The Replace Guide To 312-49v9 Free Practice Questions

NEW QUESTION 1

File signature analysis involves collecting information from the ____ of a file to determine the type and function of the file

• A. First 10 bytes
• B. First 20 bytes
• C. First 30 bytes
• D. First 40 bytes

Answer: B

NEW QUESTION 2

Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

• A. Daubert Standard
• B. Schneiderman Standard
• C. Frye Standard
• D. FERPA standard

Answer: C

NEW QUESTION 3

Billy, a computer forensics expert, has recovered a large number of DBX files during forensic investigation of a laptop. Which of the following email clients he can use to analyze the DBX files?

• A. Microsoft Outlook
• B. Microsoft Outlook Express
• C. Mozilla Thunderoird
• D. Eudora

Answer: B

NEW QUESTION 4

Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system Network forensics can reveal: (Select three answers)

• A. Source of security incidents’ and network attacks
• B. Path of the attack
• C. Intrusion techniques used by attackers
• D. Hardware configuration of the attacker's system

Answer: ABC

NEW QUESTION 5

What is a SCSI (Small Computer System Interface)?

• A. A set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drive
• B. CD-ROM drives, printers, and scanners
• C. A standard electronic interface used between a computer motherboard's data paths or bus and the computer's disk storage devices
• D. A "plug-and-play" interface, which allows a device to be added without an adapter card and without rebooting the computer
• E. A point-to-point serial bi-directional interface for transmitting data between computer devices at data rates of up to 4 Gbps

Answer: A

NEW QUESTION 6

Which of the following would you consider an aspect of organizational security, especially focusing on IT security?

• A. Biometric information security
• B. Security from frauds
• C. Application security
• D. Information copyright security

Answer: C

NEW QUESTION 7

During the seizure of digital evidence, the suspect can be allowed touch the computer system.

• A. True
• B. False

Answer: B

NEW QUESTION 8

Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time.
Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network?

• A. Same-platform correlation
• B. Cross-platform correlation
• C. Multiple-platform correlation
• D. Network-platform correlation

Answer: B

NEW QUESTION 9

Data files from original evidence should be used for forensics analysis

• A. True
• B. False

Answer: B

NEW QUESTION 10

Windows Security Event Log contains records of login/logout activity or other security-related events specified by the system's audit policy. What does event ID 531 in Windows Security Event Log indicates?

• A. A user successfully logged on to a computer
• B. The logon attempt was made with an unknown user name or a known user name with a bad password
• C. An attempt was made to log on with the user account outside of the allowed time
• D. A logon attempt was made using a disabled account

Answer: D

NEW QUESTION 11

The Electronic Serial Number (ESN) is a unique _ recorded on a secure chip in a mobile phone by the manufacturer.

• A. 16-bit identifier
• B. 24-bit identifier
• C. 32-bit identifier
• D. 64-bit identifier

Answer: C

NEW QUESTION 12

To preserve digital evidence, an investigator should _____

• A. Make two copies of each evidence item using a single imaging tool
• B. Make a single copy of each evidence item using an approved imaging tool
• C. Make two copies of each evidence item using different imaging tools
• D. Only store the original evidence item

Answer: C

NEW QUESTION 13

Which of the following commands shows you the NetBIOS name table each?

• A. nbtstat -n
• B. nbtstat -c
• C. nbtstat -r
• D. nbtstat -s

Answer: A

NEW QUESTION 14

What is the goal of forensic science?

• A. To determine the evidential value of the crime scene and related evidence
• B. Mitigate the effects of the information security breach
• C. Save the good will of the investigating organization
• D. It is a disciple to deal with the legal processes

Answer: A

NEW QUESTION 15

File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?

• A. The last letter of a file name is replaced by a hex byte code E5h
• B. The operating system marks the file's name in the MFT with a special character that indicates that the file has been deleted
• C. Corresponding clusters in FAT are marked as used
• D. The computer looks at the clusters occupied by that file and does not avails space to store a new file

Answer: B

NEW QUESTION 16

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

• A. The ISP can investigate anyone using their service and can provide you with assistance
• B. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant
• C. The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you
• D. ISPs never maintain log files so they would be of no use to your investigation

Answer: B

NEW QUESTION 17

At what layer does a cross site scripting attack occur on?

• A. Presentation
• B. Application
• C. Session
• D. Data Link

Answer: B

NEW QUESTION 18

MAC filtering is a security access control methodology, where a ____ is assigned to each network card to determine access to the network

• A. 16-bit address
• B. 24-bit address
• C. 32-bit address
• D. 48-bit address

Answer: D

NEW QUESTION 19

An "idle" system is also referred to as what?

• A. PC not connected to the Internet
• B. PC not being used
• C. Zombie
• D. Bot

Answer: C

NEW QUESTION 20

Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?

• A. Wireless router
• B. Wireless modem
• C. Antenna
• D. Mobile station

Answer: A

NEW QUESTION 21

Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?

• A. Send DOS commands to crash the DNS servers
• B. Perform DNS poisoning
• C. Enumerate all the users in the domain
• D. Perform a zone transfer

Answer: D

NEW QUESTION 22

FAT32 is a 32-bit version of FAT file system using smaller clusters and results in efficient storage capacity. What is the maximum drive size supported?

• A. 1 terabytes
• B. 2 terabytes
• C. 3 terabytes
• D. 4 terabytes

Answer: B

NEW QUESTION 23

George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?

• A. Nessus cannot perform wireless testing
• B. Nessus is too loud
• C. There are no ways of performing a "stealthy" wireless scan
• D. Nessus is not a network scanner

Answer: B

NEW QUESTION 24

What feature of Windows is the following command trying to utilize?

• A. White space
• B. AFS
• C. ADS
• D. Slack file

Answer: C

NEW QUESTION 25

You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position: 7+ years experience in Windows Server environment 5+ years experience in Exchange 2000/2003 environment Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are reQuired MCSA desired, MCSE, CEH preferred No Unix/Linux Experience needed What is this information posted on the job website considered?

• A. Trade secret
• B. Social engineering exploit
• C. Competitive exploit
• D. Information vulnerability

Answer: D

NEW QUESTION 26

The evolution of web services and their increasing use in business offers new attack vectors in an application framework. Web services are based on XML protocols such as web Services Definition Language (WSDL) for describing the connection points, Universal Description, Discovery, and Integration (UDDI) for the description and discovery of Web services and Simple Object Access Protocol (SOAP) for communication between Web services that are vulnerable to various web application threats. Which of the following layer in web services stack is vulnerable to fault code leaks?

• A. Presentation Layer
• B. Security Layer
• C. Discovery Layer
• D. Access Layer

Answer: C

NEW QUESTION 27

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of
steganography did these two suspects use?

• A. Text semagram
• B. Visual semagram
• C. Grill cipher
• D. Visual cipher

Answer: B

NEW QUESTION 28

Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts?

• A. This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date
• B. All forensic teams should wear protective latex gloves which makes them look professional and cool
• C. Local law enforcement agencies compel them to wear latest gloves
• D. It is a part of ANSI 346 forensics standard

Answer: A

NEW QUESTION 29

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

• A. The system has been compromised using a t0rnrootkit
• B. The system administrator has created an incremental backup
• C. The system files have been copied by a remote attacker
• D. Nothing in particular as these can be operational files

Answer: D

NEW QUESTION 30
......