Browse Exams Pricing

Exams312-49Questions

312-49 Exam Questions

696 real 312-49 exam questions with expert-verified answers and explanations. Page 10 of 14.

Question #452Network Forensics
You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only...
Firewall typesStateful inspectionNetwork securitySecurity policies
Question #453Network Forensics
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
Idle ScanningNetwork ScanningOperating System DifferencesIP ID Sequence
Question #454Network Forensics
You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used...
Penetration TestingVulnerability DiscoveryHTTP VulnerabilityInformation Disclosure
Question #455Network Forensics
When investigating a wireless attack, what information can be obtained from the DHCP logs?
DHCP logsMAC addressNetwork investigation
Question #456Network Forensics
Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The ma...
SNMP securityNetwork hardeningCommunity stringsVulnerability management
Question #457Network Forensics
When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administ...
NTPTime SynchronizationNetwork ProtocolsEvent Correlation
Question #458Network Forensics
When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?
Wireless NetworkingAccess Point ConfigurationChannel ManagementInterference
Question #459Disk Forensics
You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords....
Password crackingWindows securityLM hash vulnerabilitySAM database
Question #460Network Forensics
Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael cond...
NmapXMAS scanPort scanningTCP port states
Question #461Network Forensics
What is the target host IP in the following command? C:\> firewalk -F 80 10.10.150.1 172.16.28.95 -p UDP
firewalkNetwork ScanningCLIFirewall Evasion
Question #462Network Forensics
Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches...
Penetration TestingNetwork EvasionTCP/IPFirewall Bypass
Question #463Computer Forensics in Today's World
When is it appropriate to use computer forensics?
Computer Forensics ScopeDigital Investigation ScenariosIntellectual Property CrimeCybercrime
Question #464Computer Forensics in Today's World
You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing de...
Legal ConceptsTrademark LawIntellectual Property
Question #465Disk Forensics
What feature of Windows is the following command trying to utilize?
Alternate Data Streams (ADS)NTFSData hidingWindows forensics
Question #466Computer Forensics Investigation Process
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ong...
Chain of CustodyEvidence DocumentationForensic ProcedureEvidence Handling
Question #467Computer Forensics Investigation Process
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardware write-blocking device to _________
Hardware write-blockerDigital evidence acquisitionEvidence integrityContamination prevention
Question #468Computer Forensics in Today's World
Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to per...
Social EngineeringVishingSecurity AwarenessPsychological Principles
Question #469Computer Forensics in Today's World
You are working as a computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzli...
Agent of Law EnforcementLegal ImplicationsCorporate ForensicsEthical Boundaries
Question #470Disk Forensics
What is kept in the following directory? HKLM\SECURITY\Policy\Secrets
Windows RegistryCredential StorageSystem SecurityPlaintext Passwords
Question #471Computer Forensics Investigation Process
When discussing the chain of custody in an investigation, what does a link refer to?
Chain of CustodyEvidence HandlingForensic InvestigationLegal Process
Question #475Disk Forensics
Which root folder (hive) of registry editor contains a vast array of configuration information for the system, including hardware settings and software settings?
Windows RegistryRegistry HivesSystem ConfigurationHKEY_LOCAL_MACHINE
Question #476Disk Forensics
Operating System logs are most beneficial for Identifying or Investigating suspicious activities involving a particular host. Which of the following Operating System logs contains...
OS logsEvent logsLog analysisHost forensics
Question #477Network Forensics
WPA2 provides enterprise and Wi-Fi users with stronger data protection and network access control which of the following encryption algorithm is used DVWPA2?
Wi-Fi securityWPA2AES-CCMPEncryption algorithm
Question #478Mobile Forensics
SIM is a removable component that contains essential information about the subscriber. It has both volatile and non-volatile memory. The file system of a SIM resides in ___________...
SIM cardNon-volatile memoryMobile device architectureFile systems
Question #479Mobile Forensics
Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith...
Mobile forensicsSIM card data recoveryPIN Unblocking Key (PUK)Forensic investigation procedures
Question #480Computer Forensics Investigation Process
Volatile information can be easily modified or lost when the system is shut down or rebooted. It helps to determine a logical timeline of the security incident and the users who wo...
Volatile DataForensic EvidenceIncident ResponseData Volatility
Question #481Network Forensics
Attacker uses vulnerabilities in the authentication or session management functions such as exposed accounts, session IDs, logout, password management, timeouts, remember me. secre...
Session ManagementTimeout ExploitationAuthentication VulnerabilitiesWeb Application Security
Question #482Disk Forensics
Which table is used to convert huge word lists (i .e. dictionary files and brute-force lists) into password hashes?
Rainbow tablesPassword crackingHashingBrute-force
Question #483Report Writing & Presentation
Consistency in the investigative report is more important than the exact format in the report to eliminate uncertainty and confusion.
Investigative ReportReport QualityConsistencyClarity
Question #484Mobile Forensics
The Electronic Serial Number (ESN) is a unique __________ recorded on a secure chip in a mobile phone by the manufacturer.
ESNMobile device identifiersMobile forensics
Question #485Network Forensics
Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time. Which type of correlation will you use if your...
Event correlationCross-platform correlationSecurity monitoring
Question #486Disk Forensics
The Recycle Bin is located on the Windows desktop. When you delete an item from the hard disk, Windows sends that deleted item to the Recycle Bin and the icon changes to full from...
Recycle BinWindows OSFile deletionDisk artifacts
Question #487Computer Forensics in Today's World
The need for computer forensics is highlighted by an exponential increase in the number of cybercrimes and litigations where large organizations were involved. Computer forensics p...
Computer Forensics PurposeEvidence ManagementCybercrime Context
Question #488Computer Forensics in Today's World
First responder is a person who arrives first at the crime scene and accesses the victim's computer system after the incident. He or She is responsible for protecting, integrating,...
First responderIncident responseForensic rolesCrime scene management
Question #489Disk Forensics
Smith, an employee of a reputed forensic Investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in hacking of organiz...
Registry forensicsWindows RegistryRun box historyForensic artifacts
Question #490Computer Forensics Investigation Process
What document does the screenshot represent?
Chain of CustodyEvidence HandlingDigital Forensics Process
Question #491Disk Forensics
Watson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format. What type of evidence is this?
CDFSISO fileFile systemsDigital evidence
Question #492Disk Forensics
Which of the following techniques can be used to beat steganography?
SteganographySteganalysisInformation hidingDigital forensics
Question #493Disk Forensics
Which of the following options will help users to enable or disable the last access time on a system running Windows 10 OS?
Windows OSFile System MetadataLast Access Timefsutil
Question #494Network Forensics
Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. he wants to recover all...
Network ForensicsData ReconstructionEmail AnalysisForensic Tools
Question #495Disk Forensics
Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, th...
Dropbox ForensicsApplication ArtifactsLocal Storage AnalysisDatabase Forensics
Question #496Computer Forensics Investigation Process
An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?
Postmortem AnalysisIncident InvestigationData LeakForensic Methodology
Question #497Computer Forensics Investigation Process
Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?
SIEMIncident ResponseLog ManagementInvestigation Start Point
Question #498Disk Forensics
Which code does the FAT file system use to mark the file as deleted?
FAT File SystemFile Deletion MarkerDirectory EntryHexadecimal Code
Question #499Network Forensics
What does the 63.78.199.4(161) denotes in a Cisco router log? Mar 14 22:57:53.425 EST: %SEC-6-IPACCESSLOGP: list internet-inbound denied udp 66.56.16.77(1029) -> 63.78.199.4(161),...
Network log analysisCisco loggingIP addressingTraffic flow
Question #500Disk Forensics
Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:
Windows RegistrySecurity ID (SID)User ProfilesRegistry Paths
Question #501Network Forensics
Which of the following commands shows you all of the network services running on Windows- based servers?
Network servicesnetstat commandWindows networkingService enumeration
Question #502Disk Forensics
Which of the following are small pieces of data sent from a website and stored on the user's computer by the user's web browser to track, validate, and maintain specific user infor...
Web CookiesBrowser DataUser TrackingDigital Artifacts
Question #503Disk Forensics
Pagefile.sys is a virtual memory file used to expand the physical memory of a computer. Select the registry path for the page file:
Pagefile.sysWindows RegistryVirtual MemoryOS Configuration
Question #504Network Forensics
Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?
Net commandFile sharingOpen filesServer investigation

PreviousPage 10 of 14Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.