312-49 Exam Questions
696 real 312-49 exam questions with expert-verified answers and explanations. Page 3 of 14.
- Question #101Computer Forensics Investigation Process
Email archiving is a systematic approach to save and protect the data contained in emails so that it can tie easily accessed at a later date.
Email archivingData preservationData retention - Question #102Network Forensics
The status of the network interface cards (NICs) connected to a system gives information about whether the system is connected to a wireless access point and what IP address is bei...
Networking CommandsIP ConfigurationNetwork Interface Cards (NICs) - Question #103Computer Forensics Investigation Process
A system with a simple logging mechanism has not been given much attention during development, this system is now being targeted by attackers, if the attacker wants to perform a ne...
Log InjectionLog TamperingVulnerabilityForensic Evidence - Question #104Disk Forensics
When a file or folder is deleted, the complete path, including the original file name, is stored in a special hidden file called "INF02" in the Recycled folder. If the INF02 file i...
Windows operating systemRecycle BinSystem filesFile deletion - Question #105Disk Forensics
Windows Security Accounts Manager (SAM) is a registry file which stores passwords in a hashed format. SAM file in Windows is located at:
Windows SAM fileRegistry locationPassword storageSystem file forensics - Question #106Computer Forensics in Today's World
Which of the following would you consider an aspect of organizational security, especially focusing on IT security?
Organizational SecurityIT SecurityApplication SecuritySecurity Domains - Question #107Computer Forensics Investigation Process
During the seizure of digital evidence, the suspect can be allowed touch the computer system.
Digital Evidence SeizureEvidence IntegrityForensic ProcedureSuspect Handling - Question #108Computer Forensics in Today's World
Which is not a part of environmental conditions of a forensics lab?
Forensics lab setupLab securityEnvironmental controlsPhysical security - Question #109Computer Forensics in Today's World
Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts?
Health and SafetyForensic ProcessEvidence PreservationPersonnel Protection - Question #110Disk Forensics
The Recycle Bin exists as a metaphor for throwing files away, but it also allows user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to...
Recycle BinDeleted File RecoveryWindows ForensicsFile System Artifacts - Question #111Computer Forensics Investigation Process
Which of the following is not correct when documenting an electronic crime scene?
Electronic crime sceneCrime scene documentationDigital evidenceForensic investigation process - Question #112Network Forensics
Determine the message length from following hex viewer record:
HexadecimalNetwork Packet AnalysisProtocol Headers - Question #113Computer Forensics Investigation Process
When collecting evidence from the RAM, where do you look for data?
Memory ForensicsRAM AcquisitionVolatile DataSwap File - Question #114Computer Forensics Investigation Process
What is the first step that needs to be carried out to investigate wireless attacks?
Investigation ProcessLegal ProceduresSearch WarrantWireless Forensics - Question #115Computer Forensics in Today's World
What is cold boot (hard boot)?
cold boothard bootcomputer startupboot process - Question #116Network Forensics
TCP/IP (Transmission Control Protocol/Internet Protocol) is a communication protocol used to connect different hosts in the Internet. It contains four layers, namely the network in...
TCP/IP modelTransport layer protocolsNetworking fundamentalsUDP - Question #117Computer Forensics Investigation Process
Which of the following statements is incorrect when preserving digital evidence?
Digital Evidence PreservationForensic ProceduresEvidence Integrity - Question #118Disk Forensics
You can interact with the Registry through intermediate programs. Graphical user interface (GUI) Registry editors such as Regedit.exe or Regedt32 exe are commonly used as intermedi...
Windows RegistryRegistry HivesOperating System FundamentalsSystem Artifacts - Question #119Computer Forensics in Today's World
Which of the following is not an example of a cyber-crime?
Cybercrime definitionTypes of cybercrimeIllegal activitiesNon-cybercrime - Question #120Computer Forensics in Today's World
Identify the attack from following sequence of actions? Step 1: A user logs in to a trusted site and creates a new session Step 2: The trusted site stores a session identifier for...
CSRFWeb SecurityWeb Application AttacksSession Management - Question #121Disk Forensics
Hard disk data addressing is a method of allotting addresses to each ___________of data on a hard disk
Hard disk addressingPhysical blocksDisk storage fundamentals - Question #122Network Forensics
Computer security logs contain information about the events occurring within an organization's systems and networks. Which of the following security logs contains Logs of network a...
Security logsLog typesSecurity softwareNetwork security - Question #123Network Forensics
Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the...
Windows commandsNetwork sessionsRemote loginSystem access monitoring - Question #124Disk Forensics
Which of the following file in Novel GroupWise stores information about user accounts?
Novell GroupWiseFile StructureUser AccountsEmail Forensics - Question #125Disk Forensics
Billy, a computer forensics expert, has recovered a large number of DBX files during forensic investigation of a laptop. Which of the following email clients he can use to analyze...
Email forensicsDBX filesForensic analysis tools - Question #126Mobile Forensics
Mobile phone forensics is the science of recovering digital evidence from a mobile phone under forensically sound conditions.
Mobile phone forensics definitionDigital evidence recoveryForensically sound conditions - Question #127Disk Forensics
File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?
File deletionNTFSMaster File Table (MFT)File system internals - Question #128Disk Forensics
Raw data acquisition format creates ____________of a data set or suspect drive.
Data acquisitionRaw formatDisk imagingForensic imaging - Question #129Network Forensics
A rogue/unauthorized access point is one that Is not authorized for operation by a particular firm or network
Rogue Access PointUnauthorized Access PointNetwork SecurityNetwork Devices - Question #130Network Forensics
Which of the following passwords are sent over the wire (and wireless) network, or stored on some media as it is typed without any alteration?
Password securityClear textNetwork trafficData storage - Question #131Network Forensics
Wireless network discovery tools use two different methodologies to detect, monitor and log a WLAN device (i.e. active scanning and passive scanning). Active scanning methodology i...
Wireless networkingActive scanningProbe request frameNetwork discovery - Question #132Computer Forensics in Today's World
System software password cracking is defined as cracking the operating system and all other utilities that enable a computer to function
Password crackingSystem softwareOperating system securityForensic definitions - Question #133Disk Forensics
Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for Images with up to 256 distinct colors per frame.
GIF formatImage formatsColor depthBitmap images - Question #134Computer Forensics Investigation Process
Which of the following is not a part of data acquisition forensics Investigation?
Data acquisitionForensic best practicesEvidence integrityChain of custody - Question #135Network Forensics
You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at which sessions the machine has opened wit...
Windows Command LineNetwork ConnectionsServer ForensicsNet Use Command - Question #136Network Forensics
Router log files provide detailed Information about the network traffic on the Internet. It gives information about the attacks to and from the networks. The router stores log file...
Router logsNetwork device forensicsLog storage - Question #137Network Forensics
Netstat is a tool for collecting Information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Wh...
netstat commandNetwork connectionsListening portsProcess identification - Question #138Computer Forensics Investigation Process
At the time of evidence transfer, both sender and receiver need to give the information about date and time of transfer in the chain of custody record.
Chain of CustodyEvidence TransferForensic ProceduresDocumentation - Question #139Network Forensics
Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute comma...
Directory TraversalWeb Application SecurityVulnerabilityPath Traversal - Question #140Disk Forensics
The disk in the disk drive rotates at high speed, and heads in the disk drive are used only to read data.
Hard Disk Drives (HDDs)Disk componentsRead/Write operationsStorage devices - Question #141Network Forensics
The evolution of web services and their increasing use in business offers new attack vectors in an application framework. Web services are based on XML protocols such as web Servic...
Web Services SecurityUDDIInformation DisclosureXML Protocols - Question #142Disk Forensics
A swap file is a space on a hard disk used as the virtual memory extension of a computer's RAM. Where is the hidden swap file in Windows located?
Swap fileVirtual memoryWindows file system - Question #143Malware Forensics
In an echo data hiding technique, the secret message is embedded into a __________as an echo.
Data HidingSteganographyAudio SteganographyEcho Hiding - Question #144Computer Forensics Investigation Process
Log management includes all the processes and techniques used to collect, aggregate, and analyze computer-generated log messages. It consists of the hardware, software, network and...
Log managementLog dataData aggregationLog analysis - Question #145Computer Forensics Investigation Process
Which of the following password cracking techniques works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the passwo...
Password crackingHybrid attackDictionary attackCyber security attacks - Question #146Malware Forensics
What is static executable file analysis?
Static AnalysisMalware AnalysisExecutable Analysis - Question #147Network Forensics
Networks are vulnerable to an attack which occurs due to overextension of bandwidth, bottlenecks, network data interception, etc. Which of the following network attacks refers to a...
IP SpoofingNetwork AttacksImpersonationNetwork Security - Question #148Network Forensics
Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?
Email headersEmail protocolsBounce messages - Question #149Network Forensics
Email spoofing refers to:
Email spoofingEmail securityCybersecurity conceptsNetwork attacks - Question #150Disk Forensics
An image is an artifact that reproduces the likeness of some subject. These are produced by optical devices (i.e. cameras, mirrors, lenses, telescopes, and microscopes). Which prop...
Image PropertiesBit DepthDigital Image Fundamentals