Browse Exams Pricing

Exams312-49Questions

312-49 Exam Questions

696 real 312-49 exam questions with expert-verified answers and explanations. Page 4 of 14.

Question #151Network Forensics
The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format includes basic items, such as client IP address, user name, date and time, service...
IIS LogsLog AnalysisWeb Server Forensics
Question #152Computer Forensics in Today's World
Which of the following Steganography techniques allows you to encode information that ensures creation of cover for secret communication?
SteganographyCover GenerationInformation Hiding
Question #153Computer Forensics Investigation Process
Data files from original evidence should be used for forensics analysis
Evidence handlingForensic integrityOriginal evidenceData preservation
Question #154Disk Forensics
FAT32 is a 32-bit version of FAT file system using smaller clusters and results in efficient storage capacity. What is the maximum drive size supported?
FAT32File SystemsStorage CapacityDisk Forensics
Question #155Computer Forensics Investigation Process
Data acquisition system is a combination of tools or processes used to gather, analyze and record Information about some phenomenon. Different data acquisition system are used depe...
Data acquisitionSerial communicationRS232Forensic tools
Question #156Network Forensics
Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system. Network forensics can reveal: (Select three answers)
Network Forensics capabilitiesAttack source identificationAttack path analysisIntrusion techniques
Question #157Computer Forensics in Today's World
Dumpster Diving refers to:
Dumpster DivingSocial EngineeringPhysical SecurityInformation Gathering
Question #158Network Forensics
Which of the following Wi-Fi chalking methods refers to drawing symbols in public places to advertise open Wi-Fi networks?
WarChalkingWireless securityNetwork reconnaissance
Question #159Disk Forensics
Which of the following is not a part of the technical specification of the laboratory-based imaging system?
Forensic imaging systemData acquisitionLab equipmentEvidence integrity
Question #160Disk Forensics
BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 mill...
BMP file formatFile structureImage analysis
Question #161Computer Forensics Investigation Process
Which of the following statement is not correct when dealing with a powered-on computer at the crime scene?
Crime scene proceduresDigital evidence collectionVolatile dataForensic best practices
Question #162Computer Forensics in Today's World
According to US federal rules, to present a testimony in a court of law, an expert witness needs to furnish certain information to prove his eligibility. Jason, a qualified compute...
Expert WitnessFederal Rules of EvidenceCourtroom TestimonyEligibility Requirements
Question #163Mobile Forensics
Ron. a computer forensics expert, Is Investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence...
IMEI recoveryMobile device identificationGSM codesMobile forensics techniques
Question #164Mobile Forensics
A mobile operating system manages communication between the mobile device and other compatible devices like computers, televisions, or printers. Which mobile operating system archi...
Mobile OSAndroid ArchitectureDevice ConnectivityOperating Systems
Question #165Disk Forensics
Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=40...
Disk Wipingdcfldd commandDisk PreparationLinux Forensics
Question #166Disk Forensics
When examining a file with a Hex Editor, what space does the file header occupy?
File HeaderHex EditorFile StructureDigital Forensics Basics
Question #167Disk Forensics
Paraben Lockdown device uses which operating system to write hard drive data?Paraben? Lockdown device uses which operating system to write hard drive data?
Paraben LockdownWrite BlockersForensic ToolsData Acquisition
Question #168Disk Forensics
What type of file is represented by a colon (:) with a name following it in the Master File Table (MFT) of an NTFS disk?
NTFSMFTAlternate Data StreamsFile System Forensics
Question #169Computer Forensics in Today's World
You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?
Copyright LawIntellectual PropertyLegal FrameworkPublication
Question #170Computer Forensics Investigation Process
What is one method of bypassing a system BIOS password?
BIOS bypassCMOS batteryHardware securityPhysical access
Question #171Network Forensics
When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?
DHCPLog AnalysisNetwork ForensicsIP/MAC Mapping
Question #172Mobile Forensics
What hashing method is used to password protect Blackberry devices?
Blackberry securityPassword hashingSHA-1Mobile device security
Question #173Computer Forensics Investigation Process
Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local poli...
Mobile ForensicsEvidence HandlingScene DocumentationForensic Procedure
Question #174Network Forensics
To check for POP3 traffic using Ethereal, what port should an investigator search by?
POP3Standard portsNetwork traffic analysisEthereal
Question #175Computer Forensics Investigation Process
In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP...
ISPEvidence PreservationLegal ObligationsInvestigation Support
Question #176Computer Forensics in Today's World
What does the acronym POST mean as it relates to a PC?
AcronymsBoot processHardware basicsSystem startup
Question #177Mobile Forensics
What type of equipment would a forensics investigator store in a StrongHold bag?
Faraday bagWireless forensicsEvidence preservationForensic tools
Question #178Computer Forensics Investigation Process
What method of copying should always be performed first before carrying out an investigation?
Digital ForensicsEvidence AcquisitionForensic ImagingBit-stream copy
Question #179Network Forensics
You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doin...
SMTPEmail SpoofingPort NumbersNetwork Protocols
Question #180Computer Forensics Investigation Process
With regard to using an antivirus scanner during a computer forensics investigation, you should:
Antivirus scanningForensics workstation preparationInvestigation best practicesEvidence integrity
Question #181Disk Forensics
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?
Write-blockerEvidence preservationForensic toolsData integrity
Question #182Computer Forensics in Today's World
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
SteganographyData HidingInformation Concealment
Question #183Disk Forensics
A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quali...
Vector graphicsRaster graphicsImage filesFile properties
Question #184Network Forensics
What layer of the OSI model do TCP and UDP utilize?
OSI ModelTCP/UDPNetworking ProtocolsTransport Layer
Question #185Disk Forensics
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud b...
Swapfile analysisVolatile dataForensic artifactsUnsaved data recovery
Question #186Computer Forensics Investigation Process
When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?
Evidence MarkingForensic ProceduresEvidence Handling
Question #187Disk Forensics
When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format?
File SignaturesMagic NumbersJPEG FormatHexadecimal Analysis
Question #188Disk Forensics
Where does Encase search to recover NTFS files and folders?
EnCaseNTFSMFTFile Recovery
Question #189Computer Forensics Investigation Process
To preserve digital evidence, an investigator should ____________
Digital Evidence PreservationForensic ImagingEvidence IntegrityBest Practices
Question #190Disk Forensics
Where is the default location for Apache access logs on a Linux computer?
Apache logsLinux file pathsWeb server administrationLog file locations
Question #191Network Forensics
What is the CIDR from the following screenshot?
CIDRIP AddressingNetworking Fundamentals
Question #192Disk Forensics
How many times can data be written to a DVD+R disk?
DVD+ROptical MediaData StorageWriteability
Question #193Computer Forensics in Today's World
How often must a company keep log files for them to be admissible in a court of law?
Log FilesAdmissibility of EvidenceDigital EvidenceLegal Requirements
Question #194Computer Forensics Investigation Process
When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?vi...
Web ArchivingDigital PreservationInformation GatheringForensic Tools
Question #195Mobile Forensics
When using an iPod and the host computer is running Windows, what file system will be used?
iPod file systemsFAT32Mobile device storageWindows compatibility
Question #196Disk Forensics
Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida. Ha...
SteganographyVisual SemagramForensic EvidenceCovert Communication
Question #197Report Writing & Presentation
Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to pre...
Investigative ReportDocument FormatReport PresentationPDF
Question #198Disk Forensics
What is the smallest physical storage unit on a hard drive?
Hard drive structurePhysical storage unitsSectorData storage
Question #199Disk Forensics
What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?
EnCaseData IntegrityCRCEvidence Acquisition
Question #200Disk Forensics
You are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect house after aYou are called in to assist the police in...
Password cracking methodsBrute forceDictionary attackDigital forensics tools

PreviousPage 4 of 14Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.