Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors

312-49v9 Computer Hacking Forensic Investigator (v9) Questions and Answers

Questions 4

When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

Options:

A.

Recycle Bin

B.

MSDOS.sys

C.

BIOS

D.

Case files

Buy Now
Questions 5

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers.

Bill protects the PDF documents with a password and sends them to their intended recipients.

Why PDF passwords do not offer maximum protection?

Options:

A.

PDF passwords can easily be cracked by software brute force tools

B.

PDF passwords are converted to clear text when sent through E-mail

C.

PDF passwords are not considered safe by Sarbanes-Oxley

D.

When sent through E-mail, PDF passwords are stripped from the document completely

Buy Now
Questions 6

Law enforcement officers are conducting a legal search for which a valid warrant was obtained.

While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

Options:

A.

Plain view doctrine

B.

Corpus delicti

C.

Locard Exchange Principle

D.

Ex Parte Order

Buy Now
Questions 7

Which among the following files provides email header information in the Microsoft Exchange server?

Options:

A.

gwcheck.db

B.

PRIV.EDB

C.

PUB.EDB

D.

PRIV.STM

Buy Now
Questions 8

Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?

Options:

A.

Tailgating

B.

Backtrapping

C.

Man trap attack

D.

Fuzzing

Buy Now
Questions 9

Which code does the FAT file system use to mark the file as deleted?

Options:

A.

ESH

B.

5EH

C.

H5E

D.

E5H

Buy Now
Questions 10

How often must a company keep log files for them to be admissible in a court of law?

Options:

A.

All log files are admissible in court no matter their frequency

B.

Weekly

C.

Monthly

D.

Continuously

Buy Now
Questions 11

John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and finds nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual memory of the computer to possibly find something he had missed. What information will the virtual memory scan produce?

Options:

A.

It contains the times and dates of when the system was last patched

B.

It is not necessary to scan the virtual memory of a computer

C.

It contains the times and dates of all the system files

D.

Hidden running processes

Buy Now
Questions 12

While presenting his case to the court, Simon calls many witnesses to the stand to testify. Simon decides to call Hillary Taft, a lay witness, to the stand. Since Hillary is a lay witness, what field would she be considered an expert in?

Options:

A.

Technical material related to forensics

B.

No particular field

C.

Judging the character of defendants/victims

D.

Legal issues

Buy Now
Questions 13

What method of copying should always be performed first before carrying out an investigation?

Options:

A.

Parity-bit copy

B.

Bit-stream copy

C.

MS-DOS disc copy

D.

System level copy

Buy Now
Questions 14

Which program is the bootloader when Windows XP starts up?

Options:

A.

KERNEL.EXE

B.

NTLDR

C.

LOADER

D.

LILO

Buy Now
Questions 15

Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program. What part of the analysis is he performing?

Options:

A.

Identifying File Dependencies

B.

Strings search

C.

Dynamic analysis

D.

File obfuscation

Buy Now
Questions 16

How many possible sequence number combinations are there in TCP/IP protocol?

Options:

A.

1 billion

B.

320 billion

C.

4 billion

D.

32 million

Buy Now
Questions 17

The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers written under oath, written requests for admissions of fact and examination of the scene is a description of what legal term?

Options:

A.

Detection

B.

Hearsay

C.

Spoliation

D.

Discovery

Buy Now
Questions 18

You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question whether evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?

Options:

A.

make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab

B.

make an MD5 hash of the evidence and compare it to the standard database developed by NIST

C.

there is no reason to worry about this possible claim because state labs are certified

D.

sign a statement attesting that the evidence is the same as it was when it entered the lab

Buy Now
Questions 19

Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

Options:

A.

A disk imaging tool would check for CRC32s for internal self-checking and validation and have MD5 checksum

B.

Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file

C.

A simple DOS copy will not include deleted files, file slack and other information

D.

There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

Buy Now
Questions 20

Diskcopy is:

Options:

A.

a utility by AccessData

B.

a standard MS-DOS command

C.

Digital Intelligence utility

D.

dd copying tool

Buy Now
Questions 21

George is a senior security analyst working for a state agency in Florida. His state's congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to implement an IDS as soon as possible before the first audit occurs. The state bill requires that an IDS with a "time-based induction machine" be used.

What IDS feature must George implement to meet this requirement?

Options:

A.

Signature-based anomaly detection

B.

Pattern matching

C.

Real-time anomaly detection

D.

Statistical-based anomaly detection

Buy Now
Questions 22

Where does Encase search to recover NTFS files and folders?

Options:

A.

MBR

B.

MFT

C.

Slack space

D.

HAL

Buy Now
Questions 23

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

Options:

A.

Linux/Unix computers are easier to compromise

B.

Linux/Unix computers are constantly talking

C.

Windows computers are constantly talking

D.

Windows computers will not respond to idle scans

Buy Now
Questions 24

What does the acronym POST mean as it relates to a PC?

Options:

A.

Primary Operations Short Test

B.

PowerOn Self Test

C.

Pre Operational Situation Test

D.

Primary Operating System Test

Buy Now
Questions 25

When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.

Options:

A.

A Capital X

B.

A Blank Space

C.

The Underscore Symbol

D.

The lowercase Greek Letter Sigma (s)

Buy Now
Questions 26

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

Options:

A.

the attorney-work-product rule

B.

Good manners

C.

Trade secrets

D.

ISO 17799

Buy Now
Questions 27

Which network attack is described by the following statement?

“At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries.”

Options:

A.

DDoS

B.

Sniffer Attack

C.

Buffer Overflow

D.

Man-in-the-Middle Attack

Buy Now
Questions 28

Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Which of the following tool will help Charles?

Options:

A.

Xplico

B.

Colasoft’s Capsa

C.

FileSalvage

D.

DriveSpy

Buy Now
Questions 29

Which password cracking technique uses every possible combination of character sets?

Options:

A.

Rainbow table attack

B.

Brute force attack

C.

Rule-based attack

D.

Dictionary attack

Buy Now
Questions 30

You are running through a series of tests on your network to check for any security vulnerabilities.

After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

Options:

A.

The firewall failed-bypass

B.

The firewall failed-closed

C.

The firewall ACL has been purged

D.

The firewall failed-open

Buy Now
Questions 31

Which of the following file system is used by Mac OS X?

Options:

A.

EFS

B.

HFS+

C.

EXT2

D.

NFS

Buy Now
Questions 32

You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

Options:

A.

Airsnort

B.

Snort

C.

Ettercap

D.

RaidSniff

Buy Now
Questions 33

Which of the following Linux command searches through the current processes and lists the process IDs those match the selection criteria to stdout?

Options:

A.

pstree

B.

pgrep

C.

ps

D.

grep

Buy Now
Questions 34

Which of the following setups should a tester choose to analyze malware behavior?

Options:

A.

A virtual system with internet connection

B.

A normal system without internet connect

C.

A normal system with internet connection

D.

A virtual system with network simulation for internet connection

Buy Now
Questions 35

During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?

Options:

A.

Coordinated Universal Time

B.

Universal Computer Time

C.

Universal Time for Computers

D.

Correlated Universal Time

Buy Now
Questions 36

An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: Disk&Ven_Best_Buy&Prod_Geek_Squad_U3&Rev_6.15. What does the “Geek_Squad” part represent?

Options:

A.

Product description

B.

Manufacturer Details

C.

Developer description

D.

Software or OS used

Buy Now
Questions 37

One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

Options:

A.

The file header

B.

The File Allocation Table

C.

The file footer

D.

The sector map

Buy Now
Questions 38

Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?

Options:

A.

Sparse File

B.

Master File Table

C.

Meta Block Group

D.

Slack Space

Buy Now
Questions 39

As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc. Which of the following commands does she need to execute in order to extract the desired information?

Options:

A.

DBCC LOG(Transfers, 1)

B.

DBCC LOG(Transfers, 3)

C.

DBCC LOG(Transfers, 0)

D.

DBCC LOG(Transfers, 2)

Buy Now
Questions 40

Which file is a sequence of bytes organized into blocks understandable by the system’s linker?

Options:

A.

executable file

B.

source file

C.

Object file

D.

None of these

Buy Now
Questions 41

Robert, a cloud architect, received a huge bill from the cloud service provider, which usually doesn't happen. After analyzing the bill, he found that the cloud resource consumption was very high. He then examined the cloud server and discovered that a malicious code was running on the server, which was generating huge but harmless traffic from the server. This means that the server has been compromised by an attacker with the sole intention to hurt the cloud customer financially. Which attack is described in the above scenario?

Options:

A.

XSS Attack

B.

DDoS Attack (Distributed Denial of Service)

C.

Man-in-the-cloud Attack

D.

EDoS Attack (Economic Denial of Service)

Buy Now
Questions 42

Which of the following techniques delete the files permanently?

Options:

A.

Steganography

B.

Artifact Wiping

C.

Data Hiding

D.

Trail obfuscation

Buy Now
Questions 43

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network.

Options:

A.

48-bit address

B.

24-bit address

C.

16-bit address

D.

32-bit address

Buy Now
Questions 44

Event correlation is the process of finding relevance between the events that produce a final result. What type of correlation will help an organization to correlate events across a set of servers, systems, routers and network?

Options:

A.

Same-platform correlation

B.

Network-platform correlation

C.

Cross-platform correlation

D.

Multiple-platform correlation

Buy Now
Questions 45

Select the tool appropriate for examining the dynamically linked libraries of an application or malware.

Options:

A.

DependencyWalker

B.

SysAnalyzer

C.

PEiD

D.

ResourcesExtract

Buy Now
Questions 46

Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?

Options:

A.

FAT File System

B.

ReFS

C.

exFAT

D.

NTFS File System

Buy Now
Questions 47

Where should the investigator look for the Edge browser’s browsing records, including history, cache, and cookies?

Options:

A.

ESE Database

B.

Virtual Memory

C.

Sparse files

D.

Slack Space

Buy Now
Questions 48

Lynne receives the following email:

Dear lynne@gmail.com! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11/10 20:40:24

You have 24 hours to fix this problem or risk to be closed permanently!

To proceed Please Connect >> My Apple ID

Thank You The link to My Apple ID shows https://byggarbetsplatsen.se/backup/signon/

What type of attack is this?

Options:

A.

Mail Bombing

B.

Phishing

C.

Email Spamming

D.

Email Spoofing

Buy Now
Questions 49

Which of the following statements is true regarding SMTP Server?

Options:

A.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her designation before passing it to the DNS Server

B.

SMTP Server breaks the recipient's address into Recipient’s name and recipient’s address before passing it to the DNS Server

C.

SMTP Server breaks the recipient’s address into Recipient’s name and domain name before passing it to the DNS Server

D.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her initial before passing it to the DNS Server

Buy Now
Questions 50

Jim’s company regularly performs backups of their critical servers. But the company can’t afford to send backup tapes to an off-site vendor for long term storage and archiving. Instead Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes aren’t stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

Options:

A.

Encrypt the backup tapes and use a courier to transport them.

B.

Encrypt the backup tapes and transport them in a lock box

C.

Degauss the backup tapes and transport them in a lock box.

D.

Hash the backup tapes and transport them in a lock box.

Buy Now
Questions 51

Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?

Options:

A.

Isolating the host device

B.

Installing malware analysis tools

C.

Using network simulation tools

D.

Enabling shared folders

Buy Now
Questions 52

You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use?

Options:

A.

Inverse TCP flag scanning

B.

ACK flag scanning

C.

TCP Scanning

D.

IP Fragment Scanning

Buy Now
Questions 53

Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses' testimony during federal legal proceedings?

Options:

A.

SWGDE & SWGIT

B.

IOCE

C.

Frye

D.

Daubert

Buy Now
Questions 54

Which of the following files gives information about the client sync sessions in Google Drive on Windows?

Options:

A.

sync_log.log

B.

Sync_log.log

C.

sync.log

D.

Sync.log

Buy Now
Questions 55

What does 254 represent in ICCID 89254021520014515744?

Options:

A.

Industry Identifier Prefix

B.

Country Code

C.

Individual Account Identification Number

D.

Issuer Identifier Number

Buy Now
Questions 56

What hashing method is used to password protect Blackberry devices?

Options:

A.

AES

B.

RC5

C.

MD5

D.

SHA-1

Buy Now
Questions 57

What is the first step taken in an investigation for laboratory forensic staff members?

Options:

A.

Packaging the electronic evidence

B.

Securing and evaluating the electronic crime scene

C.

Conducting preliminary interviews

D.

Transporting the electronic evidence

Buy Now
Questions 58

What type of equipment would a forensics investigator store in a StrongHold bag?

Options:

A.

PDAPDA?

B.

Backup tapes

C.

Hard drives

D.

Wireless cards

Buy Now
Questions 59

Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host_id, and local path information?

Options:

A.

host.db

B.

sigstore.db

C.

config.db

D.

filecache.db

Buy Now
Questions 60

If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

Options:

A.

Keep the device powered on

B.

Turn off the device immediately

C.

Remove the battery immediately

D.

Remove any memory cards immediately

Buy Now
Questions 61

While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

Options:

A.

The files have been marked as hidden

B.

The files have been marked for deletion

C.

The files are corrupt and cannot be recovered

D.

The files have been marked as read-only

Buy Now
Questions 62

What is the location of the binary files required for the functioning of the OS in a Linux system?

Options:

A.

/run

B.

/bin

C.

/root

D.

/sbin

Buy Now
Questions 63

Sectors are pie-shaped regions on a hard disk that store data. Which of the following parts of a hard disk do not contribute in determining the addresses of data?

Options:

A.

Sectors

B.

Interface

C.

Cylinder

D.

Heads

Buy Now
Questions 64

What is the CIDR from the following screenshot?

312-49v9 Question 64

Options:

A.

/24A./24A./24

B.

/32 B./32 B./32

C.

/16 C./16 C./16

D.

/8D./8D./8

Buy Now
Questions 65

Which of the following options will help users to enable or disable the last access time on a system running Windows 10 OS?

Options:

A.

wmic service

B.

Reg.exe

C.

fsutil

D.

Devcon

Buy Now
Questions 66

A master boot record (MBR) is the first sector (“sector zero”) of a data storage device. What is the size of MBR?

Options:

A.

Depends on the capacity of the storage device

B.

1048 Bytes

C.

4092 Bytes

D.

512 Bytes

Buy Now
Questions 67

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish?

dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

Options:

A.

Fill the disk with zeros

B.

Low-level format

C.

Fill the disk with 4096 zeros

D.

Copy files from the master disk to the slave disk on the secondary IDE controller

Buy Now
Questions 68

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

Options:

A.

The zombie will not send a response

B.

31402

C.

31399

D.

31401

Buy Now
Questions 69

Kyle is performing the final testing of an application he developed for the accounting department.

His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

#include #include int main(int argc, char

*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; }

strcpy(buffer, argv[1]); return 0; }

Options:

A.

Buffer overflow

B.

SQL injection

C.

Format string bug

D.

Kernal injection

Buy Now
Questions 70

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

Options:

A.

Master Boot Record (MBR)

B.

Master File Table (MFT)

C.

File Allocation Table (FAT)

D.

Disk Operating System (DOS)

Buy Now
Questions 71

You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?

Options:

A.

Packet filtering firewall

B.

Circuit-level proxy firewall

C.

Application-level proxy firewall

D.

Stateful firewall

Buy Now
Questions 72

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation?

Options:

A.

Image the disk and try to recover deleted files

B.

Seek the help of co-workers who are eye-witnesses

C.

Check the Windows registry for connection data (you may or may not recover)

D.

Approach the websites for evidence

Buy Now
Questions 73

Which of the following should a computer forensics lab used for investigations have?

Options:

A.

isolation

B.

restricted access

C.

open access

D.

an entry log

Buy Now
Questions 74

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

Options:

A.

DevScan

B.

Devcon

C.

fsutil

D.

Reg.exe

Buy Now
Questions 75

Tasklist command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following tasklist commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

Options:

A.

tasklist /p

B.

tasklist /v

C.

tasklist /u

D.

tasklist /s

Buy Now
Questions 76

Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from

Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network

vulnerability assessment plan?

Options:

A.

Their first step is to make a hypothesis of what their final findings will be.

B.

Their first step is to create an initial Executive report to show the management team.

C.

Their first step is to analyze the data they have currently gathered from the company or interviews.

D.

Their first step is the acquisition of required documents, reviewing of security policies and compliance.

Buy Now
Questions 77

The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in Linux. Identify the Apache error log from the following logs.

Options:

A.

https://victim.com/scripts/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..% c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+C:\Winnt\system32\Logfiles\W3SVC1

B.

[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test

C.

127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700]"GET /apache_pb.gif HTTP/1.0" 200 2326

D.

127.0.0.1 - - [10/Apr/2007:10:39:11 +0300] ] [error] "GET /apache_pb.gif HTTP/1.0" 200 2326

Buy Now
Questions 78

Which forensic investigation methodology believes that criminals commit crimes solely to benefit their criminal enterprises?

Options:

A.

Scientific Working Group on Digital Evidence

B.

Daubert Standard

C.

Enterprise Theory of Investigation

D.

Fyre Standard

Buy Now
Questions 79

In which registry does the system store the Microsoft security IDs?

Options:

A.

HKEY_CLASSES_ROOT (HKCR)

B.

HKEY_CURRENT_CONFIG (HKCC)

C.

HKEY_CURRENT_USER (HKCU)

D.

HKEY_LOCAL_MACHINE (HKLM)

Buy Now
Questions 80

Which tool allows dumping the contents of process memory without stopping the process?

Options:

A.

psdump.exe

B.

pmdump.exe

C.

processdump.exe

D.

pdump.exe

Buy Now
Questions 81

Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search. link:www.ghttech.net What will this search produce?

Options:

A.

All sites that ghttech.net links to

B.

All sites that link to ghttech.net

C.

All search engines that link to .net domains

D.

Sites that contain the code: link:www.ghttech.net

Buy Now
Questions 82

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

Options:

A.

Ping sweep

B.

Nmap

C.

Netcraft

D.

Dig

Buy Now
Questions 83

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

Options:

A.

Closed

B.

Open

C.

Stealth

D.

Filtered

Buy Now
Questions 84

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

Options:

A.

ICMP header field

B.

TCP header field

C.

IP header field

D.

UDP header field

Buy Now
Questions 85

Which of these Windows utility help you to repair logical file system errors?

Options:

A.

Resource Monitor

B.

Disk cleanup

C.

Disk defragmenter

D.

CHKDSK

Buy Now
Questions 86

As a security analyst, you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?

Options:

A.

The IP address of the employees’ computers

B.

Bank account numbers and the corresponding routing numbers

C.

The employees network usernames and passwords

D.

The MAC address of the employees’ computers

Buy Now
Questions 87

Gill is a computer forensics investigator who has been called upon to examine a seized computer. This computer, according to the police, was used by a hacker who gained access to numerous banking institutions to steal customer information. After preliminary investigations, Gill finds in the computer’s log files that the hacker was able to gain access to these banks through the use of Trojan horses. The hacker then used these Trojan horses to obtain remote access to the companies’ domain controllers. From this point, Gill found that the hacker pulled off the SAM files from the domain controllers to then attempt and crack network passwords. What is the most likely password cracking technique used by this hacker to break the user passwords from the SAM files?

Options:

A.

Syllable attack

B.

Hybrid attack

C.

Brute force attack

D.

Dictionary attack

Buy Now
Questions 88

Which Linux command when executed displays kernel ring buffers or information about device drivers loaded into the kernel?

Options:

A.

pgrep

B.

dmesg

C.

fsck

D.

grep

Buy Now
Exam Code: 312-49v9
Exam Name: Computer Hacking Forensic Investigator (v9)
Last Update: Nov 16, 2024
Questions: 589

PDF + Testing Engine

$56  $159.99

Testing Engine

$42  $119.99
buy now 312-49v9 testing engine

PDF (Q&A)

$35  $99.99
buy now 312-49v9 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 21 Nov 2024