312-49V9 Exam Questions

Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, "X" represents the _________.

Wireless access control attacks aim to penetrate a network by evading WLAN access control measures, such as AP MAC filters and Wi-Fi port access controls. Which of the following wi...

When collecting electronic evidence at the crime scene, the collection should proceed from the most volatile to the least volatile

Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?

Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?

When NTFS Is formatted, the format program assigns the __________ sectors to the boot sectors and to the bootstrap code

The ARP table of a router comes in handy for Investigating network attacks, as the table contains IP addresses associated with the respective MAC addresses. The ARP table can be ac...

International Mobile Equipment Identifier (IMEI) is a 15-dlgit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits o...

Who is responsible for the following tasks? - Secure the scene and ensure that it is maintained In a secure state until the Forensic Team advises - Make notes about the scene that...

Which of the following reports are delivered under oath to a board of directors/managers/panel of jury?

You should always work with original evidence

How do you define forensic computing?

Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader?

What is the first step that needs to be carried out to crack the password?

During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible

Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modi...

Damaged portions of a disk on which no read/Write operation can be performed is known as ______________.

Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox, or overwhelm the server where the email address...

Web applications provide an Interface between end users and web servers through a set of web pages that are generated at the server-end or contain script code to be executed dynami...

Data Acquisition is the process of imaging or otherwise obtaining information from a digital device and its peripheral equipment and media

Under no circumstances should anyone, with the exception of qualified computer forensics personnel, make any attempts to restore or recover information from a computer system or de...

In which step of the computer forensics investigation methodology would you run MD5 checksum on the evidence?

Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain the confidentiality of data.

When the operating system marks cluster as used, but does not allocate them to any file, such clusters are known as ___________.

Cyber-crime is defined as any Illegal act involving a gun, ammunition, or its applications.

Syslog is a client/server protocol standard for forwarding log messages across an IP network. Syslog uses ___________to transfer log messages in a clear text format.

How do you define Technical Steganography?

Digital evidence is not fragile in nature.

Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with compute...

If the partition size Is 4 GB, each cluster will be 32 K. Even If a file needs only 10 K, the entire 32 K will be allocated, resulting In 22 K of___________.

Deposition enables opposing counsel to preview an expert witness's testimony at trial. Which of the following deposition is not a standard practice?

Which of the following statements does not support the case assessment?

Windows Security Event Log contains records of login/logout activity or other security- related events specified by the system's audit policy. What does event ID 531 in Windows Sec...

Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following task...

The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in...

A mobile operating system is the operating system that operates a mobile device like a mobile phone, smartphone, PDA, etc. It determines the functions and features available on mob...

All the Information about the user activity on the network, like details about login and logoff attempts, is collected in the security log of the computer. When a user's login is s...

P0P3 (Post Office Protocol 3) is a standard protocol for receiving email that deletes mail on the server as soon as the user downloads it. When a message arrives, the POP3 server a...

JPEG is a commonly used method of compressing photographic Images. It uses a compression algorithm to minimize the size of the natural image, without affecting the quality of the i...

Jason, a renowned forensic investigator, is investigating a network attack that resulted in the compromise of several systems in a reputed multinational's network. He started Wires...

In what circumstances would you conduct searches without a warrant?

First response to an incident may involve three different groups of people, and each will have differing skills and need to carry out differing tasks based on the incident. Who is...

Quality of a raster Image is determined by the _________________and the amount of information in each pixel.

What is a chain of custody?

A steganographic file system is a method to store the files in a way that encrypts and hides the data without the knowledge of others

Data is striped at a byte level across multiple drives and parity information is distributed among all member drives. What RAID level is represented here?

Wi-Fi Protected Access (WPA) is a data encryption method for WLANs based on 802.11 standards. Temporal Key Integrity Protocol (TKIP) enhances WEP by adding a rekeying mechanism to...

Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely...

File signature analysis involves collecting information from the __________ of a file to determine the type and function of the file