312-49 Exam Questions
696 real 312-49 exam questions with expert-verified answers and explanations. Page 6 of 14.
- Question #251Computer Forensics Investigation Process
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
Chain of custodyEvidence handlingForensics investigation process - Question #252Computer Forensics Investigation Process
As a CHFI professional, which of the following is the most important to your professional reputation?
Professional ReputationCase ManagementProfessional EthicsCHFI Role - Question #253Malware Forensics
Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible....
Buffer OverflowVulnerability AssessmentC ProgrammingMemory Safety - Question #254Disk Forensics
What type of flash memory card comes in either Type I or Type II and consumes only five percent of the power required by small hard drives?
Flash memoryCompactFlashMemory card typesDigital storage - Question #255Disk Forensics
Where are files temporarily written in Unix when printing?
Unix printingSpool directoryFilesystem hierarchyTemporary files - Question #256Network Forensics
Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his networ...
Firewall typesApplication-level proxyNetwork security controlsFTP traffic filtering - Question #257Disk Forensics
Area density refers to:
Disk StorageData DensityStorage Technology - Question #258Computer Forensics in Today's World
A(n) _____________________ is one that's performed by a computer program rather than the attacker manually performing the steps in the attack sequence.
Automated attacksAttack typesCybersecurity fundamentals - Question #259Computer Forensics in Today's World
Steven has been given the task of designing a computer forensics lab for the company he works for. He has found documentation on all aspects of how to design a lab except the numbe...
Forensics lab designPhysical securityLab access controlSecurity best practices - Question #260Disk Forensics
On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?
Active DirectoryNTLMPassword StorageDomain Controller - Question #261Network Forensics
What will the following URL produce in an unpatched IIS Web Server? co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\
Web Server VulnerabilitiesDirectory TraversalCommand InjectionIIS Security - Question #262Disk Forensics
Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?
File deletion mechanismsData recovery principlesWindows Recycle BinFile system fundamentals - Question #263Disk Forensics
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?
Slack SpaceData RemnantsFile System ForensicsDisk Forensics Concepts - Question #264Network Forensics
What binary coding is used most often for e-mail purposes?
Email encodingMIME standardBinary-to-text encodingEmail attachments - Question #265Disk Forensics
Which part of the Windows Registry contains the user's password file?
Windows RegistryPassword HashesSAM hiveUser Credentials - Question #266Network Forensics
You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printed o...
Email ForensicsEmail Header AnalysisDigital Evidence TrackingInvestigation Process - Question #267Computer Forensics in Today's World
During the course of a corporate investigation, you find that an employee is committing a federal crime. Can the employer file a criminal complain with the police?
Legal AspectsCorporate InvestigationsEvidence AdmissibilityReporting Crime - Question #268Computer Forensics Investigation Process
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective...
evidence typesexculpatory evidenceinvestigation principles - Question #269Computer Forensics Investigation Process
While working for a prosecutor, What do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense ?
Exculpatory EvidenceEthical ObligationsLegal ProcessForensic Professional Conduct - Question #270Computer Forensics Investigation Process
When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase...
Scope CreepInvestigation ManagementForensic ProcessProject Planning - Question #271Computer Forensics in Today's World
The newer Macintosh Operating System (MacOS X) is based on:
Operating SystemsmacOS ArchitectureBSD UnixOS Fundamentals - Question #272Malware Forensics
Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacke...
Forensic profilingAttacker attributionCode analysisMalicious code characteristics - Question #273Computer Forensics Investigation Process
A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is a...
Storage media capacityRemovable mediaData acquisition - Question #274Malware Forensics
In Linux, what is the smallest possible shellcode?
ShellcodeLinuxExploit DevelopmentAssembly - Question #275Network Forensics
After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and sho...
ICMP Ping SweepBroadcast AddressOS Network BehaviorActive Scanning - Question #276Computer Forensics Investigation Process
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
Linux/Unix SecurityWeb Server SecurityPrivilege Escalation PreventionDaemon Privileges - Question #277Disk Forensics
A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the...
Disk ImagingDeleted File RecoveryDigital Evidence PreservationForensic Acquisition - Question #278Disk Forensics
When operating systems mark a cluster as used but not allocated, the cluster is considered as _________
Lost clustersFile systemDisk allocationData inconsistency - Question #279Network Forensics
Where is the startup configuration located on a router?
Router configurationNVRAMNetwork device memoryPersistent storage - Question #280Disk Forensics
When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:
Write BlockerEvidence IntegrityOperating System ArtifactsDisk Acquisition - Question #281Malware Forensics
If you come across a sheepdip machine at your client site, what would you infer?
Sheepdip machineMalware scanningVirus checkingSecurity terminology - Question #282Computer Forensics in Today's World
Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?
Intrusion Detection System (IDS)Anomaly DetectionFalse PositivesHIDS - Question #283Network Forensics
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP program...
Network MonitoringPacket AnalysisSFTPPort Numbers - Question #284Network Forensics
You are assisting in the investigation of a possible Web Server hack. The company who called you stated that customers reported to them that whenever they entered the web address o...
DNS PoisoningNetwork AttackWeb Security - Question #285Network Forensics
You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. Afte...
Network SniffingCredential ExtractionFTP SecurityEttercap - Question #286Network Forensics
If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?
IDLE scanningPort scanningNetwork reconnaissanceIPID (IP Identification) - Question #287Computer Forensics Investigation Process
In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?
Evidence HandlingChain of CustodyCriminal LawCivil Law - Question #288Malware Forensics
Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do not write themselves to the hard drive, if you turn the system off t...
Volatile memory acquisitionMemory forensicsMalware analysisVirtualization forensics - Question #289Computer Forensics Investigation Process
What stage of the incident handling process involves reporting events?
Incident handling processIncident response stagesIdentification stageEvent reporting - Question #290Computer Forensics Investigation Process
Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reach...
Digital Forensics ProcessEvidence AcquisitionForensic ImagingIncident Scene Procedures - Question #291Computer Forensics Investigation Process
Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?
Forensic investigation conceptsIncident scopeInvestigation methodologyForensic terminology - Question #292Network Forensics
George is a senior security analyst working for a state agency in Florida. His state's congress just passed a bill mandating every state agency to undergo a security audit annually...
Intrusion Detection SystemsAnomaly DetectionReal-time MonitoringNetwork Security - Question #293Network Forensics
James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testi...
DoS AttackSmurf AttackICMPNetwork Attacks - Question #294Network Forensics
E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)
Email ForensicsLog AnalysisNetwork Forensics DataDigital Investigation - Question #295Computer Forensics Investigation Process
You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, howeve...
Evidence IntegrityHashingMD5Forensic Procedure - Question #296Disk Forensics
In Microsoft file structures, sectors are grouped together to form:
File SystemsDisk StructureClusters - Question #297Computer Forensics in Today's World
Which response organization tracks hoaxes as well as viruses?
Cybersecurity organizationsIncident responseThreat intelligenceHoaxes - Question #298Network Forensics
You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company yo...
Security AuditsPenetration Testing MethodologyLPT MethodologyNetwork Security - Question #299Disk Forensics
Windows identifies which application to open a file with by examining which of the following?
File extensionFile associationWindows OSFile identification - Question #300Disk Forensics
You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tool...
Disk Imaging AnalysisCommand-line ToolsText SearchForensic Utilities