312-49v10 Free Practice Test

- (Exam Topic 2)
Which of the following Event Correlation Approach checks and compares all the fields systematically and
intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

1. A. Rule-Based Approach
2. B. Automated Field Correlation
3. C. Field-Based Approach
4. D. Graph-Based Approach

Correct Answer: B

- (Exam Topic 1)
In Microsoft file structures, sectors are grouped together to form:

1. A. Clusters
2. B. Drives
3. C. Bitstreams
4. D. Partitions

Correct Answer: A

- (Exam Topic 2)
What stage of the incident handling process involves reporting events?

1. A. Containment
2. B. Follow-up
3. C. Identification
4. D. Recovery

Correct Answer: C

- (Exam Topic 3)
An investigator is analyzing a checkpoint firewall log and comes across symbols. What type of log is he looking at?

1. A. Security event was monitored but not stopped
2. B. Malicious URL detected
3. C. An email marked as potential spam
4. D. Connection rejected

Correct Answer: C

- (Exam Topic 3)
Which of the following is a part of a Solid-State Drive (SSD)?

1. A. Head
2. B. Cylinder
3. C. NAND-based flash memory
4. D. Spindle

Correct Answer: C