Last Updated on July 23, 2021 by InfraExam

312-49 : Computer Hacking Forensic Investigator : Part 26

  1. An attacker has compromised a cloud environment of a company and used the employee information to perform an identity theft attack. Which type of attack is this?

    • Cloud as a subject
    • Cloud as a tool
    • Cloud as an object
    • Cloud as a service
  2. In which implementation of RAID will the image of a Hardware RAID volume be different from the image taken separately from the disks?

    • RAID 1
    • The images will always be identical because data is mirrored for redundancy
    • RAID 0
    • It will always be different
  3. One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

    • The file header
    • The File Allocation Table
    • The file footer
    • The sector map
  4. An investigator enters the command sqlcmd -S WIN-CQQMK62867E -e -s”,” -E as part of collecting the primary data file and logs from a database. What does the “WIN-CQQMK62867E” represent?

    • Name of the Database
    • Name of SQL Server
    • Operating system of the system
    • Network credentials of the database
  5. During the trial, an investigator observes that one of the principal witnesses is severely ill and cannot be present for the hearing. He decides to record the evidence and present it to the court. Under which rule should he present such evidence?

    • Rule 1003: Admissibility of Duplicates
    • Limited admissibility
    • Locard’s Principle
    • Hearsay
  6. What is cold boot (hard boot)?

    • It is the process of restarting a computer that is already in sleep mode
    • It is the process of shutting down a computer from a powered-on or on state
    • It is the process of restarting a computer that is already turned on through the operating system
    • It is the process of starting a computer from a powered-down or off state
  7. What does the denote in a Cisco router log?

    Jun 19 23:25:46.125 EST: %SEC-4-IPACCESSLOGP: list internet-inbound denied udp ->, 1 packet

    • Source IP address
    • None of the above
    • Login IP address
    • Destination IP address
  8. Which among the following laws emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to provide information security for the information systems that support its operations and assets?

    • FISMA
    • HIPAA
    • GLBA
    • SOX
  9. Which of the following techniques delete the files permanently?

    • Steganography
    • Artifact Wiping
    • Data Hiding
    • Trail obfuscation
  10. What is an investigator looking for in the rp.log file stored in a system running on Windows 10 operating system?

    • Restore point interval
    • Automatically created restore points
    • System CheckPoints required for restoring
    • Restore point functions
  11. Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?

    • Server storage archives are the server information and settings stored on a local system, whereas the local archives are the local email client information stored on the mail server
    • It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers
    • Local archives should be stored together with the server storage archives in order to be admissible in a court of law
    • Local archives do not have evidentiary value as the email client may alter the message data
  12. Which of the following tool is used to locate IP addresses?

    • SmartWhois
    • Deep Log Analyzer
    • Towelroot
  13. Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?

    • MIME
    • BINHEX
    • UT-16
    • UUCODE
  14. What is the framework used for application development for iOS-based mobile devices?

    • Cocoa Touch
    • Dalvik
    • Zygote
    • AirPlay
  15. Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?

    • File fingerprinting
    • Identifying file obfuscation
    • Static analysis
    • Dynamic analysis
  16. Which of the following tools is not a data acquisition hardware tool?

    • UltraKit
    • Atola Insight Forensic
    • F-Response Imager
    • Triage-Responder
  17. The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output?

    312-49 Part 26 Q17 013
    312-49 Part 26 Q17 013
    • dir /o:d
    • dir /o:s
    • dir /o:e
    • dir /o:n
  18. Which list contains the most recent actions performed by a Windows User?

    • MRU
    • Activity
    • Recents
    • Windows Error Log
  19. Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?

    • Model.log
    • Model.txt
    • Model.ldf
    • Model.lgf
  20. What is the name of the first reserved sector in File allocation table?

    • Volume Boot Record
    • Partition Boot Sector
    • Master Boot Record
    • BIOS Parameter Block