An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on EFS uses a 128-bit key that can‘t be cracked, so you will not be able to recover the information When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information. The EFS Revoked Key Agent can be used on the Computer to recover the information When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.

EC-Council: Computer Hacking Forensic Investigator(CHFI-V10)

Module 6 : Windows Forensics

Questions available : 94 You are not logged in.
Please Login for track your learning progress

Q. No: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |

Go to Question No.

Question No 0

If you want to share the link of this question, please click here to "Copy Question Link" and share that generated link. Link from URL may change in future.

Bookmark this Question

QID: 834

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

A: EFS uses a 128-bit key that can‘t be cracked, so you will not be able to recover the information

B: When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information.

C: The EFS Revoked Key Agent can be used on the Computer to recover the information

D: When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.

Diffence opinion in Correct Answer or any comment?
Vote / Comment for correct Answer

Comunity Comments:

Banwari on 17/05/2025
Opted Answer: B

If the employee copied EFS-encrypted files to a floppy disk, the encryption behavior depends on how the files were transferred:

If the files were copied normally (drag-and-drop or standard copy-paste), EFS encryption is removed when transferring to a non-NTFS file system like a floppy disk. This means the files on the floppy disk are unencrypted and can be accessed.

If the files were moved within an NTFS environment, they would remain encrypted, requiring the original encryption key to access them.

EFS uses strong encryption (128-bit or higher), making it nearly impossible to break without the correct decryption key.

The EFS Recovery Agent can be used to decrypt files if the organization has configured one.

Since floppy disks use FAT file systems, the files were likely automatically decrypted when copied, meaning you should be able to access them

0

0

Reply / response option is available only for Logged in Users.

Please Login.

Registration is free!!
Your Comment / Reply

Nickname to be shown

Reason for Report

Go to Modules

Ace Your Exams with Our Notes and Mock Tests!

Exam Preparation System

Question No 0

WELCOME TO ONLINE EXAM PREPARATION SYSTEM

Certification Examinations

EC-Council: Computer Hacking Forensic Investigator(CHFI-V10)
Module 6 : Windows Forensics

Questions available : 94		You are not logged in. Please Login for track your learning progress

Q. No: 1 \| 2 \| 3 \| 4 \| 5 \| 6 \| 7 \| 8 \| 9 \| 10 \| 11 \|
		Go to Question No.