Last Updated on July 22, 2021 by InfraExam

312-49 : Computer Hacking Forensic Investigator : Part 23

  1. Which of the following email headers specifies an address for mailer-generated errors, like “no such user” bounce messages, to go to (instead of the sender’s address)?

    • Mime-Version header
    • Content-Type header
    • Content-Transfer-Encoding header
    • Errors-To header
  2. Jacob is a computer forensics investigator with over 10 years of experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob’s testimony in this case?

    • Certification
    • Justification
    • Reiteration
    • Authentication
  3. When a user deletes a file, the system creates a $I file to store its details. What detail does the $I file not contain?

    • File Size
    • File origin and modification
    • Time and date of deletion
    • File Name
  4. Raw data acquisition format creates _________ of a data set or suspect drive.

    • Segmented image files
    • Simple sequential flat files
    • Compressed image files
    • Segmented files
  5. CAN-SPAM act requires that you:

    • Don’t use deceptive subject lines
    • Don’t tell the recipients where you are located
    • Don’t identify the message as an ad
    • Don’t use true header information
  6. Which of the following registry hive gives the configuration information about which application was used to open various files on the system?

    • HKEY_CLASSES_ROOT
    • HKEY_CURRENT_CONFIG
    • HKEY_LOCAL_MACHINE
    • HKEY_USERS
  7. Select the tool appropriate for examining the dynamically linked libraries of an application or malware.

    • DependencyWalker
    • SysAnalyzer
    • PEiD
    • ResourcesExtract
  8. Which among the following U.S. laws requires financial institutions—companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance—to protect their customers’ information against security threats?

    • SOX
    • HIPAA
    • GLBA
    • FISMA
  9. Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?

    • TestDisk for Windows
    • R-Studio
    • Windows Password Recovery Bootdisk
    • Passware Kit Forensic
  10. An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?

    • Equipment Identity Register (EIR)
    • Electronic Serial Number (ESN)
    • International mobile subscriber identity (IMSI)
    • Integrated circuit card identifier (ICCID)
  11. Which command line tool is used to determine active network connections?

    • netsh
    • nbstat
    • nslookup
    • netstat
  12. Which of the following processes is part of the dynamic malware analysis?

    • Process Monitoring
    • Malware disassembly
    • Searching for the strings
    • File fingerprinting
  13. Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?

    • International Mobile Equipment Identifier (IMEI)
    • Integrated circuit card identifier (ICCID)
    • International mobile subscriber identity (IMSI)
    • Equipment Identity Register (EIR)
  14. What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?

    • Disk deletion
    • Disk cleaning
    • Disk degaussing
    • Disk magnetization
  15. Which of the following tool can reverse machine code to assembly language?

    • PEiD
    • RAM Capturer
    • IDA Pro
    • Deep Log Analyzer
  16. Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?

    • Proprietary Format
    • Generic Forensic Zip (gfzip)
    • Advanced Forensic Framework 4
    • Advanced Forensics Format (AFF)
  17. What is the investigator trying to view by issuing the command displayed in the following screenshot?

    312-49 Part 23 Q17 011
    312-49 Part 23 Q17 011
    • List of services stopped
    • List of services closed recently
    • List of services recently started
    • List of services installed
  18. Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

    • Core Services
    • Media services
    • Cocoa Touch
    • Core OS
  19. Which command can provide the investigators with details of all the loaded modules on a Linux-based system?

    • list modules -a
    • lsmod
    • plist mod -a
    • lsof -m
  20. In a Linux-based system, what does the command “Last -F” display?

    • Login and logout times and dates of the system
    • Last run processes
    • Last functions performed
    • Recently opened files