Last Updated on July 22, 2021 by InfraExam

312-49 : Computer Hacking Forensic Investigator : Part 20

  1. Which of the following tool enables data acquisition and duplication?

    • Colasoft’s Capsa
    • DriveSpy
    • Wireshark
    • Xplico
  2. What does 254 represent in ICCID 89254021520014515744?

    • Industry Identifier Prefix
    • Country Code
    • Individual Account Identification Number
    • Issuer Identifier Number
  3. Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program. What part of the analysis is he performing?

    • Identifying File Dependencies
    • Strings search
    • Dynamic analysis
    • File obfuscation
  4. A master boot record (MBR) is the first sector (“sector zero”) of a data storage device. What is the size of MBR?

    • Depends on the capacity of the storage device
    • 1048 Bytes
    • 4092 Bytes
    • 512 Bytes
  5. Which password cracking technique uses every possible combination of character sets?

    • Rainbow table attack
    • Brute force attack
    • Rule-based attack
    • Dictionary attack
  6. Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statistics and probability and uses only two variables?

    • Bayesian Correlation
    • Vulnerability-Based Approach
    • Rule-Based Approach
    • Route Correlation
  7. NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:

    • FAT does not index files
    • NTFS is a journaling file system
    • NTFS has lower cluster size space
    • FAT is an older and inefficient file system
  8. Smith, as a part his forensic investigation assignment, seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data in the mobile device. Smith found that the SIM was protected by a Personal Identification Number (PIN) code, but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He made three unsuccessful attempts, which blocked the SIM card. What can Jason do in this scenario to reset the PIN and access SIM data?

    • He should contact the network operator for a Temporary Unlock Code (TUK)
    • Use system and hardware tools to gain access
    • He can attempt PIN guesses after 24 hours
    • He should contact the network operator for Personal Unlock Number (PUK)
  9. Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures?

    • Lsproc
    • DumpChk
    • RegEdit
    • EProcess
  10. How will you categorize a cybercrime that took place within a CSP’s cloud environment?

    • Cloud as a Subject
    • Cloud as a Tool
    • Cloud as an Audit
    • Cloud as an Object
  11. Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?

    • Written Formal Report
    • Verbal Formal Report
    • Verbal Informal Report
    • Written Informal Report
  12. The process of restarting a computer that is already turned on through the operating system is called?

    • Warm boot
    • Ice boot
    • Hot Boot
    • Cold boot
  13. Amber, a black hat hacker, has embedded a malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing?

    • Click-jacking
    • Compromising a legitimate site
    • Spearphishing
    • Malvertising
  14. Sectors are pie-shaped regions on a hard disk that store data. Which of the following parts of a hard disk do not contribute in determining the addresses of data?

    • Sectors
    • Interface
    • Cylinder
    • Heads
  15. Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?

    • netstat – r
    • netstat – ano
    • netstat – b
    • netstat – s
  16. Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to analyze the DBX files?

    • Microsoft Outlook
    • Eudora
    • Mozilla Thunderbird
    • Microsoft Outlook Express
  17. Which network attack is described by the following statement? “At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries.”

    • Man-in-the-Middle Attack
    • Sniffer Attack
    • Buffer Overflow
    • DDoS
  18. Which of the following is NOT a part of pre-investigation phase?

    • Building forensics workstation
    • Gathering information about the incident
    • Gathering evidence data
    • Creating an investigation team
  19. To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong?

    • Post-investigation Phase
    • Reporting Phase
    • Pre-investigation Phase
    • Investigation Phase
  20. Which tool does the investigator use to extract artifacts left by Google Drive on the system?

    • PEBrowse Professional
    • RegScanner
    • RAM Capturer
    • Dependency Walker