange cached mode, meaning it remains tied to server-backed synchronization. The question specifically stresses fully offline operation with no ongoing server synchronization and local extraction independent of remote mailbox access, which is more consistent with a .pst-based local store. MBOX and .msf are associated with other mail ecosystems and are not the standard Outlook desktop container being tested here. In CHFI v11, email forensics requires knowing where mail artifacts reside and how different client storage types affect evidence handling. For a self-contained Outlook local store of messages, contacts, calendar items, and tasks, the most appropriate target is the Personal Storage Table file.