312-49V8 Exam Questions

File signature analysis involves collecting information from the __________ of a file to determine the type and function of the file

You should always work with original evidence

When a system is compromised, attackers often try to disable auditing, in Windows 7; modifications to the audit policy are recorded as entries of Event ID____________.

Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox, or overwhelm the server where the email address...

Which of the following file in Novel GroupWise stores information about user accounts?

Digital evidence is not fragile in nature.

Which of the following log injection attacks uses white space padding to create unusual log entries?

Which of the following is not correct when documenting an electronic crime scene?

Under no circumstances should anyone, with the exception of qualified computer forensics personnel, make any attempts to restore or recover information from a computer system or de...

Syslog is a client/server protocol standard for forwarding log messages across an IP network. Syslog uses ___________to transfer log messages in a clear text format.

An image is an artifact that reproduces the likeness of some subject. These are produced by optical devices (i.e. cameras, mirrors, lenses, telescopes, and microscopes). Which prop...

Which of the following statements is incorrect related to acquiring electronic evidence at crime scene?

Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with compute...

Which of the following is not a part of the technical specification of the laboratory-based imaging system?

Which of the following is not a part of data acquisition forensics Investigation?

At the time of evidence transfer, both sender and receiver need to give the information about date and time of transfer in the chain of custody record.

Digital photography helps in correcting the perspective of the Image which Is used In taking the measurements of the evidence. Snapshots of the evidence and incident-prone areas ne...

Computer security logs contain information about the events occurring within an organization's systems and networks. Which of the following security logs contains Logs of network a...

What is the "Best Evidence Rule"?

SIM is a removable component that contains essential information about the subscriber. It has both volatile and non-volatile memory. The file system of a SIM resides in ___________...

Which of the following passwords are sent over the wire (and wireless) network, or stored on some media as it is typed without any alteration?

In Windows 7 system files, which file reads the Boot.ini file and loads Ntoskrnl.exe. Bootvid.dll. Hal.dll, and boot-start device drivers?

Networks are vulnerable to an attack which occurs due to overextension of bandwidth, bottlenecks, network data interception, etc. Which of the following network attacks refers to a...

In an echo data hiding technique, the secret message is embedded into a __________as an echo.

Attacker uses vulnerabilities in the authentication or session management functions such as exposed accounts, session IDs, logout, password management, timeouts, remember me. secre...

An Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Which of the foll...

Which is not a part of environmental conditions of a forensics lab?

Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for Images with up to 256 distinct colors per frame.

Cyber-crime is defined as any Illegal act involving a gun, ammunition, or its applications.

In what circumstances would you conduct searches without a warrant?

A computer forensic report is a report which provides detailed information on the complete forensics investigation process.

Data compression involves encoding the data to take up less storage space and less bandwidth for transmission. It helps in saving cost and high data manipulation in many business a...

First responder is a person who arrives first at the crime scene and accesses the victim's computer system after the incident. He or She is responsible for protecting, integrating,...

Hash injection attack allows attackers to inject a compromised hash into a local session and use the hash to validate network resources.

Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith...

Centralized logging is defined as gathering the computer system logs for a group of systems in a centralized location. It is used to efficiently monitor computer system logs with t...

A swap file is a space on a hard disk used as the virtual memory extension of a computer's RAM. Where is the hidden swap file in Windows located?

Which of the following reports are delivered under oath to a board of directors/managers/panel of jury?

Dumpster Diving refers to:

If the partition size Is 4 GB, each cluster will be 32 K. Even If a file needs only 10 K, the entire 32 K will be allocated, resulting In 22 K of___________.

Which of the following Wi-Fi chalking methods refers to drawing symbols in public places to advertise open Wi-Fi networks?

Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain the confidentiality of data.

Identify the attack from following sequence of actions? Step 1: A user logs in to a trusted site and creates a new session Step 2: The trusted site stores a session identifier for...

Router log files provide detailed Information about the network traffic on the Internet. It gives information about the attacks to and from the networks. The router stores log file...

The Recycle Bin is located on the Windows desktop. When you delete an item from the hard disk, Windows sends that deleted item to the Recycle Bin and the icon changes to full from...

Which of the following is not an example of a cyber-crime?

Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, "X" represents the _________.

Which of the following statement is not correct when dealing with a powered-on computer at the crime scene?

Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of ___________.

Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time. Which type of correlation will you use if your...