Browse Exams Pricing

Exams312-49Questions

312-49 Exam Questions

696 real 312-49 exam questions with expert-verified answers and explanations. Page 2 of 14.

Question #51Disk Forensics
Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, "X" represents the _________.
Recycle Bin structureWindows file systemFile renaming conventionsDigital artifacts
Question #52Network Forensics
Wireless access control attacks aim to penetrate a network by evading WLAN access control measures, such as AP MAC filters and Wi-Fi port access controls. Which of the following wi...
Wireless attacksRogue access pointClient mis-associationWLAN security
Question #53Computer Forensics Investigation Process
When collecting electronic evidence at the crime scene, the collection should proceed from the most volatile to the least volatile
Evidence collectionOrder of volatilityDigital forensics principlesCrime scene investigation
Question #54Network Forensics
Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?
net commandsfile monitoringserver securityWindows CLI
Question #55Disk Forensics
Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:
Windows RegistrySecurity IDsUser ProfilesWindows 7
Question #56Network Forensics
Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?
WLANWireless routerPacket forwardingNetwork devices
Question #57Disk Forensics
When NTFS Is formatted, the format program assigns the __________ sectors to the boot sectors and to the bootstrap code
NTFSBoot SectorDisk FormattingFile System Structure
Question #58Network Forensics
The ARP table of a router comes in handy for Investigating network attacks, as the table contains IP addresses associated with the respective MAC addresses. The ARP table can be ac...
ARP TableCommand Line InterfaceNetworking CommandsNetwork Attack Investigation
Question #59Mobile Forensics
International Mobile Equipment Identifier (IMEI) is a 15-dlgit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits o...
IMEIType Allocation Code (TAC)Mobile Device IdentificationGSM Devices
Question #60Computer Forensics Investigation Process
Who is responsible for the following tasks? - Secure the scene and ensure that it is maintained In a secure state until the Forensic Team advises - Make notes about the scene that...
Scene preservationInitial responseEvidence handlingRoles and responsibilities
Question #61Report Writing & Presentation
Which of the following reports are delivered under oath to a board of directors/managers/panel of jury?
Expert Witness TestimonyVerbal ReportingFormal PresentationLegal Proceedings
Question #62Computer Forensics Investigation Process
You should always work with original evidence
Evidence handlingPreservation of evidenceForensic principlesForensic imaging
Question #63Computer Forensics in Today's World
How do you define forensic computing?
Forensic computingDefinitionDigital forensicsInvestigation principles
Question #64Computer Forensics in Today's World
Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader?
SteganographyOpen code steganographyInformation hidingDocument patterns
Question #65Disk Forensics
What is the first step that needs to be carried out to crack the password?
Password CrackingDictionary AttackWordlist GenerationSecurity Fundamentals
Question #66Computer Forensics Investigation Process
During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible
First responderEvidence collectionLegal complianceForensic examiner
Question #67Malware Forensics
Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modi...
Buffer OverflowMemory ExploitationVulnerabilityProcess Execution Control
Question #68Disk Forensics
Damaged portions of a disk on which no read/Write operation can be performed is known as ______________.
bad sectordisk damagestorage errors
Question #69Network Forensics
Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox, or overwhelm the server where the email address...
Network AttacksDenial-of-Service (DoS)Mail BombingEmail Security
Question #70Computer Forensics in Today's World
Web applications provide an Interface between end users and web servers through a set of web pages that are generated at the server-end or contain script code to be executed dynami...
Web applicationsClient-server architectureWeb pagesScripting
Question #71Computer Forensics Investigation Process
Data Acquisition is the process of imaging or otherwise obtaining information from a digital device and its peripheral equipment and media
Data AcquisitionDigital ForensicsEvidence CollectionForensic Imaging
Question #72Computer Forensics in Today's World
Under no circumstances should anyone, with the exception of qualified computer forensics personnel, make any attempts to restore or recover information from a computer system or de...
Evidence preservationData recoveryForensics best practicesQualified personnel
Question #73Computer Forensics Investigation Process
In which step of the computer forensics investigation methodology would you run MD5 checksum on the evidence?
MD5 checksumData integrityEvidence acquisitionForensic methodology
Question #74Computer Forensics in Today's World
Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain the confidentiality of data.
SteganographyData HidingConfidentialitySecurity Techniques
Question #75Disk Forensics
When the operating system marks cluster as used, but does not allocate them to any file, such clusters are known as ___________.
Lost clustersFile systemDisk structureData integrity
Question #76Computer Forensics in Today's World
Cyber-crime is defined as any Illegal act involving a gun, ammunition, or its applications.
Cybercrime definitionFoundational conceptsLegal aspects
Question #77Network Forensics
Syslog is a client/server protocol standard for forwarding log messages across an IP network. Syslog uses ___________to transfer log messages in a clear text format.
SyslogNetwork ProtocolsTCPLog Forwarding
Question #78Computer Forensics in Today's World
How do you define Technical Steganography?
SteganographyTechnical SteganographyInformation HidingData Concealment
Question #79Computer Forensics in Today's World
Digital evidence is not fragile in nature.
Digital EvidenceEvidence FragilityForensic PrinciplesEvidence Characteristics
Question #80Computer Forensics in Today's World
Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with compute...
Computer Fraud and Abuse Act (CFAA)Cybercrime lawsLegal frameworks18 USC 1030
Question #81Disk Forensics
If the partition size Is 4 GB, each cluster will be 32 K. Even If a file needs only 10 K, the entire 32 K will be allocated, resulting In 22 K of___________.
Slack spaceFile system allocationClusters
Question #82Report Writing & Presentation
Deposition enables opposing counsel to preview an expert witness's testimony at trial. Which of the following deposition is not a standard practice?
DepositionExpert Witness TestimonyLegal ProceduresTrial Preparation
Question #83Computer Forensics Investigation Process
Which of the following statements does not support the case assessment?
Case AssessmentForensic Investigation ProcessChain of CustodyEvidence Handling
Question #84Computer Forensics Investigation Process
Windows Security Event Log contains records of login/logout activity or other security- related events specified by the system's audit policy. What does event ID 531 in Windows Sec...
Windows Security Event LogEvent ID 531Logon failuresSecurity auditing
Question #85Computer Forensics Investigation Process
Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following task...
tasklist commandprocess informationWindows commands
Question #86Computer Forensics Investigation Process
The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in...
Apache logsError logsLog analysisServer logs
Question #87Mobile Forensics
A mobile operating system is the operating system that operates a mobile device like a mobile phone, smartphone, PDA, etc. It determines the functions and features available on mob...
Mobile operating systemsOpen sourceAndroidMobile devices
Question #88Computer Forensics Investigation Process
All the Information about the user activity on the network, like details about login and logoff attempts, is collected in the security log of the computer. When a user's login is s...
Windows Event IDsSecurity LogsLogon EventsAuditing
Question #89Network Forensics
P0P3 (Post Office Protocol 3) is a standard protocol for receiving email that deletes mail on the server as soon as the user downloads it. When a message arrives, the POP3 server a...
POP3Port NumbersEmail ProtocolsNetwork Services
Question #90Disk Forensics
JPEG is a commonly used method of compressing photographic Images. It uses a compression algorithm to minimize the size of the natural image, without affecting the quality of the i...
JPEGImage CompressionLossy CompressionCompression Algorithms
Question #91Network Forensics
Jason, a renowned forensic investigator, is investigating a network attack that resulted in the compromise of several systems in a reputed multinational's network. He started Wires...
Network ForensicsDNS PoisoningWiresharkPacket Analysis
Question #92Computer Forensics Investigation Process
In what circumstances would you conduct searches without a warrant?
Warrantless SearchExigent CircumstancesEvidence SeizureLegal Exceptions
Question #93Computer Forensics Investigation Process
First response to an incident may involve three different groups of people, and each will have differing skills and need to carry out differing tasks based on the incident. Who is...
Incident ResponseEvidence CollectionEvidence PreservationDigital Forensics Roles
Question #94Disk Forensics
Quality of a raster Image is determined by the _________________and the amount of information in each pixel.
Raster imagesImage qualityDigital image basicsResolution
Question #95Computer Forensics Investigation Process
What is a chain of custody?
chain of custodyevidence handlingforensic documentationlegal evidence
Question #96Disk Forensics
A steganographic file system is a method to store the files in a way that encrypts and hides the data without the knowledge of others
SteganographyFile SystemsData HidingEncryption
Question #97Disk Forensics
Data is striped at a byte level across multiple drives and parity information is distributed among all member drives. What RAID level is represented here?
RAID levelsData stripingDistributed parityDisk configuration
Question #98Network Forensics
Wi-Fi Protected Access (WPA) is a data encryption method for WLANs based on 802.11 standards. Temporal Key Integrity Protocol (TKIP) enhances WEP by adding a rekeying mechanism to...
WPATKIPWireless EncryptionNetwork Security
Question #99Computer Forensics Investigation Process
Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely...
Email ArchivingLocal ArchivesWebmail ForensicsData Acquisition Challenges
Question #100Disk Forensics
File signature analysis involves collecting information from the __________ of a file to determine the type and function of the file
File signature analysisFile identificationDigital forensics basicsFile headers

PreviousPage 2 of 14Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.