312-49v10 Free Practice Test

- (Exam Topic 3)
Examination of a computer by a technically unauthorized person will almost always result in:

1. A. Rendering any evidence found inadmissible in a court of law
2. B. Completely accurate results of the examination
3. C. The chain of custody being fully maintained
4. D. Rendering any evidence found admissible in a court of law

Correct Answer: A

- (Exam Topic 4)
Fill In the missing Master Boot Record component.
* 1. Master boot code
* 2. Partition table
* 3. ___________

1. A. Boot loader
2. B. Signature word
3. C. Volume boot record
4. D. Disk signature

Correct Answer: A

- (Exam Topic 3)
Which among the following tools can help a forensic investigator to access the registry files during postmortem analysis?

1. A. RegistryChangesView
2. B. RegDIIView
3. C. RegRipper
4. D. ProDiscover

Correct Answer: C

- (Exam Topic 4)
Robert needs to copy an OS disk snapshot of a compromised VM to a storage account in different region for further investigation. Which of the following should he use in this scenario?

1. A. Azure CLI
2. B. Azure Monitor
3. C. Azure Active Directory
4. D. Azure Portal

Correct Answer: D

- (Exam Topic 1)
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?

1. A. src port 23 and dst port 23
2. B. udp port 22 and host 172.16.28.1/24
3. C. net port 22
4. D. src port 22 and dst port 22

Correct Answer: D