[Feb 05, 2024] EC-COUNCIL 312-49v10 Exam Dumps Files, Q1/271: A computer forensics Investigator or forensic analyst Is a specially trained professional who works with

Join the discussion

Question 1/271

A computer forensics Investigator or forensic analyst Is a specially trained professional who works with law enforcement as well as private businesses to retrieve Information from computers and other types of data storage devices. For this, the analyst should have an excellent working knowledge of all aspects of the computer. Which of the following is not a duty of the analyst during a criminal investigation?

A. To recover data from suspect devices

B. To enforce the security of all devices and software in the scene

C. To create an investigation report

D. To fill the chain of custody

Add Comments

Other Question (271q): Q1. A computer forensics Investigator or forensic analyst Is a specially trained professional ...; Q2. Which of these ISO standards define the file system for optical storage media, such as CD-...; Q3. In forensics.______are used lo view stored or deleted data from both files and disk sector...; Q4. Which of the following files stores information about local Dropbox installation and accou...; Q5. James, a forensics specialist, was tasked with investigating a Windows XP machine that was...; Q6. An investigator Is examining a file to identify any potentially malicious content. To avoi...; Q7. In a FAT32 system, a 123 KB file will use how many sectors?...; Q8. This type of testimony is presented by someone who does the actual fieldwork and does not ...; Q9. Assume there Is a file named myflle.txt In C: drive that contains hidden data streams. Whi...; Q10. Davidson Trucking is a small transportation company that has three local offices in Detroi...; Q11. Amber, a black hat hacker, has embedded a malware into a small enticing advertisement and ...; Q12. You are an information security analyst at a large pharmaceutical company. While performin...; Q13. An Investigator Is checking a Cisco firewall log that reads as follows: Aug 21 2019 09:16:...; Q14. What does the part of the log, "% SEC-6-IPACCESSLOGP", extracted from a Cisco router repre...; Q15. Self-Monitoring, Analysis, and Reporting Technology (SMART) is built into the hard drives ...; Q16. You have compromised a lower-level administrator account on an Active Directory network of...; Q17. Select the tool appropriate for finding the dynamically linked lists of an application or ...; Q18. In a forensic examination of hard drives for digital evidence, what type of user is most l...; Q19. While searching through a computer under investigation, you discover numerous files that a...; Q20. Richard is extracting volatile data from a system and uses the command doskey/history. Wha...; Q21. What is the CIDR from the following screenshot? (Exhibit)...; Q22. In which registry does the system store the Microsoft security IDs?...; Q23. What will the following command accomplish? dd if=/dev/xxx of=mbr.backup bs=512 count=1...; Q24. Which layer of iOS architecture should a forensics investigator evaluate to analyze servic...; Q25. With the standard Linux second extended file system (Ext2fs), a file is deleted when the i...; Q26. SO/IEC 17025 is an accreditation for which of the following:...; Q27. Which Event Correlation approach assumes and predicts what an attacker can do next after t...; Q28. What operating system would respond to the following command?...; Q29. Why are Linux/Unix based computers better to use than Windows computers for idle scanning?...; Q30. Which command can provide the investigators with details of all the loaded modules on a Li...; Q31. When reviewing web logs, you see an entry for resource not found in the HTTP status code f...; Q32. Data density of a disk drive is calculated by using_______...; Q33. The objective of this act was to protect consumers' personal financial information held by...; Q34. What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1...; Q35. William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "...; Q36. You are a security analyst performing reconnaissance on a company you will be carrying out...; Q37. When making the preliminary investigations in a sexual harassment case, how many investiga...; Q38. Which of the following Ii considered as the starting point of a database and stores user d...; Q39. Andie, a network administrator, suspects unusual network services running on a windows sys...; Q40. ____________________ is simply the application of Computer Investigation and analysis tech...; Q41. In which cloud crime do attackers try to compromise the security of the cloud environment ...; Q42. What technique is used by JPEGs for compression?...; Q43. Which of the following Linux command searches through the current processes and lists the ...; Q44. Windows identifies which application to open a file with by examining which of the followi...; Q45. Which of the following commands shows you all of the network services running on Windows-b...; Q46. Which of the following is a list of recently used programs or opened files?...; Q47. Charles has accidentally deleted an important file while working on his Mac computer. He w...; Q48. John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizin...; Q49. Chloe is a forensic examiner who is currently cracking hashed passwords for a crucial miss...; Q50. Report writing is a crucial stage in the outcome of an investigation. Which information sh...; Q51. During an investigation, an employee was found to have deleted harassing emails that were ...; Q52. You are the network administrator for a small bank in Dallas, Texas. To ensure network sec...; Q53. What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?...; Q54. When obtaining a warrant, it is important to:; Q55. When marking evidence that has been collected with the "aaa/ddmmyy/nnnn/zz" format, what d...; Q56. James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECH...; Q57. The following is a log file screenshot from a default installation of IIS 6.0. (Exhibit) W...; Q58. Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The comp...; Q59. The surface of a hard disk consists of several concentric rings known as tracks; each of t...; Q60. To make sure the evidence you recover and analyze with computer forensics software can be ...; Q61. If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, ...; Q62. Which of the following technique creates a replica of an evidence media?...; Q63. Which of the following acts as a network intrusion detection system as well as network int...; Q64. What type of flash memory card comes in either Type I or Type II and consumes only five pe...; Q65. Which of the following Perl scripts will help an investigator to access the executable ima...; Q66. Which of the following reports are delivered under oath to a board of directors/managers/p...; Q67. Cybercriminals sometimes use compromised computers to commit other crimes, which may invol...; Q68. What is considered a grant of a property right given to an individual who discovers or inv...; Q69. Place the following In order of volatility from most volatile to the least volatile....; Q70. You work as an IT security auditor hired by a law firm in Boston to test whether you can g...; Q71. You have used a newly released forensic investigation tool, which doesn't meet the Daubert...; Q72. Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Un...; Q73. Why should you note all cable connections for a computer you want to seize as evidence?...; Q74. After suspecting a change in MS-Exchange Server storage archive, the investigator has anal...; Q75. A packet is sent to a router that does not have the packet destination address in its rout...; Q76. You are contracted to work as a computer forensics investigator for a regional bank that h...; Q77. Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database serve...; Q78. In conducting a computer abuse investigation you become aware that the suspect of the inve...; Q79. A breach resulted from a malware attack that evaded detection and compromised the machine ...; Q80. What feature of Windows is the following command trying to utilize? (Exhibit)...; Q81. The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Sn...; Q82. When investigating a computer forensics case where Microsoft Exchange and Blackberry Enter...; Q83. The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Sh...; Q84. An investigator wants to extract passwords from SAM and System Files. Which tool can the I...; Q85. Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following...; Q86. The ____________________ refers to handing over the results of private investigations to t...; Q87. A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below ...; Q88. How many sectors will a 125 KB file use in a FAT32 file system?...; Q89. Robert is a regional manager working in a reputed organization. One day, he suspected malw...; Q90. "To ensure that the digital evidence is collected, preserved, examined, or transferred In ...; Q91. What type of analysis helps to identify the time and sequence of events in an investigatio...; Q92. Steven has been given the task of designing a computer forensics lab for the company he wo...; Q93. During the course of an investigation, you locate evidence that may prove the innocence of...; Q94. Which of the following is NOT a part of pre-investigation phase?...; Q95. What is the following command trying to accomplish?...; Q96. Which of the following processes is part of the dynamic malware analysis?...; Q97. Your company's network just finished going through a SAS 70 audit. This audit reported tha...; Q98. What is the first step taken in an investigation for laboratory forensic staff members?...; Q99. When using Windows acquisitions tools to acquire digital evidence, it is important to use ...; Q100. Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, a...; Q101. What does Locard's Exchange Principle state?; Q102. What header field in the TCP/IP protocol stack involves the hacker exploit known as the Pi...; Q103. Profiling is a forensics technique for analyzing evidence with the goal of identifying the...; Q104. To which phase of the Computer Forensics Investigation Process does the Planning and Budge...; Q105. Lance wants to place a honeypot on his network. Which of the following would be your recom...; Q106. Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC ...; Q107. How many characters long is the fixed-length MD5 algorithm checksum of a critical system f...; Q108. To check for POP3 traffic using Ethereal, what port should an investigator search by?...; Q109. Where should the investigator look for the Edge browser's browsing records, including hist...; Q110. Cybercriminals sometimes use compromised computers to commit other crimes, which may invol...; Q111. Jack Smith is a forensics investigator who works for Mason Computer Investigation Services...; Q112. Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?...; Q113. In which loT attack does the attacker use multiple forged identities to create a strong il...; Q114. Which tool allows dumping the contents of process memory without stopping the process?...; Q115. Bob has encountered a system crash and has lost vital data stored on the hard drive of his...; Q116. How will you categorize a cybercrime that took place within a CSP's cloud environment?...; Q117. If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investig...; Q118. Which code does the FAT file system use to mark the file as deleted?...; Q119. Which of the following options will help users to enable or disable the last access time o...; Q120. The working of the Tor browser is based on which of the following concepts?...; Q121. Which of the following tools is used to dump the memory of a running process, either immed...; Q122. Fred, a cybercrime Investigator for the FBI, finished storing a solid-state drive In a sta...; Q123. Which of the following techniques delete the files permanently?...; Q124. A state department site was recently attacked and all the servers had their disks erased. ...; Q125. Which of the following statements pertaining to First Response is true?...; Q126. According to RFC 3227, which of the following is considered as the most volatile item on a...; Q127. A(n) _____________________ is one that's performed by a computer program rather than the a...; Q128. Where are files temporarily written in Unix when printing?...; Q129. What will the following command accomplish in Linux? fdisk /dev/hda...; Q130. Billy, a computer forensics expert, has recovered a large number of DBX files during the f...; Q131. An attacker successfully gained access to a remote Windows system and plans to install per...; Q132. You are called in to assist the police in an investigation involving a suspected drug deal...; Q133. An on-site incident response team is called to investigate an alleged case of computer tam...; Q134. James, a forensics specialist, was tasked with investigating a Windows XP machine that was...; Q135. Frank, a cloud administrator in his company, needs to take backup of the OS disks of two A...; Q136. %3cscript%3ealert("XXXXXXXX")%3c/script%3e is a script obtained from a Cross-Site Scriptin...; Q137. Mark works for a government agency as a cyber-forensic investigator. He has been given the...; Q138. You are carrying out the last round of testing for your new website before it goes live. T...; Q139. > NMAP -sn 192.168.11.200-215 The NMAP command above performs which of the following?...; Q140. Terri works for a security consulting firm that is currently performing a penetration test...; Q141. What type of file is represented by a colon (:) with a name following it in the Master Fil...; Q142. You are a forensic investigator who is analyzing a hard drive that was recently collected ...; Q143. Which of the following files store the MySQL database data permanently, including the data...; Q144. Which of the following is found within the unique instance ID key and helps investigators ...; Q145. Which one of the following is not a first response procedure?...; Q146. Which legal document allows law enforcement to search an office, place of business, or oth...; Q147. Smith, an employee of a reputed forensic investigation firm, has been hired by a private o...; Q148. What type of attack occurs when an attacker can force a router to stop forwarding packets ...; Q149. Which command line tool is used to determine active network connections?...; Q150. On an Active Directory network using NTLM authentication, where on the domain controllers ...; Q151. When a router receives an update for its routing table, what is the metric value change to...; Q152. Which of the following statements is incorrect when preserving digital evidence?...; Q153. Depending upon the jurisdictional areas, different laws apply to different incidents. Whic...; Q154. Jim performed a vulnerability analysis on his network and found no potential problems. He ...; Q155. Which of the following files stores information about a local Google Drive installation su...; Q156. You are a security analyst performing a penetration tests for a company in the Midwest. Af...; Q157. A picture file is recovered from a computer under investigation. During the investigation ...; Q158. What does the 56.58.152.114(445) denote in a Cisco router log? Jun 19 23:25:46.125 EST: %S...; Q159. Jason has set up a honeypot environment by creating a DMZ that has no physical or logical ...; Q160. Which is a standard procedure to perform during all computer forensics investigations?...; Q161. UEFI is a specification that defines a software interface between an OS and platform firmw...; Q162. Sally accessed the computer system that holds trade secrets of the company where she Is em...; Q163. In Java, when multiple applications are launched, multiple Dalvik Virtual Machine instance...; Q164. Where does Encase search to recover NTFS files and folders?...; Q165. The rule of thumb when shutting down a system is to pull the power plug. However, it has c...; Q166. Which of the following tool is used to locate IP addresses?...; Q167. What must an attorney do first before you are called to testify as an expert?...; Q168. What is the target host IP in the following command?...; Q169. Which of the following malware targets Android mobile devices and installs a backdoor that...; Q170. Annie is searching for certain deleted files on a system running Windows XP OS. Where will...; Q171. What stage of the incident handling process involves reporting events?...; Q172. A forensic examiner is examining a Windows system seized from a crime scene. During the ex...; Q173. What does 254 represent in ICCID 89254021520014515744?...; Q174. Which of the following malware targets Android mobile devices and installs a backdoor that...; Q175. companyXYZ has asked you to assess the security of their perimeter email gateway. From you...; Q176. What method would be most efficient for you to acquire digital evidence from this network?...; Q177. Travis, a computer forensics investigator, is finishing up a case he has been working on f...; Q178. Who is responsible for the following tasks?; Q179. A computer forensics Investigator or forensic analyst Is a specially trained professional ...; Q180. What does ICMP Type 3/Code 13 mean?; Q181. Gary is checking for the devices connected to USB ports of a suspect system during an inve...; Q182. Which part of the Windows Registry contains the user's password file?...; Q183. What is the framework used for application development for iOS-based mobile devices?...; Q184. Buffer overflow vulnerability of a web application occurs when it fails to guard its buffe...; Q185. Which program uses different techniques to conceal a malware's code, thereby making it dif...; Q186. Which of the following should a computer forensics lab used for investigations have?...; Q187. Cloud forensic investigations impose challenges related to multi-jurisdiction and multi-te...; Q188. As a security analyst, you setup a false survey website that will require users to create ...; Q189. Which forensic investigating concept trails the whole incident from how the attack began t...; Q190. Which MySQL log file contains information on server start and stop?...; Q191. After undergoing an external IT audit, George realizes his network is vulnerable to DDoS a...; Q192. James is dealing with a case regarding a cybercrime that has taken place in Arizona, USA. ...; Q193. Which of the following tool creates a bit-by-bit image of an evidence media?...; Q194. In which implementation of RAID will the image of a Hardware RAID volume be different from...; Q195. Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM ...; Q196. Simona has written a regular expression for the detection of web application-specific atta...; Q197. One technique for hiding information is to change the file extension from the correct one ...; Q198. You are the incident response manager at a regional bank. While performing routine auditin...; Q199. Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wa...; Q200. An Investigator Is checking a Cisco firewall log that reads as follows: Aug 21 2019 09:16:...; Q201. While presenting his case to the court, Simon calls many witnesses to the stand to testify...; Q202. NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it st...; Q203. Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and...; Q204. During an investigation, Noel found the following SIM card from the suspect's mobile. What...; Q205. Before accessing digital evidence from victims, witnesses, or suspects, on their electroni...; Q206. You are employed directly by an attorney to help investigate an alleged sexual harassment ...; Q207. What must an investigator do before disconnecting an iPod from any type of computer?...; Q208. What must be obtained before an investigation is carried out at a location?...; Q209. Which among the following search warrants allows the first responder to get the victim's c...; Q210. Smith, a network administrator with a large MNC, was the first to arrive at a suspected cr...; Q211. What feature of Decryption Collection allows an investigator to crack a password as quickl...; Q212. While working for a prosecutor, what do you think you should do if the evidence you found ...; Q213. Event correlation is the process of finding relevance between the events that produce a fi...; Q214. Which of the following is a part of a Solid-State Drive (SSD)?...; Q215. While collecting Active Transaction Logs using SQL Server Management Studio, the query Sel...; Q216. What do you call the process of studying the changes that have taken place across a system...; Q217. On NTFS file system, which of the following tools can a forensic Investigator use In order...; Q218. When installed on a Windows machine, which port does the Tor browser use to establish a ne...; Q219. If a PDA is seized in an investigation while the device is turned on, what would be the pr...; Q220. Which of the following attack uses HTML tags like <script></script>?...; Q221. ______allows a forensic investigator to identify the missing links during investigation....; Q222. Watson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format....; Q223. Paraben Lockdown device uses which operating system to write hard drive data?...; Q224. Brian has the job of analyzing malware for a software security company. Brian has setup a ...; Q225. An investigator has found certain details after analysis of a mobile device. What can reve...; Q226. Which network attack is described by the following statement? "At least five Russian major...; Q227. When a file is deleted by Windows Explorer or through the MS-DOS delete command, the opera...; Q228. Which of the following tool can the investigator use to analyze the network to detect Troj...; Q229. To reach a bank web site, the traffic from workstations must pass through a firewall. You ...; Q230. In a computer forensics investigation, what describes the route that evidence takes from t...; Q231. Which of the following is a tool to reset Windows admin password?...; Q232. An "idle" system is also referred to as what?; Q233. Which of the following refers to the process of the witness being questioned by the attorn...; Q234. Which OWASP loT vulnerability talks about security flaws such as lack of firmware validati...; Q235. You are assigned to work in the computer forensics lab of a state police agency. While wor...; Q236. Kyle is performing the final testing of an application he developed for the accounting dep...; Q237. During the course of a corporate investigation, you find that an Employee is committing a ...; Q238. Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his C...; Q239. You are working as a Computer forensics investigator for a corporation on a computer abuse...; Q240. What will the following command produce on a website login page? SELECT email, passwd, log...; Q241. What binary coding is used most often for e-mail purposes?...; Q242. When monitoring for both intrusion and security events between multiple computers, it is e...; Q243. What does the acronym POST mean as it relates to a PC?...; Q244. Joshua is analyzing an MSSQL database for finding the attack evidence and other details, w...; Q245. When analyzing logs, it is important that the clocks of all the network devices are synchr...; Q246. Which cloud model allows an investigator to acquire the instance of a virtual machine and ...; Q247. Area density refers to:; Q248. Harold is a web designer who has completed a website for ghttech.net. As part of the maint...; Q249. Which of the following Event Correlation Approach checks and compares all the fields syste...; Q250. Place the following In order of volatility from most volatile to the least volatile....; Q251. Identify the location of Recycle Bin on a Windows 7 machine that uses NTFS file system to ...; Q252. When carrying out a forensics investigation, why should you never delete a partition on a ...; Q253. Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of ...; Q254. You are working in the security Department of law firm. One of the attorneys asks you abou...; Q255. George is the network administrator of a large Internet company on the west coast. Per cor...; Q256. At what layer does a cross site scripting attack occur on?...; Q257. Which of the following is a non-zero data that an application allocates on a hard disk clu...; Q258. What encryption technology is used on Blackberry devices Password Keeper?...; Q259. Which of the following commands shows you the username and IP address used to access the s...; Q260. What is the investigator trying to view by issuing the command displayed in the following ...; Q261. Jonathan is a network administrator who is currently testing the internal security of his ...; Q262. Which among the following search warrants allows the first responder to search and seize t...; Q263. Bob works as information security analyst for a big finance company. One day, the anomaly-...; Q264. Ivanovich, a forensics investigator, is trying to extract complete information about runni...; Q265. What information do you need to recover when searching a victim's computer for a crime com...; Q266. Which of the following file system uses Master File Table (MFT) database to store informat...; Q267. Consider a scenario where the perpetrator of a dark web crime has unlnstalled Tor browser ...; Q268. Harold is a computer forensics investigator working for a consulting firm out of Atlanta G...; Q269. Hard disk data addressing is a method of allotting addresses to each _______ of data on a ...; Q270. What is one method of bypassing a system BIOS password?...; Q271. Which of the following tool captures and allows you to interactively browse the traffic on...

Join the discussion

Question 1/271

Add Comments

Download PDF File