Browse Exams Pricing

Exams312-49Questions

312-49 Exam Questions

696 real 312-49 exam questions with expert-verified answers and explanations. Page 12 of 14.

Question #555Network Forensics
Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statisti...
Event CorrelationBayesian AnalysisThreat PredictionSecurity Analytics
Question #556Disk Forensics
NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:
File SystemsNTFSFATSlack Space
Question #557Mobile Forensics
Smith, as a part his forensic investigation assignment, seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data in the mobile device. Smith f...
Mobile ForensicsSIM Card AnalysisPIN/PUKData Recovery
Question #558Malware Forensics
Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures?
Windows internalsProcess managementKernel data structuresMemory analysis
Question #559Cloud Forensics
How will you categorize a cybercrime that took place within a CSP's cloud environment?
Cloud ForensicsCybercrime CategorizationCloud as an ObjectCloud Security
Question #560Report Writing & Presentation
Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?
Expert TestimonyFormal ReportsVerbal PresentationUnder Oath
Question #561Computer Forensics in Today's World
The process of restarting a computer that is already turned on through the operating system is called?
boot processwarm bootcomputer fundamentals
Question #562Malware Forensics
Amber, a black hat hacker, has embedded a malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing...
MalvertisingMalware distributionAttack vectorsOnline advertising security
Question #563Disk Forensics
Sectors are pie-shaped regions on a hard disk that store data. Which of the following parts of a hard disk do not contribute in determining the addresses of data?
Hard disk architectureData addressingStorage componentsDisk structure
Question #564Network Forensics
Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Wh...
NetstatCommand-line toolsNetwork connectionsProcess ID
Question #565Disk Forensics
Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to anal...
Email forensicsDBX filesDigital forensics artifactsOutlook Express
Question #566Network Forensics
Which network attack is described by the following statement? "At least five Russian major banks came under a continuous hacker attack, although online client services were not dis...
DDoSBotnetNetwork AttackDenial of Service
Question #567Computer Forensics Investigation Process
Which of the following is NOT a part of pre-investigation phase?
Digital Forensics ProcessInvestigation PhasesPre-investigationEvidence Collection
Question #568Computer Forensics Investigation Process
To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong?
Computer Forensics ProcessPre-investigation PhaseForensics Lab PlanningBudgeting
Question #569Cloud Forensics
Which tool does the investigator use to extract artifacts left by Google Drive on the system?
Cloud ForensicsVolatile Memory AcquisitionDigital ArtifactsGoogle Drive Forensics
Question #570Disk Forensics
BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 mill...
BMP file formatFile structureImage filesDigital forensics
Question #571Disk Forensics
Identify the file system that uses $BitMap file to keep track of all used and unused clusters on a volume.
File SystemsNTFSCluster AllocationMetadata
Question #572Malware Forensics
An investigator has acquired packed software and needed to analyze it for the presence of malice. Which of the following tools can help in finding the packaging software used?
Malware analysisPacked executablesPacker identificationPEiD
Question #573Computer Forensics in Today's World
Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his foren...
Administrative InvestigationTypes of InvestigationsInternal InvestigationIncident Classification
Question #574Computer Forensics Investigation Process
Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?
Windows ToolsSysinternalsUser SessionsHost Forensics
Question #575Disk Forensics
A forensic examiner is examining a Windows system seized from a crime scene. During the examination of a suspect file, he discovered that the file is password protected. He tried g...
Password RecoveryForensic ToolsWindows Forensics
Question #576Mobile Forensics
Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?
Android GraphicsOpenGL ESSkia GraphicsMobile OS Architecture
Question #577Report Writing & Presentation
Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
Report WritingForensic InvestigationProfessional EthicsObjectivity
Question #578Computer Forensics Investigation Process
You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which amo...
MySQL utilitiesMyISAMLog file recoveryDatabase forensics
Question #579Network Forensics
Andie, a network administrator, suspects unusual network services running on a windows system. Which of the following commands should he use to verify unusual network services star...
Windows commandsService managementNetwork investigationCommand-line interface
Question #580Disk Forensics
Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?
Windows ForensicsRecycle Bin ArtifactsFile Naming Conventions
Question #581Disk Forensics
Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying t...
File SignaturesMagic NumbersHexadecimal AnalysisImage Files
Question #582Computer Forensics in Today's World
Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID "WIN-ABCDE12345F." Which of the following log file...
MySQL ForensicsDatabase LogsGeneral Query LogForensic Artifacts
Question #583Report Writing & Presentation
What must an attorney do first before you are called to testify as an expert?
Expert WitnessLegal TestimonyWitness QualificationCourt Procedure
Question #584Computer Forensics Investigation Process
Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devic...
USB Device AnalysisForensic ToolsWindows Command-line UtilitiesEvidence Collection
Question #585Computer Forensics in Today's World
Which of the following is NOT a physical evidence?
Physical evidenceDigital evidenceEvidence classificationForensic evidence types
Question #586Computer Forensics Investigation Process
During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?
UTCTime synchronizationForensics terminologyEvidence collection
Question #587Malware Forensics
Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. T...
Buffer OverflowMemory CorruptionVulnerabilityWeb Application Security
Question #588Disk Forensics
Which of the following is a part of a Solid-State Drive (SSD)?
SSD componentsNAND flashStorage mediaHardware basics
Question #589Report Writing & Presentation
Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses' testimony during...
Legal StandardsExpert TestimonyAdmissibility of EvidenceDaubert Standard
Question #590Computer Forensics Investigation Process
Which of the following statements is incorrect when preserving digital evidence?
Digital Evidence PreservationForensic Investigation StepsFirst ResponderVolatile Data Handling
Question #591Disk Forensics
Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?
ISO standardFile systemsOptical disksStorage media
Question #592Computer Forensics in Today's World
Lynne receives the following email: Dear [email protected]! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/...
PhishingSocial EngineeringEmail SecurityCybersecurity Threats
Question #593Disk Forensics
What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?
Boot Record SignatureMaster Boot Record (MBR)Boot SectorDisk Structure
Question #594Disk Forensics
Which of the following is a MAC-based File Recovery Tool?
File RecoveryData Recovery ToolsmacOS ForensicsDigital Forensics Tools
Question #595Disk Forensics
Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the...
Windows RegistryForensic ArtifactsRun Box HistoryDigital Forensics
Question #596Network Forensics
When analyzing logs, it is important that the clocks of all the network devices are synchronized. Which protocol will help in synchronizing these clocks?
NTPTime SynchronizationNetwork ProtocolsLog Analysis
Question #597Mobile Forensics
An International Mobile Equipment Identifier (IMEI) is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digit...
IMEIType Allocation CodeMobile Device IdentificationGSM
Question #598Computer Forensics in Today's World
Which of the following is NOT an anti-forensics technique?
Anti-forensics techniquesData DeduplicationSteganographyEncryption
Question #599Network Forensics
Rusty, a computer forensics apprentice, uses the command nbtstat 璫 while analyzing the network information in a suspect system. What information is he looking for?
nbtstatNetBIOSCommand-line toolsNetwork analysis
Question #600Computer Forensics in Today's World
Gary, a computer technician, is facing allegations of abusing children online by befriending them and sending them illicit adult images from his office computer. What type of inves...
Criminal investigationLegal aspectsChild exploitationCybercrime
Question #601Network Forensics
The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in...
Apache logsError logsLog analysisServer logs
Question #602Malware Forensics
Tasklist command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following taskl...
Command-lineProcess managementTasklist commandSystem information
Question #603Disk Forensics
Which part of Metasploit framework helps users to hide the data related to a previously deleted file or currently unused by the allocated file.
MetasploitSlack SpaceData HidingFile System Forensics
Question #604Computer Forensics Investigation Process
Which one of the following is not a first response procedure?
First responseIncident responseForensic proceduresData preservation

PreviousPage 12 of 14Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.