November/2022 Latest Braindump2go 312-49v10 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 312-49v10 Real Exam Questions!
Which OWASP loT vulnerability talks about security flaws such as lack of firmware validation, lack of secure delivery, and lack of anti-rollback mechanisms on loT devices?
A. Lack of secure update mechanism
B. Use of insecure or outdated components
C. Insecure default settings
D. Insecure data transfer and storage
Assume there Is a file named myflle.txt In C: drive that contains hidden data streams.
Which of the following commands would you Issue to display the contents of a data stream?
A. echo text > program: source_file
B. myfile.dat: st ream 1
C. C:\MORE < myfile.txt:siream1
D. C:\>ECHO text_message > myfile.txt:stream1
Adam Is thinking of establishing a hospital In the US and approaches John, a software developer to build a site and host it for him on one of the servers, which would be used to store patient health records. He has learned from his legal advisors that he needs to have the server’s log data reviewed and managed according to certain standards and regulations. Which of the following regulations are the legal advisors referring to?
A. Data Protection Act of 2018
B. Payment Card Industry Data Security Standard (PCI DSS)
C. Electronic Communications Privacy Act
D. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
In a Fllesystem Hierarchy Standard (FHS), which of the following directories contains the binary files required for working?
Harry has collected a suspicious executable file from an infected system and seeks to reverse its machine code to Instructions written in assembly language. Which tool should he use for this purpose?
A forensic examiner encounters a computer with a failed OS installation and the master boot record (MBR) or partition sector damaged. Which of the following tools can find and restore files and Information In the disk?
In Java, when multiple applications are launched, multiple Dalvik Virtual Machine instances occur that consume memory and time. To avoid that. Android Implements a process that enables low memory consumption and quick start-up time. What is the process called?
B. Media server
“In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to explain his/her actions and the impact of those actions on the evidence, in the court.”
Which ACPO principle states this?
A. Principle 1
B. Principle 3
C. Principle 4
D. Principle 2
______allows a forensic investigator to identify the missing links during investigation.
A. Evidence preservation
B. Chain of custody
C. Evidence reconstruction
D. Exhibit numbering
An investigator needs to perform data acquisition from a storage media without altering its contents to maintain the Integrity of the content. The approach adopted by the Investigator relies upon the capacity of enabling read-only access to the storage media. Which tool should the Investigator Integrate Into his/her procedures to accomplish this task?
B. Data duplication tool
C. Backup tool
D. Write blocker
During an Investigation. Noel found a SIM card from the suspect’s mobile. The ICCID on the card is 8944245252001451548.
What does the first four digits (89 and 44) In the ICCID represent?
A. TAC and industry identifier
B. Country code and industry identifier
C. Industry identifier and country code
D. Issuer identifier number and TAC
Which following forensic tool allows investigator to detect and extract hidden streams on NTFS drive?
A. Stream Detector
Cybercriminals sometimes use compromised computers to commit other crimes, which may involve using computers or networks to spread malware or Illegal Information. Which type of cybercrime stops users from using a device or network, or prevents a company from providing a software service to its customers?
A. Denial-of-Service (DoS) attack
B. Malware attack
C. Ransomware attack
When installed on a Windows machine, which port does the Tor browser use to establish a network connection via Tor nodes?
An investigator wants to extract passwords from SAM and System Files. Which tool can the Investigator use to obtain a list of users, passwords, and their hashes In this case?
William is examining a log entry that reads 192.168.0.1 – – [18/Jan/2020:12:42:29 +0000) “GET / HTTP/1.1” 200 1861.
Which of the following logs does the log entry belong to?
A. The combined log format of Apache access log
B. The common log format of Apache access log
C. Apache error log
D. IIS log
What happens lo the header of the file once It Is deleted from the Windows OS file systems?
A. The OS replaces the first letter of a deleted file name with a hex byte code: E5h
B. The OS replaces the entire hex byte coding of the file.
C. The hex byte coding of the file remains the same, but the file location differs
D. The OS replaces the second letter of a deleted file name with a hex byte code: Eh5
Sally accessed the computer system that holds trade secrets of the company where she Is employed. She knows she accessed It without authorization and all access (authorized and unauthorized) to this computer Is monitored. To cover her tracks. Sally deleted the log entries on this computer. What among the following best describes her action?
A. Password sniffing
C. Brute-force attack
D. Network intrusion
Fred, a cybercrime Investigator for the FBI, finished storing a solid-state drive In a static resistant bag and filled out the chain of custody form. Two days later. John grabbed the solid-state drive and created a clone of It (with write blockers enabled) In order to Investigate the drive. He did not document the chain of custody though. When John was finished, he put the solid-state drive back in the static resistant and placed it back in the evidence locker. A day later, the court trial began and upon presenting the evidence and the supporting documents, the chief Justice outright rejected them. Which of the following statements strongly support the reason for rejecting the evidence?
A. Block clones cannot be created with solid-state drives
B. Write blockers were used while cloning the evidence
C. John did not document the chain of custody
D. John investigated the clone instead of the original evidence itself
Jack is reviewing file headers to verify the file format and hopefully find more Information of the file. After a careful review of the data chunks through a hex editor; Jack finds the binary value Oxffd8ff. Based on the above Information, what type of format is the file/image saved as?
Brian has the job of analyzing malware for a software security company. Brian has setup a virtual environment that includes virtual machines running various versions of OSes. Additionally, Brian has setup separated virtual networks within this environment The virtual environment does not connect to the company’s intranet nor does it connect to the external Internet. With everything setup, Brian now received an executable file from client that has undergone a cyberattack. Brian ran the executable file In the virtual environment to see what it would do. What type of analysis did Brian perform?
A. Static malware analysis
B. Status malware analysis
C. Dynamic malware analysis
D. Static OS analysis
When Investigating a system, the forensics analyst discovers that malicious scripts were Injected Into benign and trusted websites. The attacker used a web application to send malicious code. In the form of a browser side script, to a different end-user. What attack was performed here?
A. Brute-force attack
B. Cookie poisoning attack
C. Cross-site scripting attack
D. SQL injection attack
A file requires 10 KB space to be saved on a hard disk partition. An entire cluster of 32 KB has been allocated for this file. The remaining, unused space of 22 KB on this cluster will be Identified as______.
A. Swap space
B. Cluster space
C. Slack space
D. Sector space
Which of the following tools will allow a forensic Investigator to acquire the memory dump of a suspect machine so that It may be Investigated on a forensic workstation to collect evidentiary data like processes and Tor browser artifacts?
A. DB Browser SQLite
B. Bulk Extractor
C. Belkasoft Live RAM Capturer and AccessData FTK imager
D. Hex Editor
Which of the following statements pertaining to First Response is true?
A. First Response is a part of the investigation phase
B. First Response is a part of the post-investigation phase
C. First Response is a part of the pre-investigation phase
D. First Response is neither a part of pre-investigation phase nor a part of investigation phase. It only involves attending to a crime scene first and taking measures that assist forensic investigators in executing their tasks in the investigation phase more efficiently
Consider a scenario where the perpetrator of a dark web crime has unlnstalled Tor browser from their computer after committing the crime. The computer has been seized by law enforcement so they can Investigate It for artifacts of Tor browser usage. Which of the following should the Investigators examine to establish the use of Tor browser on the suspect machine?
A. Swap files
B. Files in Recycle Bin
C. Security logs
D. Prefetch files
A cybercriminal is attempting to remove evidence from a Windows computer. He deletes the file evldence1.doc. sending it to Windows Recycle Bin. The cybercriminal then empties the Recycle Bin. After having been removed from the Recycle Bin. What will happen to the data?
A. The data will remain in its original clusters until it is overwritten
B. The data will be moved to new clusters in unallocated space
C. The data will become corrupted, making it unrecoverable
D. The data will be overwritten with zeroes
Jeff is a forensics investigator for a government agency’s cyber security office. Jeff Is tasked with acquiring a memory dump of a Windows 10 computer that was involved In a DDoS attack on the government agency’s web application. Jeff is onsite to collect the memory. What tool could Jeff use?
C. RAM Mapper
Derrick, a forensic specialist, was investigating an active computer that was executing various processes. Derrick wanted to check whether this system was used In an Incident that occurred earlier. He started Inspecting and gathering the contents of RAM, cache, and DLLs to Identify Incident signatures. Identify the data acquisition method employed by Derrick in the above scenario.
A. Dead data acquisition
B. Static data acquisition
C. Non-volatile data acquisition
D. Live data acquisition
In forensics.______are used lo view stored or deleted data from both files and disk sectors.
A. Hash algorithms
B. SI EM tools
C. Host interfaces
D. Hex editors
Which of the following methods of mobile device data acquisition captures all the data present on the device, as well as all deleted data and access to unallocated space?
A. Manual acquisition
B. Logical acquisition
C. Direct acquisition
D. Physical acquisition
Which Federal Rule of Evidence speaks about the Hearsay exception where the availability of the declarant Is immaterial and certain characteristics of the declarant such as present sense Impression, excited utterance, and recorded recollection are also observed while giving their testimony?
A. Rule 801
B. Rule 802
C. Rule 804
D. Rule 803
What command-line tool enables forensic Investigator to establish communication between an Android device and a forensic workstation in order to perform data acquisition from the device?
A. APK Analyzer
B. SDK Manager
C. Android Debug Bridge
An Investigator Is checking a Cisco firewall log that reads as follows:
Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to 10.0.0.33 on Interface outside
What does %ASA-1-106021 denote?
A. Mnemonic message
B. Type of traffic
C. Firewall action
D. Type of request
A breach resulted from a malware attack that evaded detection and compromised the machine memory without installing any software or accessing the hard drive. What technique did the adversaries use to deliver the attack?
Ronald, a forensic investigator, has been hired by a financial services organization to Investigate an attack on their MySQL database server, which Is hosted on a Windows machine named WIN- DTRAI83202X. Ronald wants to retrieve information on the changes that have been made to the database. Which of the following files should Ronald examine for this task?
Debbie has obtained a warrant to search a known pedophiles house. Debbie went to the house and executed the search warrant to seize digital devices that have been recorded as being used for downloading Illicit Images. She seized all digital devices except a digital camera.
Why did she not collect the digital camera?
A. The digital camera was not listed as one of the digital devices in the warrant
B. The vehicle Debbie was using to transport the evidence was already full and could not carry more items
C. Debbie overlooked the digital camera because it is not a computer system
D. The digital camera was old. had a cracked screen, and did not have batteries. Therefore, it could not have been used in a crime.
Place the following In order of volatility from most volatile to the least volatile.
A. Registers and cache, routing tables, temporary file systems, disk storage, archival media
B. Register and cache, temporary file systems, routing tables, disk storage, archival media
C. Registers and cache, routing tables, temporary file systems, archival media, disk storage
D. Archival media, temporary file systems, disk storage, archival media, register and cache
Fill In the missing Master Boot Record component.
1. Master boot code
2. Partition table
A. Boot loader
B. Signature word
C. Volume boot record
D. Disk signature
Which of the following attacks refers to unintentional download of malicious software via the Internet? Here, an attacker exploits flaws in browser software to install malware merely by the user visiting the malicious website.
B. Internet relay chats
C. Drive-by downloads
“To ensure that the digital evidence is collected, preserved, examined, or transferred In a manner safeguarding the accuracy and reliability of the evidence, law enforcement, and forensics organizations must establish and maintain an effective quality system” Is a principle established by:
James, a forensics specialist, was tasked with investigating a Windows XP machine that was used for malicious online activities. During the Investigation, he recovered certain deleted files from Recycle Bin to Identify attack clues.
Identify the location of Recycle Bin in Windows XP system.
B. Iocal/sha re/Trash
Recently, an Internal web app that a government agency utilizes has become unresponsive, Betty, a network engineer for the government agency, has been tasked to determine the cause of the web application’s unresponsiveness. Betty launches Wlreshark and begins capturing the traffic on the local network. While analyzing the results, Betty noticed that a syn flood attack was underway. How did Betty know a syn flood attack was occurring?
A. Wireshark capture shows multiple ACK requests and SYN responses from single/multiple IP address(es)
B. Wireshark capture does not show anything unusual and the issue is related to the web application
C. Wireshark capture shows multiple SYN requests and RST responses from single/multiple IP address(es)
D. Wireshark capture shows multiple SYN requests and ACK responses from single/multiple IP address(es)
During an Investigation, the first responders stored mobile devices In specific containers to provide network Isolation. All the following are examples of such pieces of equipment, except for:
A. Wireless StrongHold bag
C. Faraday bag
D. RF shield box
Maria has executed a suspicious executable file In a controlled environment and wants to see if the file adds/modifies any registry value after execution via Windows Event Viewer. Which of the following event ID should she look for In this scenario?
A. Event ID 4657
B. Event ID 4624
C. Event ID 4688
D. Event ID 7040
SO/IEC 17025 is an accreditation for which of the following:
A. CHFI issuing agency
C. Forensics lab licensing
D. Chain of custody
Edgar is part of the FBI’s forensic media and malware analysis team; he Is analyzing a current malware and Is conducting a thorough examination of the suspect system, network, and other connected devices. Edgar’s approach Is to execute the malware code to know how It Interacts with the host system and Its Impacts on It. He is also using a virtual machine and a sandbox environment.
What type of malware analysis is Edgar performing?
A. Malware disassembly
B. VirusTotal analysis
C. Static analysis
D. Dynamic malware analysis/behavioral analysis
A computer forensics Investigator or forensic analyst Is a specially trained professional who works with law enforcement as well as private businesses to retrieve Information from computers and other types of data storage devices. For this, the analyst should have an excellent working knowledge of all aspects of the computer. Which of the following is not a duty of the analyst during a criminal investigation?
A. To create an investigation report
B. To fill the chain of custody
C. To recover data from suspect devices
D. To enforce the security of all devices and software in the scene
This law sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
A. The CAN-SPAM act
B. Federal Spam act
C. Telemarketing act
D. European Anti-Spam act
A clothing company has recently deployed a website on Its latest product line to Increase Its conversion rate and base of customers. Andrew, the network administrator recently appointed by the company, has been assigned with the task of protecting the website from Intrusion and vulnerabilities. Which of the following tool should Andrew consider deploying in this scenario?
A forensic analyst has been tasked with investigating unusual network activity Inside a retail company’s network. Employees complain of not being able to access services, frequent rebooting, and anomalies In log files. The Investigator requested log files from the IT administrator and after carefully reviewing them, he finds the following log entry:
What type of attack was performed on the companies’ web application?
A. Directory transversal
B. Unvalidated input
C. Log tampering
D. SQL injection
On NTFS file system, which of the following tools can a forensic Investigator use In order to identify timestomping of evidence files?
Rule 1002 of Federal Rules of Evidence (US) talks about_____
A. Admissibility of original
B. Admissibility of duplicates
C. Requirement of original
D. Admissibility of other evidence of contents
Which of the following Ii considered as the starting point of a database and stores user data and database objects in an MS SQL server?
B. Application data files (ADF)
C. Transaction log data files (LDF)
D. Primary data files (MDF)
Which of the following statements is true with respect to SSDs (solid-state drives)?
A. Like HDDs. SSDs also have moving parts
B. SSDs cannot store non-volatile data
C. SSDs contain tracks, clusters, and sectors to store data
D. Faster data access, lower power usage, and higher reliability are some of the m<ijor advantages of SSDs over HDDs
To understand the impact of a malicious program after the booting process and to collect recent information from the disk partition, an Investigator should evaluate the content of the:
During a forensic investigation, a large number of files were collected. The investigator needs to evaluate ownership and accountability of those files. Therefore, he begins to Identify attributes such as “author name,” “organization name.” “network name,” or any additional supporting data that is meant for the owner’s Identification purpose. Which term describes these attributes?
A. Data header
B. Data index
The working of the Tor browser is based on which of the following concepts?
A. Both static and default routing
B. Default routing
C. Static routing
D. Onion routing
An EC2 instance storing critical data of a company got infected with malware. The forensics team took the EBS volume snapshot of the affected Instance to perform further analysis and collected other data of evidentiary value. What should be their next step?
A. They should pause the running instance
B. They should keep the instance running as it stores critical data
C. They should terminate all instances connected via the same VPC
D. They should terminate the instance after taking necessary backup
You are an information security analyst at a large pharmaceutical company. While performing a routine review of audit logs, you have noticed a significant amount of egress traffic to various IP addresses on destination port 22 during off-peak hours. You researched some of the IP addresses and found that many of them are in Eastern Europe. What is the most likely cause of this traffic?
A. Malicious software on internal system is downloading research data from partner 5FTP servers in Eastern Europe
B. Internal systems are downloading automatic Windows updates
C. Data is being exfiltrated by an advanced persistent threat (APT)
D. The organization’s primary internal DNS server has been compromised and is performing DNS zone transfers to malicious external entities
Choose the layer in iOS architecture that provides frameworks for iOS app development?
A. Media services
B. Cocoa Touch
C. Core services
D. Core OS
Data density of a disk drive is calculated by using_______
A. Slack space, bit density, and slack density.
B. Track space, bit area, and slack space.
C. Track density, areal density, and slack density.
D. Track density, areal density, and bit density.
Web browsers can store relevant information from user activities. Forensic investigators may retrieve files, lists, access history, cookies, among other digital footprints. Which tool can contribute to this task?
A. Most Recently Used (MRU) list
C. Google Chrome Recovery Utility
D. Task Manager
For the purpose of preserving the evidentiary chain of custody, which of the following labels is not appropriate?
A. Relevant circumstances surrounding the collection
B. General description of the evidence
C. Exact location the evidence was collected from
D. SSN of the person collecting the evidence
This is a statement, other than one made by the declarant while testifying at the trial or hearing, offered in evidence to prove the truth of the matter asserted. Which among the following is suitable for the above statement?
A. Testimony by the accused
B. Limited admissibility
C. Hearsay rule
D. Rule 1001
The information security manager at a national legal firm has received several alerts from the intrusion detection system that a known attack signature was detected against the organization’s file server. What should the information security manager do first?
A. Report the incident to senior management
B. Update the anti-virus definitions on the file server
C. Disconnect the file server from the network
D. Manually investigate to verify that an incident has occurred
Which of the following is the most effective tool for acquiring volatile data from a Windows-based system?
1.2022 Latest Braindump2go 312-49v10 Exam Dumps (PDF & VCE) Free Share:
2.2022 Latest Braindump2go 312-49v10 PDF and 312-49v10 VCE Dumps Free Share:
3.2021 Free Braindump2go 312-49v10 Exam Questions Download:
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!