312-49 Exam Questions
696 real 312-49 exam questions with expert-verified answers and explanations. Page 5 of 14.
- Question #201Disk Forensics
What is the slave device connected to the secondary IDE controller on a Linux OS referred to?
Linux device namingIDE controllersHard drive identificationOperating system basics - Question #202Computer Forensics Investigation Process
A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT...
Evidence preservationIncident responseDigital forensics best practices - Question #203Computer Forensics Investigation Process
Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in diffe...
Grill CipherCryptographyForensic EvidenceCommunication Analysis - Question #204Disk Forensics
Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?
SteganographyData ConcealmentDigital Forensics - Question #205Disk Forensics
What happens when a file is deleted by a Microsoft operating system using the FAT file system?
FAT file systemFile deletionData recoveryFile system forensics - Question #206Computer Forensics Investigation Process
What must be obtained before an investigation is carried out at a location?
Legal aspectsSearch warrantInvestigation processForensic preparedness - Question #207Disk Forensics
The offset in a hexadecimal code is:
HexadecimalData representationSyntax - Question #208Computer Forensics Investigation Process
When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?
Investigation Best PracticesPreliminary InvestigationsInvestigator StaffingCase Management - Question #209Computer Forensics in Today's World
Davidson Trucking is a small transportation company that has three local offices in Detroit Michigan. Ten female employees that work for the company have gone to an attorney report...
Harassment policyOrganizational accountabilitySupervisor responsibilityWorkplace legal liability - Question #210Disk Forensics
When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?
Disk ForensicsData IntegrityDynamic DisksForensic Best Practices - Question #211Computer Forensics Investigation Process
Why should you never power on a computer that you need to acquire digital evidence from?
Evidence PreservationForensic Acquisition PrinciplesData IntegrityBoot Process Impact - Question #212Network Forensics
What type of attack sends SYN requests to a target system with spoofed IP addresses?
SYN floodDenial of ServiceNetwork attackIP spoofing - Question #213Computer Forensics Investigation Process
What must an investigator do before disconnecting an iPod from any type of computer?
Unmounting devicesData integrityDigital forensics best practicesStorage device handling - Question #214Computer Forensics Investigation Process
Which is a standard procedure to perform during all computer forensics investigations?
Forensic proceduresEvidence preservationSystem clockTimeline correlation - Question #215Disk Forensics
What technique is used by JPEGs for compression?
JPEG CompressionDCTImage Formats - Question #216Disk Forensics
The following is a log file screenshot from a default installation of IIS 6.0. What time standard is used by IIS as seen in the screenshot?
IIS loggingLog analysisTime standardsUTC - Question #217Computer Forensics in Today's World
The efforts to obtain information before a trial by demanding documents, depositions, questions and answers written under oath, written requests for admissions of fact, and examina...
Legal proceduresEvidence collectionPre-trial discoveryForensic legal context - Question #218Malware Forensics
John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf?John is working as a computer forensics in...
Virtual Memory AnalysisMemory ForensicsHidden ProcessesMalware Detection - Question #219Disk Forensics
Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the capacity of the described hard drive? 22,164 cylinders/disk 80 heads/cylinder 63 sectors/trac...
Hard drive capacityDisk geometryStorage calculationCHS addressing - Question #220Disk Forensics
In the following directory listing, which file should be used to restore archived email messages for someone using Microsoft Outlook?
Outlook file formatsEmail data storageData restorationPST files - Question #221Disk Forensics
If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?
CompressionLossy compressionData compression principles - Question #222Disk Forensics
What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?
Password CrackingDistributed ProcessingForensic Tools - Question #223Computer Forensics Investigation Process
Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in...
Data acquisitionForensic toolsEvidence collectionWrite-blocker - Question #224Disk Forensics
What will the following command accomplish? dd if=/dev/xxx of=mbr.backup bs=512 count=1
dd commandMaster Boot Record (MBR)Disk imagingData backup - Question #225Disk Forensics
A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line...
Recycle Bin ForensicsHidden FilesCommand Line ToolsNTFS Structure - Question #226Disk Forensics
During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking en...
Exchange Server ForensicsEmail ForensicsLog File LocationEvidence Collection - Question #227Computer Forensics in Today's World
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and...
Document destructionData sanitizationPhysical securityInformation security policy - Question #228Computer Forensics in Today's World
Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qual...
Expert WitnessEvidence AuthenticationLegal AdmissibilityForensic Testimony - Question #229Network Forensics
At what layer does a cross site scripting attack occur on?
Cross-Site Scripting (XSS)OSI ModelApplication LayerWeb Application Attacks - Question #230Computer Forensics Investigation Process
Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?
Legal proceduresSearch warrantEvidence collectionLaw enforcement - Question #231Computer Forensics Investigation Process
When should an MD5 hash check be performed when processing evidence?
Evidence IntegrityHashingForensic ProceduresData Authentication - Question #232Computer Forensics Investigation Process
An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs the...
Incident ResponseIncident ClassificationResponse Time - Question #233Disk Forensics
What file is processed at the end of a Windows XP boot to initialize the logon dialog box?
Windows XP Boot ProcessLSASS.EXESystem FilesLogon Process - Question #234Network Forensics
An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?
Ping of DeathICMP attacksNetwork forensicsFirewall logs - Question #235Disk Forensics
In the context of file deletion process, which of the following statement holds true?
File deletion processData overwritingForensic data integrityTemporary files - Question #236Disk Forensics
What advantage does the tool Evidor have over the built-in Windows search?
EvidorSlack spaceDisk analysisHidden data - Question #237Network Forensics
George was recently fired from his job as an IT analyst at Pitts and Company in Dallas Texas. His main duties as an analyst were to support the company Active Directory structure a...
Password CrackingRule-based AttackService AccountsInsider Threat - Question #238Mobile Forensics
If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?
Mobile device seizureVolatile data preservationLive acquisitionForensic procedure - Question #239Disk Forensics
An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will no...
Optical MediaData StorageMedia WipingPhysical Storage - Question #240Computer Forensics Investigation Process
If you discover a criminal act while investigating a corporate policy abuse, it becomes a public- sector investigation and should be referred to law enforcement?
Legal implicationsInvestigation handoverCorporate investigationsCriminal investigations - Question #241Disk Forensics
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies...
Disk ImagingSector AddressingForensic Tools - Question #242Network Forensics
Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them...
PhreakingPBX exploitationTelephony hackingNetwork attacks - Question #243Network Forensics
When examining the log files from a Windows IIS Web Server, how often is a new log file created?
IIS logsWeb server loggingLog file managementWindows server forensics - Question #244Network Forensics
You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?
Google DorkingReconnaissanceOutlook Web Access (OWA)Information Gathering - Question #245Computer Forensics in Today's World
To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providi...
NISTForensic tool validationEvidence admissibilityComputer forensics standards - Question #246Computer Forensics in Today's World
You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacturer. While at the corporate office of the company,...
Legal aspectsAttorney-work-product ruleProfessional ethicsInvestigation ethics - Question #247Network Forensics
John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enable...
Network SniffingPassword HashingCredential TheftLophtcrack - Question #248Network Forensics
Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus. He runs the netstat com...
netstatNetwork ConnectionsListening StateIP Addresses - Question #249Disk Forensics
Microsoft Outlook maintains email messages in a proprietary format in what type of file?
Email forensicsPST filesOutlook dataProprietary file formats - Question #250Computer Forensics Investigation Process
You should make at least how many bit-stream copies of a suspect drive?
Bit-stream imagingEvidence acquisitionData preservationForensic best practices