312-49 : Computer Hacking Forensic Investigator : Part 16

  1. What stage of the incident handling process involves reporting events?

    • Containment
    • Follow-up
    • Identification
    • Recovery
  2. When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?

    • RIM Messaging center
    • Blackberry Enterprise server
    • Microsoft Exchange server
    • Blackberry desktop redirector
  3. What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?

    • Fraggle
    • Smurf scan
    • SYN flood
    • Teardrop
  4. Which of the following is a list of recently used programs or opened files?

    • Most Recently Used (MRU)
    • Recently Used Programs (RUP)
    • Master File Table (MFT)
    • GUID Partition Table (GPT)
  5. Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

    • Data collection
    • Secure the evidence
    • First response
    • Data analysis
  6. Which of the following file contains the traces of the applications installed, run, or uninstalled from a system?

    • Shortcut Files
    • Virtual files
    • Prefetch Files
    • Image Files
  7. Which password cracking technique uses details such as length of password, character sets used to construct the password, etc.?

    • Dictionary attack
    • Brute force attack
    • Rule-based attack
    • Man in the middle attack
  8. Which US law does the interstate or international transportation and receiving of child pornography fall under?

    • §18. U.S.C. 1466A
    • §18. U.S.C 252
    • §18. U.S.C 146A
    • §18. U.S.C 2252
  9. Which network attack is described by the following statement?

    “At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries.”

    • DDoS
    • Sniffer Attack
    • Buffer Overflow
    • Man-in-the-Middle Attack
  10. Which of the following tool captures and allows you to interactively browse the traffic on a network?

    • Security Task Manager
    • Wireshark
    • ThumbsDisplay
    • RegScanner
  11. Which of the following standard represents a legal precedent sent in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses’ testimony during federal legal proceedings?

    • IOCE
    • SWGDE & SWGIT
    • Frye
    • Daubert
  12. Which of the following stages in a Linux boot process involve initialization of the system’s hardware?

    • BIOS Stage
    • Bootloader Stage
    • BootROM Stage
    • Kernel Stage
  13. Who is responsible for the following tasks?

    Secure the scene and ensure that is maintained in a secure state until the Forensic Team advises

    Make notes about the scene that will eventually be handed over to the Forensic Team

    • Non-forensics staff
    • Lawyers
    • System administrators
    • Local managers or other non-forensic staff
  14. Wireless access control attacks aim to penetrate a network by evading WLAN access control measures such as AP MAC filters and Wi-Fi port access controls. Which of the following wireless access control attacks allow the attacker to set up a rogue access point outside the corporate perimeter and then lure the employees of the organization to connect to it?

    • Ad hoc associations
    • Client mis-association
    • MAC spoofing
    • Rogue access points
  15. You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

    • Net sessions
    • Net config
    • Net share
    • Net use
  16. Watson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format. What type of evidence is this?

    • Data from a CD copied using Windows
    • Data from a CD copied using Mac-based system
    • Data from a DVD copied using Windows system
    • Data from a CD copied using Linux system
  17. Which of the following techniques can be used to beat steganography?

    • Encryption
    • Steganalysis
    • Decryption
    • Cryptanalysis
  18. Which of the following options will help users to enable or disable the last access time on a system running Windows 10 OS?

    • wmic service
    • Reg.exe
    • fsutil
    • Devcon
  19. Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. he wants to recover all those data, which includes his personal photos, music, documents, videos, official email, etc. Which of the following tools shall resolve Bob’s purpose?

    • Colasoft’s Capsa
    • Recuva
    • Cain & Abel
    • Xplico
  20. Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host_id, and local path information?

    • host.db
    • sigstore.db
    • config.db
    • filecache.db