312-49V8 Online Practice Questions and Answers

What is the First Step required in preparing a computer for forensics investigation?

A. Do not turn the computer off or on, run any programs, or attempt to access data on a computer

B. Secure any relevant media

C. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue

D. Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination

Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system

Network forensics can reveal: (Select three answers)

A. Source of security incidents' and network attacks

B. Path of the attack

C. Intrusion techniques used by attackers

D. Hardware configuration of the attacker's system

What is a bit-stream copy?

A. Bit-Stream Copy is a bit-by-bit copy of the original storage medium and exact copy of the original disk

B. A bit-stream image is the file that contains the NTFS files and folders of all the data on a disk or partition

C. A bit-stream image is the file that contains the FAT32 files and folders of all the data on a disk or partition

D. Creating a bit-stream image transfers only non-deleted files from the original disk to the image disk

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network

A. 16-bit address

B. 24-bit address

C. 32-bit address

D. 48-bit address

Which table is used to convert huge word lists (i .e. dictionary files and brute-force lists) into password hashes?

A. Rainbow tables

B. Hash tables

C. Master file tables

D. Database tables

Data acquisition system is a combination of tools or processes used to gather, analyze and record Information about some phenomenon. Different data acquisition system are used depends on the location, speed, cost. etc. Serial communication data acquisition system is used when the actual location of the data is at some distance from the computer. Which of the following communication standard is used in serial communication data acquisition system?

A. RS422

B. RS423

C. RS232

D. RS231

Log management includes all the processes and techniques used to collect, aggregate, and analyze computer-generated log messages. It consists of the hardware, software, network and media used to generate, transmit, store, analyze, and dispose of log data.

A. True

B. False

LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.

A. Sequential number

B. Index number

C. Operating system number

D. Sector number

What is the "Best Evidence Rule"?

A. It states that the court only allows the original evidence of a document, photograph, or recording at the trial rather than a copy

B. It contains system time, logged-on user(s), open files, network information, process information, process-to-port mapping, process memory, clipboard contents, service/driver information, and command history

C. It contains hidden files, slack space, swap file, index.dat files, unallocated clusters, unused partitions, hidden partitions, registry settings, and event logs

D. It contains information such as open network connection, user logout, programs that reside in memory, and cache data

Dumpster Diving refers to:

A. Searching for sensitive information in the user's trash bins and printer trash bins, and searching the user's desk for sticky notes

B. Looking at either the user's keyboard or screen while he/she is logging in

C. Convincing people to reveal the confidential information

D. Creating a set of dictionary words and names, and trying all the possible combinations to crack the password

A mobile operating system manages communication between the mobile device and other compatible devices like computers, televisions, or printers.

Which mobile operating system architecture is represented here?

A. webOS System Architecture

B. Symbian OS Architecture

C. Android OS Architecture

D. Windows Phone 7 Architecture

What is the goal of forensic science?

A. To determine the evidential value of the crime scene and related evidence

B. Mitigate the effects of the information security breach

C. Save the good will of the investigating organization

D. It is a disciple to deal with the legal processes

What document does the screenshot represent?

A. Chain of custody form

B. Search warrant form

C. Evidence collection form

D. Expert witness form

Digital evidence validation involves using a hashing algorithm utility to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a disk drive or file. Which of the following hash algorithms produces a message digest that is 128 bits long?

A. CRC-32

B. MD5

C. SHA-1

D. SHA-512

An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthorized access, as well as misuse. Which of the following intrusion detection systems audit events that occur on a specific host?

A. Network-based intrusion detection

B. Host-based intrusion detection

C. Log file monitoring

D. File integrity checking