312-49 Exam Questions

Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?

The Recycle Bin exists as a metaphor for throwing files away, but it also allows a user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added...

During an investigation of an XSS attack, the investigator comes across the term "[a-zA-Z0- 9\%]+" in analyzed evidence details. What is the expression used for?

Which among the following search warrants allows the first responder to search and seize the victim's computer components such as hardware, software, storage devices, and documenta...

Centralized binary logging is a process in which many websites write binary and unformatted log data to a single log file. What extension should the investigator look to find its l...

Where should the investigator look for the Edge browser's browsing records, including history, cache, and cookies?

Which of the following setups should a tester choose to analyze malware behavior?

A Linux system is undergoing investigation. In which directory should the investigators look for its current state data if the system is in powered on state?

What is the purpose of using Obfuscator in malware?

Which of the following commands shows you the username and IP address used to access the system via a remote login session and the type of client from which they are accessing the...

Which of the following is a federal law enacted in the US to control the ways that financial institutions deal with the private information of individuals?

UEFI is a specification that defines a software interface between an OS and platform firmware. Where does this interface store information about files present on a disk?

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the...

Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address i...

Gill is a computer forensics investigator who has been called upon to examine a seized computer. This computer, according to the police, was used by a hacker who gained access to n...

An attacker has compromised a cloud environment of a company and used the employee information to perform an identity theft attack. Which type of attack is this?

In which implementation of RAID will the image of a Hardware RAID volume be different from the image taken separately from the disks?

One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg exte...

An investigator enters the command sqlcmd -S WIN-CQQMK62867E -e -s"," -E as part of collecting the primary data file and logs from a database. What does the "WIN-CQQMK62867E" repre...

During the trial, an investigator observes that one of the principal witnesses is severely ill and cannot be present for the hearing. He decides to record the evidence and present...

What is cold boot (hard boot)?

What does the 56.58.152.114(445) denote in a Cisco router log? Jun 19 23:25:46.125 EST: %SEC-4-IPACCESSLOGP: list internet-inbound denied udp 67.124.115.35 (8084) -> 56.58.152.114(...

Which among the following laws emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to provide information security for the...

Which of the following techniques delete the files permanently?

What is an investigator looking for in the rp.log file stored in a system running on Windows 10 operating system?

Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely...

Which of the following tool is used to locate IP addresses?

Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?

What is the framework used for application development for iOS-based mobile devices?

Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of te...

Which of the following tools is not a data acquisition hardware tool?

The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator...

Which list contains the most recent actions performed by a Windows User?

Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?

What is the name of the first reserved sector in File allocation table?

What does the command "C:\>wevtutil gl <log name>" display?

An investigator is analyzing a checkpoint firewall log and comes across symbols. What type of log is he looking at?

For what purpose do the investigators use tools like iPhoneBrowser, iFunBox, OpenSSHSSH, and iMazing?

Which of the following does Microsoft Exchange E-mail Server use for collaboration of various e- mail applications?

Which of the following is a precomputed table containing word lists like dictionary files and brute force lists and their hash values?

What is the capacity of Recycle bin in a system running on Windows Vista?

Brian needs to acquire data from RAID storage. Which of the following acquisition methods is recommended to retrieve only the data relevant to the investigation?

Analyze the hex representation of mysql-bin.000013 file in the screenshot below. Which of the following will be an inference from this analysis?

What technique is used by JPEGs for compression?

Which of the following is found within the unique instance ID key and helps investigators to map the entry from USBSTOR key to the MountedDevices key?

What is the investigator trying to analyze if the system gives the following image as output?