312-49V9 Exam Questions

Which of the following commands shows you all of the network services running on Windows- based servers?

Data compression involves encoding the data to take up less storage space and less bandwidth for transmission. It helps in saving cost and high data manipulation in many business a...

Which of the following statements is incorrect related to acquiring electronic evidence at crime scene?

Centralized logging is defined as gathering the computer system logs for a group of systems in a centralized location. It is used to efficiently monitor computer system logs with t...

Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?

Hash injection attack allows attackers to inject a compromised hash into a local session and use the hash to validate network resources.

Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

Injection flaws are web application vulnerabilities that allow untrusted data to be Interpreted and executed as part of a command or query. Attackers exploit injection flaws by con...

Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correla...

Which of the following commands shows you the NetBIOS name table each?

What is a bit-stream copy?

Which of the following is not a part of disk imaging tool requirements?

Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of ___________.

What is the goal of forensic science?

Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as Identify the attack referred.

Which Is a Linux journaling file system?

Which of the following statements is not a part of securing and evaluating electronic crime scene checklist?

Which of the following log injection attacks uses white space padding to create unusual log entries?

Subscriber Identity Module (SIM) is a removable component that contains essential information about the subscriber. Its main function entails authenticating the user of the cell ph...

Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.

If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?

What is a SCSI (Small Computer System Interface)?

An attack vector is a path or means by which an attacker can gain access to computer or network resources in order to deliver an attack payload or cause a malicious outcome.

Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident.

Digital evidence validation involves using a hashing algorithm utility to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a disk drive o...

LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.

Which of the following attacks allows attacker to acquire access to the communication channels between the victim and server to extract the information?

SMTP (Simple Mail Transfer protocol) receives outgoing mail from clients and validates source and destination addresses, and also sends and receives emails to and from other SMTP s...

In Windows 7 system files, which file reads the Boot.ini file and loads Ntoskrnl.exe. Bootvid.dll. Hal.dll, and boot-start device drivers?

What is the "Best Evidence Rule"?

What is the First Step required in preparing a computer for forensics investigation?

What is the smallest allocation unit of a hard disk?

An Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Which of the foll...

An expert witness is a witness, who by virtue of education, profession, or experience, is believed to have special knowledge of his/her subject beyond that of the average person, s...

Physical security recommendations: There should be only one entrance to a forensics lab

When dealing with the powered-off computers at the crime scene, if the computer is switched off, turn it on

Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details...

A forensic investigator is a person who handles the complete Investigation process, that is, the preservation, identification, extraction, and documentation of the evidence. The in...

Digital photography helps in correcting the perspective of the Image which Is used In taking the measurements of the evidence. Snapshots of the evidence and incident-prone areas ne...

Which one of the following is not a consideration in a forensic readiness planning checklist?

Shortcuts are the files with the extension .Ink that are created and are accessed by the users. These files provide you with information about:

A computer forensic report is a report which provides detailed information on the complete forensics investigation process.

Which one of the following statements is not correct while preparing for testimony?

Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting we...

An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthori...

What is a first sector ("sector zero") of a hard disk?

Ever-changing advancement or mobile devices increases the complexity of mobile device examinations. Which or the following is an appropriate action for the mobile forensic investig...

Which of the following is the certifying body of forensics labs that investigate criminal cases by analyzing evidence?

When a system is compromised, attackers often try to disable auditing, in Windows 7; modifications to the audit policy are recorded as entries of Event ID____________.

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network