312-49V9 Exam Questions

Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statisti...

NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:

Smith, as a part his forensic investigation assignment, seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data in the mobile device. Smith f...

Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures?

How will you categorize a cybercrime that took place within a CSP's cloud environment?

Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?

The process of restarting a computer that is already turned on through the operating system is called?

Amber, a black hat hacker, has embedded a malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing...

Sectors are pie-shaped regions on a hard disk that store data. Which of the following parts of a hard disk do not contribute in determining the addresses of data?

Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Wh...

Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to anal...

Which network attack is described by the following statement? "At least five Russian major banks came under a continuous hacker attack, although online client services were not dis...

Which of the following is NOT a part of pre-investigation phase?

To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong?

Which tool does the investigator use to extract artifacts left by Google Drive on the system?

BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 mill...

Identify the file system that uses $BitMap file to keep track of all used and unused clusters on a volume.

An investigator has acquired packed software and needed to analyze it for the presence of malice. Which of the following tools can help in finding the packaging software used?

Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his foren...

Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?

A forensic examiner is examining a Windows system seized from a crime scene. During the examination of a suspect file, he discovered that the file is password protected. He tried g...

Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?

You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which amo...

Andie, a network administrator, suspects unusual network services running on a windows system. Which of the following commands should he use to verify unusual network services star...

Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?

Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying t...

Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID "WIN-ABCDE12345F." Which of the following log file...

What must an attorney do first before you are called to testify as an expert?

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devic...

Which of the following is NOT a physical evidence?

During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?

Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. T...

Which of the following is a part of a Solid-State Drive (SSD)?

Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses' testimony during...

Which of the following statements is incorrect when preserving digital evidence?

Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?

Lynne receives the following email: Dear [email protected]! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/...

What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?

Which of the following is a MAC-based File Recovery Tool?

Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the...

When analyzing logs, it is important that the clocks of all the network devices are synchronized. Which protocol will help in synchronizing these clocks?

An International Mobile Equipment Identifier (IMEI) is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digit...

Which of the following is NOT an anti-forensics technique?

Rusty, a computer forensics apprentice, uses the command nbtstat 璫 while analyzing the network information in a suspect system. What information is he looking for?

Gary, a computer technician, is facing allegations of abusing children online by befriending them and sending them illicit adult images from his office computer. What type of inves...

The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in...

Tasklist command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following taskl...

Which part of Metasploit framework helps users to hide the data related to a previously deleted file or currently unused by the allocated file.

Which one of the following is not a first response procedure?