312-49V9 Exam Questions

Email archiving is a systematic approach to save and protect the data contained in emails so that it can tie easily accessed at a later date.

The status of the network interface cards (NICs) connected to a system gives information about whether the system is connected to a wireless access point and what IP address is bei...

A system with a simple logging mechanism has not been given much attention during development, this system is now being targeted by attackers, if the attacker wants to perform a ne...

When a file or folder is deleted, the complete path, including the original file name, is stored in a special hidden file called "INF02" in the Recycled folder. If the INF02 file i...

Windows Security Accounts Manager (SAM) is a registry file which stores passwords in a hashed format. SAM file in Windows is located at:

Which of the following would you consider an aspect of organizational security, especially focusing on IT security?

During the seizure of digital evidence, the suspect can be allowed touch the computer system.

Which is not a part of environmental conditions of a forensics lab?

Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts?

The Recycle Bin exists as a metaphor for throwing files away, but it also allows user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to...

Which of the following is not correct when documenting an electronic crime scene?

Determine the message length from following hex viewer record:

When collecting evidence from the RAM, where do you look for data?

What is the first step that needs to be carried out to investigate wireless attacks?

What is cold boot (hard boot)?

TCP/IP (Transmission Control Protocol/Internet Protocol) is a communication protocol used to connect different hosts in the Internet. It contains four layers, namely the network in...

Which of the following statements is incorrect when preserving digital evidence?

You can interact with the Registry through intermediate programs. Graphical user interface (GUI) Registry editors such as Regedit.exe or Regedt32 exe are commonly used as intermedi...

Which of the following is not an example of a cyber-crime?

Identify the attack from following sequence of actions? Step 1: A user logs in to a trusted site and creates a new session Step 2: The trusted site stores a session identifier for...

Hard disk data addressing is a method of allotting addresses to each ___________of data on a hard disk

Computer security logs contain information about the events occurring within an organization's systems and networks. Which of the following security logs contains Logs of network a...

Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the...

Which of the following file in Novel GroupWise stores information about user accounts?

Billy, a computer forensics expert, has recovered a large number of DBX files during forensic investigation of a laptop. Which of the following email clients he can use to analyze...

Mobile phone forensics is the science of recovering digital evidence from a mobile phone under forensically sound conditions.

File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?

Raw data acquisition format creates ____________of a data set or suspect drive.

A rogue/unauthorized access point is one that Is not authorized for operation by a particular firm or network

Which of the following passwords are sent over the wire (and wireless) network, or stored on some media as it is typed without any alteration?

Wireless network discovery tools use two different methodologies to detect, monitor and log a WLAN device (i.e. active scanning and passive scanning). Active scanning methodology i...

System software password cracking is defined as cracking the operating system and all other utilities that enable a computer to function

Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for Images with up to 256 distinct colors per frame.

Which of the following is not a part of data acquisition forensics Investigation?

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at which sessions the machine has opened wit...

Router log files provide detailed Information about the network traffic on the Internet. It gives information about the attacks to and from the networks. The router stores log file...

Netstat is a tool for collecting Information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Wh...

At the time of evidence transfer, both sender and receiver need to give the information about date and time of transfer in the chain of custody record.

Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute comma...

The disk in the disk drive rotates at high speed, and heads in the disk drive are used only to read data.

The evolution of web services and their increasing use in business offers new attack vectors in an application framework. Web services are based on XML protocols such as web Servic...

A swap file is a space on a hard disk used as the virtual memory extension of a computer's RAM. Where is the hidden swap file in Windows located?

In an echo data hiding technique, the secret message is embedded into a __________as an echo.

Log management includes all the processes and techniques used to collect, aggregate, and analyze computer-generated log messages. It consists of the hardware, software, network and...

Which of the following password cracking techniques works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the passwo...

What is static executable file analysis?

Networks are vulnerable to an attack which occurs due to overextension of bandwidth, bottlenecks, network data interception, etc. Which of the following network attacks refers to a...

Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?

Email spoofing refers to:

An image is an artifact that reproduces the likeness of some subject. These are produced by optical devices (i.e. cameras, mirrors, lenses, telescopes, and microscopes). Which prop...