New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

312-49v9 Computer Hacking Forensic Investigator (v9) Questions and Answers

Questions 4

Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused.

In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case?

Options:

A.

Grill cipher

B.

Null cipher

C.

Text semagram

D.

Visual semagram

Buy Now
Questions 5

What is the primary function of the tool CHKDSK in Windows that authenticates the file system reliability of a volume?

Options:

A.

Repairs logical file system errors

B.

Check the disk for hardware errors

C.

Check the disk for connectivity errors

D.

Check the disk for Slack Space

Buy Now
Questions 6

Which MySQL log file contains information on server start and stop?

Options:

A.

Slow query log file

B.

General query log file

C.

Binary log

D.

Error log file

Buy Now
Questions 7

Which code does the FAT file system use to mark the file as deleted?

Options:

A.

ESH

B.

5EH

C.

H5E

D.

E5H

Buy Now
Questions 8

Why should you never power on a computer that you need to acquire digital evidence from?

Options:

A.

When the computer boots up, files are written to the computer rendering the data nclean

B.

When the computer boots up, the system cache is cleared which could destroy evidence

C.

When the computer boots up, data in the memory buffer is cleared which could destroy evidence

D.

Powering on a computer has no affect when needing to acquire digital evidence from it

Buy Now
Questions 9

Which of the following is an iOS Jailbreaking tool?

Options:

A.

Kingo Android ROOT

B.

Towelroot

C.

One Click Root

D.

Redsn0w

Buy Now
Questions 10

When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?

Options:

A.

One

B.

Two

C.

Three

D.

Four

Buy Now
Questions 11

When using an iPod and the host computer is running Windows, what file system will be used?

Options:

A.

iPod+

B.

HFS

C.

FAT16

D.

FAT32

Buy Now
Questions 12

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file. What kind of picture is this file?

Options:

A.

Raster image

B.

Vector image

C.

Metafile image

D.

Catalog image

Buy Now
Questions 13

While collecting Active Transaction Logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, assigning NULL values implies?

Options:

A.

Start and end points for log sequence numbers are specified

B.

Start and end points for log files are not specified

C.

Start and end points for log files are specified

D.

Start and end points for log sequence numbers are not specified

Buy Now
Questions 14

Which forensic investigation methodology believes that criminals commit crimes solely to benefit their criminal enterprises?

Options:

A.

Scientific Working Group on Digital Evidence

B.

Daubert Standard

C.

Enterprise Theory of Investigation

D.

Fyre Standard

Buy Now
Questions 15

Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?

Options:

A.

Model.log

B.

Model.txt

C.

Model.ldf

D.

Model.lgf

Buy Now
Questions 16

> NMAP -sn 192.168.11.200-215 The NMAP command above performs which of the following?

Options:

A.

A trace sweep

B.

A port scan

C.

A ping scan

D.

An operating system detect

Buy Now
Questions 17

Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?

Options:

A.

Proprietary Format

B.

Generic Forensic Zip (gfzip)

C.

Advanced Forensic Framework 4

D.

Advanced Forensics Format (AFF)

Buy Now
Questions 18

Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

Options:

A.

Physical block

B.

Operating system block

C.

Hard disk block

D.

Logical block

Buy Now
Questions 19

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees don’t like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

Options:

A.

tcp.port = 23

B.

tcp.port == 21

C.

tcp.port == 21 || tcp.port == 22

D.

tcp.port != 21

Buy Now
Questions 20

Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?

Options:

A.

Server storage archives are the server information and settings stored on a local system, whereas the local archives are the local email client information stored on the mail server

B.

It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers

C.

Local archives should be stored together with the server storage archives in order to be admissible in a court of law

D.

Local archives do not have evidentiary value as the email client may alter the message data

Buy Now
Questions 21

Which among the following web application threats is resulted when developers expose various internal implementation objects, such as files, directories, database records, or key-through references?

Options:

A.

Remote File Inclusion

B.

Cross Site Scripting

C.

Insecure Direct Object References

D.

Cross Site Request Forgery

Buy Now
Questions 22

Which among the following U.S. laws requires financial institutions—companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance—to protect their customers’ information against security threats?

Options:

A.

SOX

B.

HIPAA

C.

GLBA

D.

FISMA

Buy Now
Questions 23

POP3 is an Internet protocol, which is used to retrieve emails from a mail server. Through which port does an email client connect with a POP3 server?

Options:

A.

110

B.

143

C.

25

D.

993

Buy Now
Questions 24

Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?

Options:

A.

Civil Investigation

B.

Administrative Investigation

C.

Both Civil and Criminal Investigations

D.

Criminal Investigation

Buy Now
Questions 25

Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

Options:

A.

SWGDE & SWGIT

B.

Daubert

C.

Frye

D.

IOCE

Buy Now
Questions 26

What document does the screenshot represent?

Options:

A.

Expert witness form

B.

Search warrant form

C.

Chain of custody form

D.

Evidence collection form

Buy Now
Questions 27

Which of the following is a tool to reset Windows admin password?

Options:

A.

R-Studio

B.

Windows Password Recovery Bootdisk

C.

Windows Data Recovery Software

D.

TestDisk for Windows

Buy Now
Questions 28

In which cloud crime do attackers try to compromise the security of the cloud environment in order to steal data or inject a malware?

Options:

A.

Cloud as an Object

B.

Cloud as a Tool

C.

Cloud as an Application

D.

Cloud as a Subject

Buy Now
Questions 29

An investigator has acquired packed software and needed to analyze it for the presence of malice. Which of the following tools can help in finding the packaging software used?

Options:

A.

SysAnalyzer

B.

PEiD

C.

Comodo Programs Manager

D.

Dependency Walker

Buy Now
Questions 30

Which command line tool is used to determine active network connections?

Options:

A.

netsh

B.

nbstat

C.

nslookup

D.

netstat

Buy Now
Questions 31

If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.

Options:

A.

Slack space

B.

Deleted space

C.

Sector space

D.

Cluster space

Buy Now
Questions 32

During the trial, an investigator observes that one of the principal witnesses is severely ill and cannot be present for the hearing. He decides to record the evidence and present it to the court. Under which rule should he present such evidence?

Options:

A.

Rule 1003: Admissibility of Duplicates

B.

Limited admissibility

C.

Locard’s Principle

D.

Hearsay

Buy Now
Questions 33

Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?

Options:

A.

TestDisk for Windows

B.

R-Studio

C.

Windows Password Recovery Bootdisk

D.

Passware Kit Forensic

Buy Now
Questions 34

As part of extracting the system data, Jenifer has used the netstat command. What does this tool reveal?

Options:

A.

Status of users connected to the internet

B.

Net status of computer usage

C.

Information about network connections

D.

Status of network hardware

Buy Now
Questions 35

Which of the following files contains the traces of the applications installed, run, or uninstalled from a system?

Options:

A.

Virtual Files

B.

Image Files

C.

Shortcut Files

D.

Prefetch Files

Buy Now
Questions 36

Which of the following is a precomputed table containing word lists like dictionary files and brute force lists and their hash values?

Options:

A.

Directory Table

B.

Rainbow Table

C.

Master file Table (MFT)

D.

Partition Table

Buy Now
Questions 37

James, a hacker, identifies a vulnerability in a website. To exploit the vulnerability, he visits the login page and notes down the session ID that is created. He appends this session ID to the login URL and shares the link with a victim. Once the victim logs into the website using the shared URL, James reloads the webpage (containing the URL with the session ID appended) and now, he can browse the active session of the victim. Which attack did James successfully execute?

Options:

A.

Cross Site Request Forgery

B.

Cookie Tampering

C.

Parameter Tampering

D.

Session Fixation Attack

Buy Now
Questions 38

Which of the following attack uses HTML tags like ?

Options:

A.

Phishing

B.

XSS attack

C.

SQL injection

D.

Spam

Buy Now
Questions 39

When a user deletes a file, the system creates a $I file to store its details. What detail does the $I file not contain?

Options:

A.

File Size

B.

File origin and modification

C.

Time and date of deletion

D.

File Name

Buy Now
Questions 40

Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?

Options:

A.

File fingerprinting

B.

Identifying file obfuscation

C.

Static analysis

D.

Dynamic analysis

Buy Now
Questions 41

The MAC attributes are timestamps that refer to a time at which the file was last modified or last accessed or originally created. Which of the following file systems store MAC attributes in Coordinated Universal Time (UTC) format?

Options:

A.

File Allocation Table (FAT

B.

New Technology File System (NTFS)

C.

Hierarchical File System (HFS)

D.

Global File System (GFS)

Buy Now
Questions 42

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?

Options:

A.

Smurf

B.

Trinoo

C.

Fraggle

D.

SYN flood

Buy Now
Questions 43

Which U.S. law sets the rules for sending emails for commercial purposes, establishes the minimum requirements for commercial messaging, gives the recipients of emails the right to ask the senders to stop emailing them, and spells out the penalties in case the above said rules are violated?

Options:

A.

NO-SPAM Act

B.

American: NAVSO P-5239-26 (RLL)

C.

CAN-SPAM Act

D.

American: DoD 5220.22-M

Buy Now
Questions 44

When reviewing web logs, you see an entry for resource not found in the HTTP status code filed.

What is the actual error code that you would see in the log for resource not found?

Options:

A.

202

B.

404

C.

505

D.

909

Buy Now
Questions 45

When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.

Options:

A.

Hard Drive Failure

B.

Scope Creep

C.

Unauthorized expenses

D.

Overzealous marketing

Buy Now
Questions 46

The police believe that Melvin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

Options:

A.

The Fourth Amendment

B.

The USA patriot Act

C.

The Good Samaritan Laws

D.

The Federal Rules of Evidence

Buy Now
Questions 47

Why is it a good idea to perform a penetration test from the inside?

Options:

A.

It is never a good idea to perform a penetration test from the inside

B.

Because 70% of attacks are from inside the organization

C.

To attack a network from a hacker's perspective

D.

It is easier to hack from the inside

Buy Now
Questions 48

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

Options:

A.

The zombie will not send a response

B.

31402

C.

31399

D.

31401

Buy Now
Questions 49

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

Options:

A.

ICMP header field

B.

TCP header field

C.

IP header field

D.

UDP header field

Buy Now
Questions 50

What operating system would respond to the following command?

Options:

A.

Windows 95

B.

FreeBSD

C.

Windows XP

D.

Mac OS X

Buy Now
Questions 51

While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?

Options:

A.

Keep the information of file for later review

B.

Destroy the evidence

C.

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.

Present the evidence to the defense attorney

Buy Now
Questions 52

What information do you need to recover when searching a victim’s computer for a crime committed with specific e-mail message?

Options:

A.

Internet service provider information

B.

E-mail header

C.

Username and password

D.

Firewall log

Buy Now
Questions 53

The objective of this act was to protect consumers’ personal financial information held by financial institutions and their service providers.

Options:

A.

Gramm-Leach-Bliley Act

B.

Sarbanes-Oxley 2002

C.

California SB 1386

D.

HIPAA

Buy Now
Questions 54

From the following spam mail header, identify the host IP that sent this spam?

From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001

Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk

(8.11.6/8.11.6) with ESMTP id

fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)

Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by

viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1)

with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)

Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk

From: "china hotel web"

To: "Shlam"

Subject: SHANGHAI (HILTON HOTEL) PACKAGE

Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0

X-Priority: 3 X-MSMail-

Priority: Normal

Reply-To: "china hotel web"

Options:

A.

137.189.96.52

B.

8.12.1.0

C.

203.218.39.20

D.

203.218.39.50

Buy Now
Questions 55

Which part of the Windows Registry contains the user's password file?

Options:

A.

HKEY_LOCAL_MACHINE

B.

HKEY_CURRENT_CONFIGURATION

C.

HKEY_USER

D.

HKEY_CURRENT_USER

Buy Now
Questions 56

Jonathan is a network administrator who is currently testing the internal security of his network. He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?

Options:

A.

Only an HTTPS session can be hijacked

B.

HTTP protocol does not maintain session

C.

Only FTP traffic can be hijacked

D.

Only DNS traffic can be hijacked

Buy Now
Questions 57

The use of warning banners helps a company avoid litigation by overcoming an employee assumed __________________________. When connecting to the company's intranet, network or Virtual Private Network(VPN) and will allow the company's investigators to monitor, search and retrieve information stored within the network.

Options:

A.

Right to work

B.

Right of free speech

C.

Right to Internet Access

D.

Right of Privacy

Buy Now
Questions 58

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

Options:

A.

Linux/Unix computers are easier to compromise

B.

Linux/Unix computers are constantly talking

C.

Windows computers are constantly talking

D.

Windows computers will not respond to idle scans

Buy Now
Questions 59

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:

http://172.168.4.131/level/99/exec/show/config

After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

Options:

A.

HTTP Configuration Arbitrary Administrative Access Vulnerability

B.

HTML Configuration Arbitrary Administrative Access Vulnerability

C.

Cisco IOS Arbitrary Administrative Access Online Vulnerability

D.

URL Obfuscation Arbitrary Administrative Access Vulnerability

Buy Now
Questions 60

After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks.

What countermeasures could he take to prevent DDoS attacks?

Options:

A.

Enable direct broadcasts

B.

Disable direct broadcasts

C.

Disable BGP

D.

Enable BGP

Buy Now
Questions 61

The following excerpt is taken from a honeypot log. The log captures activities across three days.

There are several intrusion attempts; however, a few are successful.

(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)

Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169

Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482

Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53

Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21

Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53

Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111

Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80

Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)

Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)

Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080

Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

From the options given below choose the one which best interprets the following entry:

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

Options:

A.

An IDS evasion technique

B.

A buffer overflow attempt

C.

A DNS zone transfer

D.

Data being retrieved from 63.226.81.13

Buy Now
Questions 62

When examining a file with a Hex Editor, what space does the file header occupy?

Options:

A.

the last several bytes of the file

B.

the first several bytes of the file

C.

none, file headers are contained in the FAT

D.

one byte at the beginning of the file

Buy Now
Questions 63

A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

Options:

A.

They examined the actual evidence on an unrelated system

B.

They attempted to implicate personnel without proof

C.

They tampered with evidence by using it

D.

They called in the FBI without correlating with the fingerprint data

Buy Now
Questions 64

George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?

Options:

A.

Nessus is too loud

B.

Nessus cannot perform wireless testing

C.

Nessus is not a network scanner

D.

There are no ways of performing a "stealthy" wireless scan

Buy Now
Questions 65

You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

Options:

A.

The tool hasn't been tested by the International Standards Organization (ISO)

B.

Only the local law enforcement should use the tool

C.

The total has not been reviewed and accepted by your peers

D.

You are not certified for using the tool

Buy Now
Questions 66

Windows identifies which application to open a file with by examining which of the following?

Options:

A.

The File extension

B.

The file attributes

C.

The file Signature at the end of the file

D.

The file signature at the beginning of the file

Buy Now
Questions 67

With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.

Options:

A.

0

B.

10

C.

100

D.

1

Buy Now
Questions 68

Law enforcement officers are conducting a legal search for which a valid warrant was obtained.

While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

Options:

A.

Plain view doctrine

B.

Corpus delicti

C.

Locard Exchange Principle

D.

Ex Parte Order

Buy Now
Questions 69

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers.

Bill protects the PDF documents with a password and sends them to their intended recipients.

Why PDF passwords do not offer maximum protection?

Options:

A.

PDF passwords can easily be cracked by software brute force tools

B.

PDF passwords are converted to clear text when sent through E-mail

C.

PDF passwords are not considered safe by Sarbanes-Oxley

D.

When sent through E-mail, PDF passwords are stripped from the document completely

Buy Now
Questions 70

What happens when a file is deleted by a Microsoft operating system using the FAT file system?

Options:

A.

only the reference to the file is removed from the FAT

B.

the file is erased and cannot be recovered

C.

a copy of the file is stored and the original file is erased

D.

the file is erased but can be recovered

Buy Now
Questions 71

In Linux, what is the smallest possible shellcode?

Options:

A.

24 bytes

B.

8 bytes

C.

800 bytes

D.

80 bytes

Buy Now
Questions 72

Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

Options:

A.

Entrapment

B.

Enticement

C.

Intruding into a honeypot is not illegal

D.

Intruding into a DMZ is not illegal

Buy Now
Questions 73

Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

Options:

A.

The data is still present until the original location of the file is used

B.

The data is moved to the Restore directory and is kept there indefinitely

C.

The data will reside in the L2 cache on a Windows computer until it is manually deleted

D.

It is not possible to recover data that has been emptied from the Recycle Bin

Buy Now
Questions 74

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

Options:

A.

Volume Boot Record

B.

Master Boot Record

C.

GUID Partition Table

D.

Master File Table

Buy Now
Questions 75

What will the following Linux command accomplish?

dd if=/dev/mem of=/home/sam/mem.bin bs=1024

Options:

A.

Copy the master boot record to a file

B.

Copy the contents of the system folder to a file

C.

Copy the running memory to a file

D.

Copy the memory dump file to an image file

Buy Now
Questions 76

Which tool does the investigator use to extract artifacts left by Google Drive on the system?

Options:

A.

PEBrowse Professional

B.

RegScanner

C.

RAM Capturer

D.

Dependency Walker

Buy Now
Questions 77

Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?

Options:

A.

Accunetix

B.

Nikto

C.

Snort

D.

Kismet

Buy Now
Questions 78

What hashing method is used to password protect Blackberry devices?

Options:

A.

AES

B.

RC5

C.

MD5

D.

SHA-1

Buy Now
Questions 79

What does the part of the log, “% SEC-6-IPACCESSLOGP”, extracted from a Cisco router represent?

Options:

A.

The system was not able to process the packet because there was not enough room for all of the desired IP header options

B.

Immediate action required messages

C.

Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available

D.

A packet matching the log criteria for the given access list has been detected (TCP or UDP)

Buy Now
Questions 80

When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

 

Options:

A.

The year the evidence was taken

B.

The sequence number for the parts of the same exhibit

C.

The initials of the forensics analyst

D.

The sequential number of the exhibits seized

Buy Now
Questions 81

In the following email header, where did the email first originate from?

Options:

A.

Somedomain.com

B.

Smtp1.somedomain.com

C.

Simon1.state.ok.gov.us

D.

David1.state.ok.gov.us

Buy Now
Questions 82

Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

Options:

A.

Data collection

B.

Secure the evidence

C.

First response

D.

Data analysis

Buy Now
Questions 83

Which of the following commands shows you all of the network services running on Windows-based servers?

Options:

A.

Netstart

B.

Net Session

C.

Net use

D.

Net config

Buy Now
Questions 84

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level. How long will the team have to respond to the incident?

Options:

A.

One working day

B.

Two working days

C.

Immediately

D.

Four hours

Buy Now
Questions 85

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?

Options:

A.

Justification

B.

Authentication

C.

Reiteration

D.

Certification

Buy Now
Questions 86

Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

Options:

A.

Value list cell

B.

Value cell

C.

Key cell

D.

Security descriptor cell

Buy Now
Questions 87

What type of equipment would a forensics investigator store in a StrongHold bag?

Options:

A.

PDAPDA?

B.

Backup tapes

C.

Hard drives

D.

Wireless cards

Buy Now
Questions 88

A master boot record (MBR) is the first sector (“sector zero”) of a data storage device. What is the size of MBR?

Options:

A.

Depends on the capacity of the storage device

B.

1048 Bytes

C.

4092 Bytes

D.

512 Bytes

Buy Now
Exam Code: 312-49v9
Exam Name: Computer Hacking Forensic Investigator (v9)
Last Update: Dec 21, 2024
Questions: 589

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99