312-49V9 Exam Questions

You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only...

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used...

When investigating a wireless attack, what information can be obtained from the DHCP logs?

Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The ma...

When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administ...

When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords....

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael cond...

What is the target host IP in the following command? C:\> firewalk -F 80 10.10.150.1 172.16.28.95 -p UDP

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches...

When is it appropriate to use computer forensics?

You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing de...

What feature of Windows is the following command trying to utilize?

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ong...

When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardware write-blocking device to _________

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to per...

You are working as a computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzli...

What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

When discussing the chain of custody in an investigation, what does a link refer to?

Which root folder (hive) of registry editor contains a vast array of configuration information for the system, including hardware settings and software settings?

Operating System logs are most beneficial for Identifying or Investigating suspicious activities involving a particular host. Which of the following Operating System logs contains...

WPA2 provides enterprise and Wi-Fi users with stronger data protection and network access control which of the following encryption algorithm is used DVWPA2?

SIM is a removable component that contains essential information about the subscriber. It has both volatile and non-volatile memory. The file system of a SIM resides in ___________...

Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith...

Volatile information can be easily modified or lost when the system is shut down or rebooted. It helps to determine a logical timeline of the security incident and the users who wo...

Attacker uses vulnerabilities in the authentication or session management functions such as exposed accounts, session IDs, logout, password management, timeouts, remember me. secre...

Which table is used to convert huge word lists (i .e. dictionary files and brute-force lists) into password hashes?

Consistency in the investigative report is more important than the exact format in the report to eliminate uncertainty and confusion.

The Electronic Serial Number (ESN) is a unique __________ recorded on a secure chip in a mobile phone by the manufacturer.

Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time. Which type of correlation will you use if your...

The Recycle Bin is located on the Windows desktop. When you delete an item from the hard disk, Windows sends that deleted item to the Recycle Bin and the icon changes to full from...

The need for computer forensics is highlighted by an exponential increase in the number of cybercrimes and litigations where large organizations were involved. Computer forensics p...

First responder is a person who arrives first at the crime scene and accesses the victim's computer system after the incident. He or She is responsible for protecting, integrating,...

Smith, an employee of a reputed forensic Investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in hacking of organiz...

What document does the screenshot represent?

Watson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format. What type of evidence is this?

Which of the following techniques can be used to beat steganography?

Which of the following options will help users to enable or disable the last access time on a system running Windows 10 OS?

Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. he wants to recover all...

Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, th...

An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?

Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?

Which code does the FAT file system use to mark the file as deleted?

What does the 63.78.199.4(161) denotes in a Cisco router log? Mar 14 22:57:53.425 EST: %SEC-6-IPACCESSLOGP: list internet-inbound denied udp 66.56.16.77(1029) -> 63.78.199.4(161),...

Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

Which of the following commands shows you all of the network services running on Windows- based servers?

Which of the following are small pieces of data sent from a website and stored on the user's computer by the user's web browser to track, validate, and maintain specific user infor...

Pagefile.sys is a virtual memory file used to expand the physical memory of a computer. Select the registry path for the page file:

Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?