312-49V9 Exam Questions

The MD5 program is used to:

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 server the course of its lifetime?

Why would you need to find out the gateway of a device when investigating a wireless attack?

While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What...

Before you are called to testify as an expert, what must an attorney do first?

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

How many bits is Source Port Number in TCP Header packet?

When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FA...

This type of testimony is presented by someone who does the actual fieldwork and does not offer a view in court.

What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?

You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. Yo...

In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024

You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product...

In the following email header, where did the email first originate from?

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts beh...

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company...

The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. (Note: The o...

What will the following command accomplish in Linux? fdisk /dev/hda

You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most ef...

Why should you note all cable connections for a computer you want to seize as evidence?

What type of analysis helps to identify the time and sequence of events in an investigation?

What operating system would respond to the following command? C:\> nmap -sW 10.10.145.65

One way to identify the presence of hidden partitions on a suspect's hard drive is to:

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vu...

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve t...

What is the first step taken in an investigation for laboratory forensic staff members?

Study the log given below and answer the following question: Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 19...

Sectors in hard disks typically contain how many bytes?

Law enforcement officers are conducting a legal search for which a valid warrant was obtained. While conducting the search, officers observe an item of evidence for an unrelated cr...

The use of warning banners helps a company avoid litigation by overcoming an employees assumed _________ when connecting to the company intranet, network, or virtual private networ...

The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

How many possible sequence number combinations are there in TCP/IP protocol?

Which of the following is NOT a graphics file?

When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a B...

After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?

You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the s...

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to swit...

Software firewalls work at which layer of the OSI model?

Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seein...

What information do you need to recover when searching a victim computer for a crime committed with specific e-mail message?What information do you need to recover when searching a...

Click on the Exhibit Button Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging...

In a FAT32 system, a 123 KB file will use how many sectors?

A law enforcement officer may only search for and seize criminal evidence with _______________________, which are facts or circumstances that would lead a reasonable person to beli...

What does the superblock in Linux define?

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking...

An "idle" system is also referred to as what?

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?