Last Updated on July 23, 2021 by InfraExam
312-49 : Computer Hacking Forensic Investigator : Part 26
An attacker has compromised a cloud environment of a company and used the employee information to perform an identity theft attack. Which type of attack is this?
- Cloud as a subject
- Cloud as a tool
- Cloud as an object
- Cloud as a service
In which implementation of RAID will the image of a Hardware RAID volume be different from the image taken separately from the disks?
- RAID 1
- The images will always be identical because data is mirrored for redundancy
- RAID 0
- It will always be different
One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?
- The file header
- The File Allocation Table
- The file footer
- The sector map
An investigator enters the command sqlcmd -S WIN-CQQMK62867E -e -s”,” -E as part of collecting the primary data file and logs from a database. What does the “WIN-CQQMK62867E” represent?
- Name of the Database
- Name of SQL Server
- Operating system of the system
- Network credentials of the database
During the trial, an investigator observes that one of the principal witnesses is severely ill and cannot be present for the hearing. He decides to record the evidence and present it to the court. Under which rule should he present such evidence?
- Rule 1003: Admissibility of Duplicates
- Limited admissibility
- Locard’s Principle
What is cold boot (hard boot)?
- It is the process of restarting a computer that is already in sleep mode
- It is the process of shutting down a computer from a powered-on or on state
- It is the process of restarting a computer that is already turned on through the operating system
- It is the process of starting a computer from a powered-down or off state
What does the 184.108.40.206(445) denote in a Cisco router log?
Jun 19 23:25:46.125 EST: %SEC-4-IPACCESSLOGP: list internet-inbound denied udp 220.127.116.11(8084) -> 18.104.22.168(445), 1 packet
- Source IP address
- None of the above
- Login IP address
- Destination IP address
Which among the following laws emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to provide information security for the information systems that support its operations and assets?
Which of the following techniques delete the files permanently?
- Artifact Wiping
- Data Hiding
- Trail obfuscation
What is an investigator looking for in the rp.log file stored in a system running on Windows 10 operating system?
- Restore point interval
- Automatically created restore points
- System CheckPoints required for restoring
- Restore point functions
Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?
- Server storage archives are the server information and settings stored on a local system, whereas the local archives are the local email client information stored on the mail server
- It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers
- Local archives should be stored together with the server storage archives in order to be admissible in a court of law
- Local archives do not have evidentiary value as the email client may alter the message data
Which of the following tool is used to locate IP addresses?
- Deep Log Analyzer
- XRY LOGICAL
Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?
What is the framework used for application development for iOS-based mobile devices?
- Cocoa Touch
Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?
- File fingerprinting
- Identifying file obfuscation
- Static analysis
- Dynamic analysis
Which of the following tools is not a data acquisition hardware tool?
- Atola Insight Forensic
- F-Response Imager
The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output?
- dir /o:d
- dir /o:s
- dir /o:e
- dir /o:n
Which list contains the most recent actions performed by a Windows User?
- Windows Error Log
Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?
What is the name of the first reserved sector in File allocation table?
- Volume Boot Record
- Partition Boot Sector
- Master Boot Record
- BIOS Parameter Block