312-49 : Computer Hacking Forensic Investigator : Part 18

312-49 : Computer Hacking Forensic Investigator : Part 18

  1. What is the location of the binary files required for the functioning of the OS in a Linux system?

    • /run
    • /bin
    • /root
    • /sbin

  2. Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?

    • Portable Document Format
    • MS-office Word Document
    • MS-office Word OneNote
    • MS-office Word PowerPoint

  3. Ivanovich, a forensics investigator, is trying to extract complete information about running processes from a system. Where should he look apart from the RAM and virtual memory?

    • Swap space
    • Application data
    • Files and documents
    • Slack space

  4. When marking evidence that has been collected with the “aaa/ddmmyy/nnnn/zz” format, what does the “nnnn” denote?

    • The initials of the forensics analyst
    • The sequence number for the parts of the same exhibit
    • The year he evidence was taken
    • The sequential number of the exhibits seized by the analyst

  5. Which MySQL log file contains information on server start and stop?

    • Slow query log file
    • General query log file
    • Binary log
    • Error log file

  6. Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups?

    • Inode bitmap block
    • Superblock
    • Block bitmap block
    • Data block

  7. Bob works as information security analyst for a big finance company. One day, the anomaly-based intrusion detection system alerted that a volumetric DDOS targeting the main IP of the main web server was occurring. What kind of attack is it?

    • IDS attack
    • APT
    • Web application attack
    • Network attack

  8. Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?

    • Witness Authentication
    • Direct Examination
    • Expert Witness
    • Cross Questioning

  9. Which rule requires an original recording to be provided to prove the content of a recording?

    • 1004
    • 1002
    • 1003
    • 1005

  10. The investigator wants to examine changes made to the system’s registry by the suspect program. Which of the following tool can help the investigator?

    • TRIPWIRE
    • RAM Capturer
    • Regshot
    • What’s Running

  11. What does the part of the log, “% SEC-6-IPACCESSLOGP”, extracted from a Cisco router represent?

    • The system was not able to process the packet because there was not enough room for all of the desired IP header options
    • Immediate action required messages
    • Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available
    • A packet matching the log criteria for the given access list has been detected (TCP or UDP)

  12. Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where “x” represents the ___________________.

    • Drive name
    • Original file name’s extension
    • Sequential number
    • Original file name

  13. Which of the following is an iOS Jailbreaking tool?

    • Kingo Android ROOT
    • Towelroot
    • One Click Root
    • Redsn0w

  14. Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

    • Value list cell
    • Value cell
    • Key cell
    • Security descriptor cell

  15. What is the default IIS log location?

    • SystemDrive\inetpub\LogFiles
    • %SystemDrive%\inetpub\logs\LogFiles
    • %SystemDrive\logs\LogFiles
    • SystemDrive\logs\LogFiles

  16. Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Which of the following tool will help Charles?

    • Xplico
    • Colasoft’s Capsa
    • FileSalvage
    • DriveSpy

  17. Which file is a sequence of bytes organized into blocks understandable by the system’s linker?

    • executable file
    • source file
    • Object file
    • None of these

  18. Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use.

    • Windows 98
    • Linux
    • Windows 8.1
    • Windows XP

  19. Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name?

    • It is a doc file deleted in seventh sequential order
    • RIYG6VR.doc is the name of the doc file deleted from the system
    • It is file deleted from R drive
    • It is a deleted doc file

  20. Which among the following files provides email header information in the Microsoft Exchange server?

    • gwcheck.db
    • PRIV.EDB
    • PUB.EDB
    • PRIV.STM
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments