312-49 Exam Questions
696 real 312-49 exam questions with expert-verified answers and explanations. Page 1 of 14.
- Question #1Network Forensics
Which of the following commands shows you all of the network services running on Windows- based servers?
Windows command-lineService managementNet commandSystem utilities - Question #2Disk Forensics
Data compression involves encoding the data to take up less storage space and less bandwidth for transmission. It helps in saving cost and high data manipulation in many business a...
Data compressionLossless compressionData integrityDigital evidence preservation - Question #3Computer Forensics Investigation Process
Which of the following statements is incorrect related to acquiring electronic evidence at crime scene?
Electronic Evidence AcquisitionCrime Scene ProceduresVolatile DataLive System Forensics - Question #4Computer Forensics Investigation Process
Centralized logging is defined as gathering the computer system logs for a group of systems in a centralized location. It is used to efficiently monitor computer system logs with t...
Centralized loggingLog managementSecurity monitoring - Question #5Network Forensics
Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?
Wireless Standards802.11aNetwork Protocols5 GHz Band - Question #6Network Forensics
Hash injection attack allows attackers to inject a compromised hash into a local session and use the hash to validate network resources.
Hash injectionPass-the-HashAuthentication attacksNetwork security - Question #7Computer Forensics in Today's World
Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?
Legal standardsAdmissibility of evidenceScientific evidenceFrye Standard - Question #8Network Forensics
Injection flaws are web application vulnerabilities that allow untrusted data to be Interpreted and executed as part of a command or query. Attackers exploit injection flaws by con...
Web application securityInjection flawsSQL InjectionVulnerabilities - Question #9Computer Forensics Investigation Process
Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correla...
Data CorrelationAutomated AnalysisForensic Data AnalysisInvestigation Techniques - Question #10Network Forensics
Which of the following commands shows you the NetBIOS name table each?
nbtstat commandNetBIOSnetwork utilitiesnetwork enumeration - Question #11Disk Forensics
What is a bit-stream copy?
Bit-stream copyDisk imagingForensic acquisitionDigital evidence preservation - Question #12Disk Forensics
Which of the following is not a part of disk imaging tool requirements?
Disk imagingForensic toolsData integrityHashing - Question #13Disk Forensics
Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of ___________.
Hard Disk DriveDisk GeometryTracksData Storage - Question #14Computer Forensics in Today's World
What is the goal of forensic science?
forensic sciencegoal of forensicsevidentiary value - Question #15Computer Forensics in Today's World
Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as Identify the attack referred.
Directory TraversalPath TraversalWeb VulnerabilitiesAttack Techniques - Question #16Disk Forensics
Which Is a Linux journaling file system?
Linux file systemsJournaling file systemsExt3 - Question #17Computer Forensics Investigation Process
Which of the following statements is not a part of securing and evaluating electronic crime scene checklist?
Crime scene managementIncident responseFirst responder actionsForensic procedures - Question #18Computer Forensics Investigation Process
Which of the following log injection attacks uses white space padding to create unusual log entries?
Log InjectionWord Wrap AbuseAttack Techniques - Question #19Mobile Forensics
Subscriber Identity Module (SIM) is a removable component that contains essential information about the subscriber. Its main function entails authenticating the user of the cell ph...
SIM CardICCIDSubscriber IdentityMobile Device Components - Question #20Disk Forensics
Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.
Partition recoveryDeleted dataDisk analysisData extraction - Question #21Disk Forensics
If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?
File SystemsDisk AllocationSector SizeStorage Fundamentals - Question #22Disk Forensics
What is a SCSI (Small Computer System Interface)?
SCSIComputer interfacesHardwareDisk storage - Question #23Computer Forensics in Today's World
An attack vector is a path or means by which an attacker can gain access to computer or network resources in order to deliver an attack payload or cause a malicious outcome.
Attack VectorSecurity ConceptsCybersecurity Terminology - Question #24Network Forensics
Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident.
Network Forensics DefinitionNetwork Traffic AnalysisLog AnalysisIncident Investigation - Question #25Computer Forensics Investigation Process
Digital evidence validation involves using a hashing algorithm utility to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a disk drive o...
Digital Evidence ValidationHashing AlgorithmsMD5Data Integrity - Question #26Disk Forensics
LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.
LBALogical Block AddressHard disk addressingSector addressing - Question #27Network Forensics
Which of the following attacks allows attacker to acquire access to the communication channels between the victim and server to extract the information?
MITM attackNetwork attacksCommunication interceptionAttack techniques - Question #28Network Forensics
SMTP (Simple Mail Transfer protocol) receives outgoing mail from clients and validates source and destination addresses, and also sends and receives emails to and from other SMTP s...
SMTPEmail ProtocolNetwork Protocols - Question #29Disk Forensics
In Windows 7 system files, which file reads the Boot.ini file and loads Ntoskrnl.exe. Bootvid.dll. Hal.dll, and boot-start device drivers?
Windows Boot ProcessNtldrSystem FilesOperating System Fundamentals - Question #30Computer Forensics in Today's World
What is the "Best Evidence Rule"?
Best Evidence RuleLegal Aspects of ForensicsEvidence AdmissibilityForensic Principles - Question #31Computer Forensics Investigation Process
What is the First Step required in preparing a computer for forensics investigation?
Evidence preservationFirst responder actionsDigital evidence handling - Question #32Disk Forensics
What is the smallest allocation unit of a hard disk?
Hard Disk AllocationClustersFilesystemsStorage Concepts - Question #33Network Forensics
An Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Which of the foll...
NTPTime SynchronizationStratum LevelsNetwork Protocols - Question #34Computer Forensics in Today's World
An expert witness is a witness, who by virtue of education, profession, or experience, is believed to have special knowledge of his/her subject beyond that of the average person, s...
Expert WitnessLegal ProcessForensic Roles - Question #35Computer Forensics in Today's World
Physical security recommendations: There should be only one entrance to a forensics lab
Physical securityForensics lab securityLab designSecurity best practices - Question #36Computer Forensics Investigation Process
When dealing with the powered-off computers at the crime scene, if the computer is switched off, turn it on
Crime scene proceduresEvidence handlingDigital forensics best practicesVolatile data preservation - Question #37Report Writing & Presentation
Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details...
Forensic ReportAdmissibilityLegal StandardsEvidence - Question #38Computer Forensics Investigation Process
A forensic investigator is a person who handles the complete Investigation process, that is, the preservation, identification, extraction, and documentation of the evidence. The in...
Evidence PreservationDigital Forensics ProcessForensic ImagingInvestigator Roles - Question #39Computer Forensics in Today's World
Digital photography helps in correcting the perspective of the Image which Is used In taking the measurements of the evidence. Snapshots of the evidence and incident-prone areas ne...
Digital PhotographyEvidence AdmissibilityForensic ProcessLegal Acceptance - Question #40Computer Forensics Investigation Process
Which one of the following is not a consideration in a forensic readiness planning checklist?
Forensic ReadinessIncident Response PlanningDigital Evidence Management - Question #41Disk Forensics
Shortcuts are the files with the extension .Ink that are created and are accessed by the users. These files provide you with information about:
LNK filesWindows artifactsUser activityFile system analysis - Question #42Report Writing & Presentation
A computer forensic report is a report which provides detailed information on the complete forensics investigation process.
Computer ForensicsForensic ReportInvestigation ProcessReporting - Question #43Report Writing & Presentation
Which one of the following statements is not correct while preparing for testimony?
Testimony PreparationExpert WitnessForensic MethodologyInvestigation Best Practices - Question #44Computer Forensics Investigation Process
Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting we...
Log analysisWeb server logsIncident detectionDigital evidence - Question #45Computer Forensics Investigation Process
An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthori...
Intrusion Detection System (IDS)Host-based IDS (HIDS)Security MonitoringIncident Detection - Question #46Disk Forensics
What is a first sector ("sector zero") of a hard disk?
Hard disk structureMaster Boot RecordSector zeroBoot process - Question #47Mobile Forensics
Ever-changing advancement or mobile devices increases the complexity of mobile device examinations. Which or the following is an appropriate action for the mobile forensic investig...
Mobile device acquisitionOn-scene proceduresVolatile data captureEvidence preservation - Question #48Computer Forensics in Today's World
Which of the following is the certifying body of forensics labs that investigate criminal cases by analyzing evidence?
forensic lab certificationASCLDforensic standardscriminal investigations - Question #49Computer Forensics Investigation Process
When a system is compromised, attackers often try to disable auditing, in Windows 7; modifications to the audit policy are recorded as entries of Event ID____________.
Windows Event IDsAudit PolicySecurity MonitoringPost-compromise Indicators - Question #50Network Forensics
MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network
MAC AddressNetwork SecurityMAC FilteringNetworking Fundamentals