312-49V9 Exam Questions

The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block?

In Windows Security Event Log, what does an event id of 530 imply?

Which of the following technique creates a replica of an evidence media?

Which among the following search warrants allows the first responder to get the victim's computer information such as service records, billing records, and subscriber information f...

Which of the following tool creates a bit-by-bit image of an evidence media?

What is the location of the binary files required for the functioning of the OS in a Linux system?

Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?

Ivanovich, a forensics investigator, is trying to extract complete information about running processes from a system. Where should he look apart from the RAM and virtual memory?

When marking evidence that has been collected with the "aaa/ddmmyy/nnnn/zz" format, what does the "nnnn" denote?

Which MySQL log file contains information on server start and stop?

Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the siz...

Bob works as information security analyst for a big finance company. One day, the anomaly- based intrusion detection system alerted that a volumetric DDOS targeting the main IP of...

Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?

Which rule requires an original recording to be provided to prove the content of a recording?

The investigator wants to examine changes made to the system's registry by the suspect program. Which of the following tool can help the investigator?

What does the part of the log, "% SEC-6-IPACCESSLOGP", extracted from a Cisco router represent?

Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where "x" represents the ___________________.

Which of the following is an iOS Jailbreaking tool?

Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

What is the default IIS log location?

Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Whic...

Which file is a sequence of bytes organized into blocks understandable by the system's linker?

Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. I...

Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name...

Which among the following files provides email header information in the Microsoft Exchange server?

Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute comma...

What is the size value of a nibble?

Which of the following tool enables a user to reset his/her lost admin password in a Windows system?

Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?

In Steganalysis, which of the following describes a Known-stego attack?

Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system?

Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?

An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party's claim or defense.

Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first respon...

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB fil...

Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?

Which of the following tools will help the investigator to analyze web server logs?

Which of the following files gives information about the client sync sessions in Google Drive on Windows?

Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

Richard is extracting volatile data from a system and uses the command doskey/history. What is he trying to extract?

Jacky encrypts her documents using a password. It is known that she uses her daughter's year of birth as part of the password. Which password cracking technique would be optimal to...

Which of the following tool can the investigator use to analyze the network to detect Trojan activities?

When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called "INFO2" in the Recycled folder. If the INFO2 f...

What is the primary function of the tool CHKDSK in Windows that authenticates the file system reliability of a volume?

Which of the following tool enables data acquisition and duplication?

What does 254 represent in ICCID 89254021520014515744?

Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program. What part of the analysis is he performing?

A master boot record (MBR) is the first sector ("sector zero") of a data storage device. What is the size of MBR?

Which password cracking technique uses every possible combination of character sets?