Browse Exams Pricing

Exams312-49Questions

312-49 Exam Questions

696 real 312-49 exam questions with expert-verified answers and explanations. Page 13 of 14.

Question #605Disk Forensics
Graphics Interchange Format (GIF) is a ____ RGB bitmap image format for images with up to 256 distinct colors per frame.
GIF formatImage file formatsBit depthDigital artifacts
Question #606Disk Forensics
Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.
Hard disk addressingPhysical blocksDisk storageData units
Question #607Computer Forensics in Today's World
Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?
Legal precedentEvidence admissibilityFrye standardForensic law
Question #608Network Forensics
Event correlation is the process of finding relevance between the events that produce a final result. What type of correlation will help an organization to correlate events across...
Event correlationCross-platform analysisSecurity monitoringLog management
Question #609Malware Forensics
What malware analysis operation can the investigator perform using the jv16 tool?
Malware analysis toolsRegistry analysisjv16 PowerTools
Question #610Network Forensics
Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?
Email headersEmail protocolsBounce messages
Question #611Computer Forensics Investigation Process
Jacob is a computer forensics investigator with over 10 years of experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a q...
Expert Witness TestimonyEvidence AuthenticationLegal ProceduresEvidence Integrity
Question #612Disk Forensics
When a user deletes a file, the system creates a $I file to store its details. What detail does the $I file not contain?
Recycle Bin ForensicsWindows ForensicsDeleted FilesFile System Artifacts
Question #613Disk Forensics
Raw data acquisition format creates _________ of a data set or suspect drive.
Raw Data AcquisitionDisk ImagingForensic Image FormatsBit-stream Copy
Question #614Computer Forensics in Today's World
CAN-SPAM act requires that you:
CAN-SPAM ActEmail regulationsLegal complianceSpam
Question #615Disk Forensics
Which of the following registry hive gives the configuration information about which application was used to open various files on the system?
Windows RegistryRegistry HivesFile AssociationsSystem Configuration
Question #616Malware Forensics
Select the tool appropriate for examining the dynamically linked libraries of an application or malware.
Malware AnalysisStatic AnalysisDependencyWalkerDLLs
Question #617Computer Forensics in Today's World
Which among the following U.S. laws requires financial institutions--companies that offer consumers financial products or services such as loans, financial or investment advice, or...
Information Security LawsU.S. LawsFinancial InstitutionsData Protection Compliance
Question #618Disk Forensics
Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?
Password crackingPassword recoveryForensic toolsData decryption
Question #619Mobile Forensics
An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?
Mobile Device IdentifiersESNDevice Manufacturer Data
Question #620Network Forensics
Which command line tool is used to determine active network connections?
Command-line toolsNetwork connectionsNetwork monitoringNetstat
Question #621Malware Forensics
Which of the following processes is part of the dynamic malware analysis?
Dynamic Malware AnalysisMalware Analysis TechniquesProcess Monitoring
Question #622Mobile Forensics
Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?
Mobile Device IdentificationIMEITACMobile Forensics
Question #623Disk Forensics
What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?
DegaussingData erasureMagnetic data wipingSecure data destruction
Question #624Malware Forensics
Which of the following tool can reverse machine code to assembly language?
Reverse EngineeringDisassemblerIDA ProMalware Analysis Tools
Question #625Disk Forensics
Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?
Forensic ImagingFile FormatsData CompressionRandom Access
Question #626Disk Forensics
What is the investigator trying to view by issuing the command displayed in the following screenshot?
System ServicesOperating System AnalysisCommand Line InterfaceSystem Configuration
Question #627Mobile Forensics
Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?
iOS ForensicsiOS ArchitectureCore OS Layer
Question #628Malware Forensics
Which command can provide the investigators with details of all the loaded modules on a Linux- based system?
Linux commandsKernel modulesSystem investigationForensic tools
Question #629Disk Forensics
In a Linux-based system, what does the command "Last -F" display?
Linux commandSystem logsUser activityForensic tools
Question #630Report Writing & Presentation
Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?
Cross-examinationLegal proceduresWitness testimonyTrial process
Question #631Computer Forensics Investigation Process
Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.
Hearsay exceptionsRules of evidenceAdmissibility of evidenceLegal considerations
Question #632Computer Forensics Investigation Process
Which of the following is a responsibility of the first responder?
First ResponderIncident ResponseEvidence CollectionDigital Forensics Process
Question #633Disk Forensics
NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is...
NTFSEFSData Decryption Field (DDF)File Encryption
Question #634Disk Forensics
If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.
Slack SpaceFile SystemsDisk AllocationData Storage
Question #635Disk Forensics
After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?
Exchange ServerDatabase FilesStorage ArchitectureForensic Artifacts
Question #636Disk Forensics
Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?
NTFSMaster File TableFile AllocationWindows OS
Question #637Computer Forensics Investigation Process
Which of the following is a tool to reset Windows admin password?
Password resetWindows securitySystem access toolsForensic tools
Question #638Mobile Forensics
Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence...
Mobile ForensicsIMEI RetrievalDevice IdentificationNokia Device
Question #639Disk Forensics
Select the data that a virtual memory would store in a Windows-based system.
Virtual MemoryOperating System InternalsProcess ManagementWindows OS
Question #640Disk Forensics
Which of the following does not describe the type of data density on a hard disk?
Hard diskData densityDisk technologyStorage concepts
Question #641Computer Forensics in Today's World
Amelia has got an email from a well-reputed company stating in the subject line that she has won a prize money, whereas the email body says that she has to pay a certain amount for...
Email securityDeceptive emailCyber lawCAN-SPAM Act
Question #642Computer Forensics Investigation Process
Which principle states that "anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave"?
Locard's Exchange PrincipleForensic principlesEvidence collectionCrime scene investigation
Question #643Mobile Forensics
During an investigation, Noel found the following SIM card from the suspect's mobile. What does the code 89 44 represent?
SIM card analysisIMSI structureMobile identifiersDigital evidence
Question #644Disk Forensics
Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?
File SystemsNTFSMFTDisk Structures
Question #645Disk Forensics
As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Man...
SQL Server ForensicsTransaction Log AnalysisDBCC LOG CommandDatabase Forensics
Question #646Network Forensics
%3cscript%3ealert("XXXXXXXX")%3c/script%3e is a script obtained from a Cross-Site Scripting attack. What type of encoding has the attacker employed?
Cross-Site Scripting (XSS)URL EncodingHex EncodingWeb Security
Question #647Network Forensics
Which of the following is a device monitoring tool?
Network monitoring toolsNetwork analysisForensic tools
Question #648Network Forensics
What system details can an investigator obtain from the NetBIOS name table cache?
NetBIOSNetwork ArtifactsName ResolutionSystem Cache
Question #649Disk Forensics
While analyzing a hard disk, the investigator finds that the file system does not use UEFI-based interface. Which of the following operating systems is present on the hard disk?
UEFIBIOSOperating System IdentificationDisk Forensics
Question #650Disk Forensics
In which registry does the system store the Microsoft security IDs?
Windows RegistrySecurity Identifiers (SIDs)HKEY_LOCAL_MACHINESystem Internals
Question #651Disk Forensics
An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: Disk&Ven_Best_Buy&Prod_Geek_Squad_U3&Rev_6.15. What does the "Geek_Squad" part represent?
USB ForensicsDevice DescriptorsDigital Evidence IdentificationStorage Devices
Question #652Malware Forensics
Which of the following Perl scripts will help an investigator to access the executable image of a process?
Forensic toolsProcess analysisExecutable imagePerl scripts
Question #653Computer Forensics in Today's World
Which of the following attack uses HTML tags like <script></script>?
XSSWeb Application SecurityHTML ScriptingVulnerability
Question #654Computer Forensics Investigation Process
Examination of a computer by a technically unauthorized person will almost always result in:
Admissibility of EvidenceForensic ProceduresChain of Custody

PreviousPage 13 of 14Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.