312-49 Online Practice Questions and Answers

You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

A. 0:1000, 150

B. 0:1709, 150

C. 1:1709, 150

D. 0:1709-1858

An Expert witness give an opinion if:

A. The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

B. To define the issues of the case for determination by the finder of fact

C. To stimulate discussion between the consulting expert and the expert witness

D. To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

Why should you never power on a computer that you need to acquire digital evidence from?

A. When the computer boots up, files are written to the computer rendering the data nclean

B. When the computer boots up, the system cache is cleared which could destroy evidence

C. When the computer boots up, data in the memory buffer is cleared which could destroy evidence

D. Powering on a computer has no affect when needing to acquire digital evidence from it

Which of the following are small pieces of data sent from a website and stored on the user's computer by the user's web browser to track, validate, and maintain specific user information?

A. Temporary Files

B. Open files

C. Cookies

D. Web Browser Cache

The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block?

A. 512 bits

B. 512 bytes

C. 256 bits

D. 256 bytes

Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

A. Rule-Based Approach

B. Automated Field Correlation

C. Field-Based Approach

D. Graph-Based Approach

Which of the following tool enables a user to reset his/her lost admin password in a Windows system?

A. Advanced Office Password Recovery

B. Active@ Password Changer

C. Smartkey Password Recovery Bundle Standard

D. Passware Kit Forensic

During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?

A. Coordinated Universal Time

B. Universal Computer Time

C. Universal Time for Computers

D. Correlated Universal Time

An attacker has compromised a cloud environment of a company and used the employee information to perform an identity theft attack. Which type of attack is this?

A. Cloud as a subject

B. Cloud as a tool

C. Cloud as an object

D. Cloud as a service

Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?

A. Model.log

B. Model.txt

C. Model.ldf

D. Model.lgf