312-49 Exam Questions
696 real 312-49 exam questions with expert-verified answers and explanations. Page 7 of 14.
- Question #301Disk Forensics
The MD5 program is used to:
MD5HashingData IntegrityEvidence Integrity - Question #302Disk Forensics
What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 server the course of its lifetime?
Windows ForensicsUser AccountsRegistry AnalysisSIDs - Question #303Network Forensics
Why would you need to find out the gateway of a device when investigating a wireless attack?
Wireless AttackNetwork ForensicsGatewayAccess Point - Question #304Disk Forensics
While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What...
File system artifactsFile deletionFAT file systemData recovery - Question #305Report Writing & Presentation
Before you are called to testify as an expert, what must an attorney do first?
Expert witnessCourt testimonyLegal procedureQualification - Question #306Computer Forensics Investigation Process
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
MD5HashingChecksumCryptographic Hash Functions - Question #307Network Forensics
How many bits is Source Port Number in TCP Header packet?
TCP HeaderSource Port NumberPacket StructureNetworking Protocols - Question #308Disk Forensics
When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FA...
FAT file systemfile deletiondata recovery principlesdisk artifacts - Question #309Computer Forensics in Today's World
This type of testimony is presented by someone who does the actual fieldwork and does not offer a view in court.
Technical testimonyLegal aspects of forensicsWitness typesCourtroom procedures - Question #310Network Forensics
What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?
Fraggle attackDoS attackUDP spoofingNetwork attacks - Question #311Network Forensics
You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. Yo...
Active Directory EnumerationLDAPldp.exeNetwork Reconnaissance - Question #312Disk Forensics
In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?
File SlackDisk Allocation UnitsCluster Size - Question #313Computer Forensics Investigation Process
What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024
Linux commandsmemory acquisitiondd utility/dev/mem - Question #314Network Forensics
You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product...
Web securityCross-site scripting (XSS)Web vulnerability testingInput validation - Question #315Network Forensics
In the following email header, where did the email first originate from?
Email Header AnalysisNetwork ForensicsEmail TracingSMTP Protocol - Question #316Network Forensics
What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts beh...
Denial of ServiceNetwork attacksFlooding attackRouter security - Question #317Disk Forensics
Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company...
EFS EncryptionData at RestLaptop SecurityData Loss Prevention - Question #318Network Forensics
The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. (Note: The o...
Log analysisNOP sledIDS evasionBuffer overflow - Question #319Disk Forensics
What will the following command accomplish in Linux? fdisk /dev/hda
fdiskdisk partitioningLinux commandsDisk management - Question #320Disk Forensics
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most ef...
Digital evidence acquisitionLarge-scale forensicsSparse copyingForensic efficiency - Question #321Computer Forensics Investigation Process
Why should you note all cable connections for a computer you want to seize as evidence?
Evidence seizureDocumentationScene processingConnectivity analysis - Question #322Computer Forensics Investigation Process
What type of analysis helps to identify the time and sequence of events in an investigation?
Temporal analysisEvent sequencingForensic investigationTimeline analysis - Question #323Network Forensics
What operating system would respond to the following command? C:\> nmap -sW 10.10.145.65
NmapWindow ScanOS FingerprintingNetwork Scanning - Question #324Disk Forensics
One way to identify the presence of hidden partitions on a suspect's hard drive is to:
Hidden partitionsDisk analysisForensic techniquesPartition identification - Question #325Network Forensics
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vu...
Vulnerability ExploitationRemote Code ExecutionPost-ExploitationAttack Chain - Question #326Disk Forensics
Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?
rdisk commandSAM file locationWindows system filesBackup files - Question #327Network Forensics
When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?
Active IDSIntrusion Detection SystemsNetwork Security - Question #328Computer Forensics in Today's World
In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve t...
Computer Forensics definitionDisk data investigationScientific methodsDigital evidence - Question #329Computer Forensics Investigation Process
What is the first step taken in an investigation for laboratory forensic staff members?
Crime scene managementForensic investigation processEvidence collectionFirst responder - Question #330Network Forensics
Study the log given below and answer the following question: Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 19...
DNS SecurityFirewall RulesNetwork ReconnaissanceLog Analysis - Question #331Disk Forensics
Sectors in hard disks typically contain how many bytes?
Hard disk sectorsStorage architectureDisk structureData units - Question #332Computer Forensics Investigation Process
Law enforcement officers are conducting a legal search for which a valid warrant was obtained. While conducting the search, officers observe an item of evidence for an unrelated cr...
Plain view doctrineEvidence admissibilityLegal searchWarrant - Question #333Computer Forensics Investigation Process
The use of warning banners helps a company avoid litigation by overcoming an employees assumed _________ when connecting to the company intranet, network, or virtual private networ...
Employee privacyWarning bannersLegal implicationsNetwork monitoring - Question #334Computer Forensics in Today's World
The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.
Silver-Platter DoctrineLegal principlesEvidence transferPrivate investigation - Question #335Network Forensics
How many possible sequence number combinations are there in TCP/IP protocol?
TCP/IPSequence NumbersNetworking ProtocolsTCP Header - Question #336Disk Forensics
Which of the following is NOT a graphics file?
File formatsFile extensionsGraphics filesDigital forensics fundamentals - Question #337Mobile Forensics
When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a B...
BlackBerry ForensicsMobile Device Data FlowExchange ServerEnterprise Email - Question #338Network Forensics
After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?
DDoS preventionNetwork hardeningBroadcast controlAttack countermeasures - Question #339Disk Forensics
You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the s...
Data AcquisitionBit-stream ImagingForensic DuplicationEvidence Preservation - Question #340Network Forensics
After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to swit...
Null SessionRestrictAnonymousWindows SecurityInformation Gathering - Question #341Network Forensics
Software firewalls work at which layer of the OSI model?
OSI modelSoftware firewallsNetwork securityFirewall operation - Question #342Computer Forensics in Today's World
Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seein...
Web analyticsSEOBacklinksInformation gathering - Question #343Disk Forensics
What information do you need to recover when searching a victim computer for a crime committed with specific e-mail message?What information do you need to recover when searching a...
Email ForensicsDigital Evidence RecoveryEmail Header AnalysisVictim Computer Investigation - Question #344Network Forensics
Click on the Exhibit Button Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging...
Network SecuritySecurity AuditInformation DisclosureLogin Banner Best Practices - Question #345Disk Forensics
In a FAT32 system, a 123 KB file will use how many sectors?
FAT32File SystemsSector AllocationDisk Structure - Question #346Computer Forensics in Today's World
A law enforcement officer may only search for and seize criminal evidence with _______________________, which are facts or circumstances that would lead a reasonable person to beli...
Legal standardsProbable causeSearch and seizureLaw enforcement - Question #347Disk Forensics
What does the superblock in Linux define?
Linux filesystemSuperblockMetadataInode - Question #348Network Forensics
Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking...
Networking protocolsRoutingOSPFNetwork infrastructure - Question #349Malware Forensics
An "idle" system is also referred to as what?
MalwareBotnetCompromised SystemsCybersecurity Terminology - Question #350Computer Forensics Investigation Process
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?
File analysisEvidence interpretationForensic methodology