Browse Exams Pricing

Exams312-49Questions

312-49 Exam Questions

696 real 312-49 exam questions with expert-verified answers and explanations. Page 11 of 14.

Question #505Disk Forensics
The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block?
Hard disk architectureDisk block sizeStorage unitsFile system fundamentals
Question #506Disk Forensics
In Windows Security Event Log, what does an event id of 530 imply?
Windows Event LogsSecurity AuditingEvent ID 530Logon Failure
Question #507Disk Forensics
Which of the following technique creates a replica of an evidence media?
Digital ForensicsEvidence AcquisitionForensic ImagingBit Stream Imaging
Question #508Computer Forensics Investigation Process
Which among the following search warrants allows the first responder to get the victim's computer information such as service records, billing records, and subscriber information f...
Search WarrantLegal ProcessService Provider DataEvidence Acquisition
Question #509Disk Forensics
Which of the following tool creates a bit-by-bit image of an evidence media?
Forensic imagingData acquisitionEvidence collectionFTK Imager
Question #510Disk Forensics
What is the location of the binary files required for the functioning of the OS in a Linux system?
Linux FilesystemFilesystem Hierarchy StandardOS BinariesSystem Architecture
Question #511Disk Forensics
Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?
File FormatsOLE TechnologyDocument StructureForensic Analysis
Question #512Disk Forensics
Ivanovich, a forensics investigator, is trying to extract complete information about running processes from a system. Where should he look apart from the RAM and virtual memory?
Memory ForensicsSwap SpaceProcess AnalysisDigital Forensics
Question #513Computer Forensics Investigation Process
When marking evidence that has been collected with the "aaa/ddmmyy/nnnn/zz" format, what does the "nnnn" denote?
Evidence markingEvidence handlingForensic proceduresChain of custody
Question #514Disk Forensics
Which MySQL log file contains information on server start and stop?
MySQL logsServer logsLog file identificationDatabase forensics
Question #515Disk Forensics
Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the siz...
File system structureSuperblockDisk metadata
Question #516Network Forensics
Bob works as information security analyst for a big finance company. One day, the anomaly- based intrusion detection system alerted that a volumetric DDOS targeting the main IP of...
DDoSNetwork attack classificationIDSVolumetric DDoS
Question #517Report Writing & Presentation
Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?
Legal ProcessCourt ProceduresWitness TestimonyDirect Examination
Question #518Computer Forensics Investigation Process
Which rule requires an original recording to be provided to prove the content of a recording?
Best Evidence RuleRules of EvidenceLegal ProceduresDigital Evidence Admissibility
Question #519Malware Forensics
The investigator wants to examine changes made to the system's registry by the suspect program. Which of the following tool can help the investigator?
Registry ForensicsMalware Analysis ToolsDigital Forensics ToolsSystem Change Detection
Question #520Network Forensics
What does the part of the log, "% SEC-6-IPACCESSLOGP", extracted from a Cisco router represent?
Cisco loggingLog message interpretationNetwork security logsAccess control lists (ACLs)
Question #521Disk Forensics
Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where "x" represents the ___________________.
Recycle Bin forensicsWindows file systemDeleted file artifactsForensic artifacts
Question #522Mobile Forensics
Which of the following is an iOS Jailbreaking tool?
iOS JailbreakingMobile Forensics ToolsRedsn0w
Question #523Disk Forensics
Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?
Windows RegistryRegistry structureKey cellForensic analysis
Question #524Disk Forensics
What is the default IIS log location?
IISLog file locationsWeb server forensics
Question #525Disk Forensics
Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Whic...
File recoveryData recovery toolsMac data recovery
Question #526Malware Forensics
Which file is a sequence of bytes organized into blocks understandable by the system's linker?
Object fileLinkerFile typesCompilation process
Question #527Disk Forensics
Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. I...
Disk ForensicsOS ArtifactsWindows ForensicsRecycle Bin Analysis
Question #528Disk Forensics
Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name...
Recycle Bin forensicsDeleted file recoveryWindows file systemHard disk analysis
Question #529Disk Forensics
Which among the following files provides email header information in the Microsoft Exchange server?
Microsoft Exchange ServerEmail ForensicsDatabase FilesEmail Headers
Question #530Disk Forensics
Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute comma...
Directory TraversalWeb Application AttacksVulnerabilityInformation Disclosure
Question #531Computer Forensics in Today's World
What is the size value of a nibble?
Data unitsNibbleBitByte
Question #532Disk Forensics
Which of the following tool enables a user to reset his/her lost admin password in a Windows system?
Windows password resetPassword recovery toolsAdmin passwordSystem access
Question #533Network Forensics
Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?
Intrusion Detection SystemIntrusion Prevention SystemSnortNetwork Security Tools
Question #534Computer Forensics in Today's World
In Steganalysis, which of the following describes a Known-stego attack?
SteganalysisKnown-stego attackSteganographyCovert communication
Question #535Disk Forensics
Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system?
Deleted filesRecycle BinFile system pathsWindows forensics
Question #536Disk Forensics
Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?
Google DriveConfiguration filesDisk artifactsClient data
Question #537Report Writing & Presentation
An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party's claim or defense.
Expert witnessLegal proceedingsForensic reporting
Question #538Computer Forensics Investigation Process
Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first respon...
First ResponderEvidence PreservationCrime Scene DocumentationIncident Response
Question #539Disk Forensics
Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?
NTFSMaster File Table (MFT)File SystemsDisk Structure
Question #540Computer Forensics Investigation Process
Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB fil...
Microsoft Exchange ServerEmail ForensicsMIME StreamPRIV.STM
Question #541Disk Forensics
Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?
File SignaturesMagic NumbersImage File FormatsDigital Forensics Tools
Question #542Network Forensics
Which of the following tools will help the investigator to analyze web server logs?
Web server logsLog analysisNetwork forensics tools
Question #543Cloud Forensics
Which of the following files gives information about the client sync sessions in Google Drive on Windows?
Google Drive forensicsCloud client artifactsLog file analysisWindows forensics
Question #544Computer Forensics in Today's World
Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?
US LegislationComplianceSarbanes-OxleyFraud Prevention
Question #545Computer Forensics Investigation Process
Richard is extracting volatile data from a system and uses the command doskey/history. What is he trying to extract?
Volatile dataWindows commandsCommand historyLive forensics
Question #546Disk Forensics
Jacky encrypts her documents using a password. It is known that she uses her daughter's year of birth as part of the password. Which password cracking technique would be optimal to...
Password crackingRule-based attackDigital forensics techniques
Question #547Network Forensics
Which of the following tool can the investigator use to analyze the network to detect Trojan activities?
Network Analysis ToolsTrojan DetectionPacket SniffingNetwork Monitoring
Question #548Disk Forensics
When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called "INFO2" in the Recycled folder. If the INFO2 f...
Recycle BinINFO2 fileFile deletion mechanismsWindows OS artifacts
Question #549Disk Forensics
What is the primary function of the tool CHKDSK in Windows that authenticates the file system reliability of a volume?
CHKDSKFile system integrityWindows utilitiesDisk troubleshooting
Question #550Disk Forensics
Which of the following tool enables data acquisition and duplication?
Data acquisitionDisk imagingForensic tools
Question #551Mobile Forensics
What does 254 represent in ICCID 89254021520014515744?
ICCIDSIM cardMobile identificationData structure
Question #552Malware Forensics
Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program. What part of the analysis is he performing?
Static analysisMalware analysis toolsResourcesExtractStrings extraction
Question #553Disk Forensics
A master boot record (MBR) is the first sector ("sector zero") of a data storage device. What is the size of MBR?
Master Boot RecordDisk StructureStorage Devices
Question #554Computer Forensics in Today's World
Which password cracking technique uses every possible combination of character sets?
Password CrackingBrute Force AttackAttack Techniques

PreviousPage 11 of 14Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.