312-49V8 Exam Questions

Which of the following statements does not support the case assessment?

Wireless access control attacks aim to penetrate a network by evading WLAN access control measures, such as AP MAC filters and Wi-Fi port access controls. Which of the following wi...

File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?

What is cold boot (hard boot)?

When a file or folder is deleted, the complete path, including the original file name, is stored in a special hidden file called "INF02" in the Recycled folder. If the INF02 file i...

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network

The ARP table of a router comes in handy for Investigating network attacks, as the table contains IP addresses associated with the respective MAC addresses. The ARP table can be ac...

You can interact with the Registry through intermediate programs. Graphical user interface (GUI) Registry editors such as Regedit.exe or Regedt32 exe are commonly used as intermedi...

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at which sessions the machine has opened wit...

What is a SCSI (Small Computer System Interface)?

The status of the network interface cards (NICs) connected to a system gives information about whether the system is connected to a wireless access point and what IP address is bei...

Which Is a Linux journaling file system?

Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader?

Web applications provide an Interface between end users and web servers through a set of web pages that are generated at the server-end or contain script code to be executed dynami...

Jason, a renowned forensic investigator, is investigating a network attack that resulted in the compromise of several systems in a reputed multinational's network. He started Wires...

Which table is used to convert huge word lists (i .e. dictionary files and brute-force lists) into password hashes?

Data acquisition system is a combination of tools or processes used to gather, analyze and record Information about some phenomenon. Different data acquisition system are used depe...

Which of the following statements is incorrect when preserving digital evidence?

Which of the following would you consider an aspect of organizational security, especially focusing on IT security?

Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correla...

Log management includes all the processes and techniques used to collect, aggregate, and analyze computer-generated log messages. It consists of the hardware, software, network and...

Data files from original evidence should be used for forensics analysis

Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and Identify the attack referred.

Subscriber Identity Module (SIM) is a removable component that contains essential information about the subscriber. Its main function entails authenticating the user of the cell ph...

The Electronic Serial Number (ESN) is a unique __________ recorded on a secure chip in a mobile phone by the manufacturer.

First response to an incident may involve three different groups of people, and each will have differing skills and need to carry out differing tasks based on the incident. Who is...

Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following task...

An expert witness is a witness, who by virtue of education, profession, or experience, is believed to have special knowledge of his/her subject beyond that of the average person, s...

P0P3 (Post Office Protocol 3) is a standard protocol for receiving email that deletes mail on the server as soon as the user downloads it. When a message arrives, the POP3 server a...

Windows Security Event Log contains records of login/logout activity or other security-related events specified by the system's audit policy. What does event ID 531 in Windows Secu...

When collecting evidence from the RAM, where do you look for data?

A rogue/unauthorized access point is one that Is not authorized for operation by a particular firm or network

Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting we...

Deposition enables opposing counsel to preview an expert witness's testimony at trial. Which of the following deposition is not a standard practice?

If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?

Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.

During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible

Which one of the following is not a consideration in a forensic readiness planning checklist?

When collecting electronic evidence at the crime scene, the collection should proceed from the most volatile to the least volatile

Data is striped at a byte level across multiple drives and parity information is distributed among all member drives. What RAID level is represented here?

What is a chain of custody?

Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details...

Email spoofing refers to:

Volatile information can be easily modified or lost when the system is shut down or rebooted. It helps to determine a logical timeline of the security incident and the users who wo...

A steganographic file system is a method to store the files in a way that encrypts and hides the data without the knowledge of others

Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?

Data Acquisition is the process of imaging or otherwise obtaining information from a digital device and its peripheral equipment and media

LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.

Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modi...

Physical security recommendations: There should be only one entrance to a forensics lab