312-49V9 Exam Questions

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

As a CHFI professional, which of the following is the most important to your professional reputation?

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible....

What type of flash memory card comes in either Type I or Type II and consumes only five percent of the power required by small hard drives?

Where are files temporarily written in Unix when printing?

Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his networ...

Area density refers to:

A(n) _____________________ is one that's performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

Steven has been given the task of designing a computer forensics lab for the company he works for. He has found documentation on all aspects of how to design a lab except the numbe...

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

What will the following URL produce in an unpatched IIS Web Server? co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

What binary coding is used most often for e-mail purposes?

Which part of the Windows Registry contains the user's password file?

You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printed o...

During the course of a corporate investigation, you find that an employee is committing a federal crime. Can the employer file a criminal complain with the police?

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective...

While working for a prosecutor, What do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense ?

When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase...

The newer Macintosh Operating System (MacOS X) is based on:

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacke...

A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is a...

In Linux, what is the smallest possible shellcode?

After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and sho...

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the...

When operating systems mark a cluster as used but not allocated, the cluster is considered as _________

Where is the startup configuration located on a router?

When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

If you come across a sheepdip machine at your client site, what would you infer?

Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP program...

You are assisting in the investigation of a possible Web Server hack. The company who called you stated that customers reported to them that whenever they entered the web address o...

You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. Afte...

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do not write themselves to the hard drive, if you turn the system off t...

What stage of the incident handling process involves reporting events?

Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reach...

Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

George is a senior security analyst working for a state agency in Florida. His state's congress just passed a bill mandating every state agency to undergo a security audit annually...

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testi...

E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)

You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, howeve...

In Microsoft file structures, sectors are grouped together to form:

Which response organization tracks hoaxes as well as viruses?

You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company yo...

Windows identifies which application to open a file with by examining which of the following?

You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tool...