Last Updated on July 22, 2021 by InfraExam

312-49 : Computer Hacking Forensic Investigator : Part 19

  1. Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server’s root directory?

    • Parameter/form tampering
    • Unvalidated input
    • Directory traversal
    • Security misconfiguration
  2. What is the size value of a nibble?

    • 0.5 kilo byte
    • 0.5 bit
    • 0.5 byte
    • 2 bits
  3. Which of the following tool enables a user to reset his/her lost admin password in a Windows system?

    • Advanced Office Password Recovery
    • Active@ Password Changer
    • Smartkey Password Recovery Bundle Standard
    • Passware Kit Forensic
  4. Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?

    • Accunetix
    • Nikto
    • Snort
    • Kismet
  5. In Steganalysis, which of the following describes a Known-stego attack?

    • The hidden message and the corresponding stego-image are known
    • During the communication process, active attackers can change cover
    • Original and stego-object are available and the steganography algorithm is known
    • Only the steganography medium is available for analysis
  6. Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system?

    • C: $Recycled.Bin
    • C: \$Recycle.Bin
    • C:\$RECYCLER
  7. Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?

    • filecache.db
    • config.db
    • sigstore.db
    • Sync_config.db
  8. An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party’s claim or defense.

    • Expert in criminal investigation
    • Subject matter specialist
    • Witness present at the crime scene
    • Expert law graduate appointed by attorney
  9. Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first response while maintaining the integrity of evidence?

    • Record the system state by taking photographs of physical system and the display
    • Perform data acquisition without disturbing the state of the systems
    • Open the systems, remove the hard disk and secure it
    • Switch off the systems and carry them to the laboratory
  10. Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

    • Volume Boot Record
    • Master Boot Record
    • GUID Partition Table
    • Master File Table
  11. Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that disappeared upon execution. Now, he wants to examine the MIME stream content. Which of the following files is he going to examine?

    • PRIV.STM
    • gwcheck.db
    • PRIV.EDB
    • PUB.EDB
  12. Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?

    • gif
    • bmp
    • jpeg
    • png
  13. Which of the following tools will help the investigator to analyze web server logs?

    • LanWhois
    • Deep Log Monitor
    • Deep Log Analyzer
  14. Which of the following files gives information about the client sync sessions in Google Drive on Windows?

    • sync_log.log
    • Sync_log.log
    • sync.log
    • Sync.log
  15. Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

    • HIPAA
    • GLBA
    • SOX
    • FISMA
  16. Richard is extracting volatile data from a system and uses the command doskey/history. What is he trying to extract?

    • Events history
    • Previously typed commands
    • History of the browser
    • Passwords used across the system
  17. Jacky encrypts her documents using a password. It is known that she uses her daughter’s year of birth as part of the password. Which password cracking technique would be optimal to crack her password?

    • Rule-based attack
    • Brute force attack
    • Syllable attack
    • Hybrid attack
  18. Which of the following tool can the investigator use to analyze the network to detect Trojan activities?

    • Regshot
    • RAM Computer
    • Capsa
  19. When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called “INFO2” in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________.

    • Undo the last action performed on the system
    • Reboot Windows
    • Use a recovery tool to undelete the file
    • Download the file from Microsoft website
  20. What is the primary function of the tool CHKDSK in Windows that authenticates the file system reliability of a volume?

    • Repairs logical file system errors
    • Check the disk for hardware errors
    • Check the disk for connectivity errors
    • Check the disk for Slack Space