312-49v10 Free Practice Test

- (Exam Topic 2)
A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

1. A. Searching for evidence themselves would not have any ill effects
2. B. Searching could possibly crash the machine or device
3. C. Searching creates cache files, which would hinder the investigation
4. D. Searching can change date/time stamps

Correct Answer: D

- (Exam Topic 2)
Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

1. A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
2. B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProfileList
3. C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegList
4. D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Regedit

Correct Answer: A

- (Exam Topic 1)
What happens when a file is deleted by a Microsoft operating system using the FAT file system?

1. A. only the reference to the file is removed from the FAT
2. B. the file is erased and cannot be recovered
3. C. a copy of the file is stored and the original file is erased
4. D. the file is erased but can be recovered

Correct Answer: A

- (Exam Topic 3)
An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: Disk&Ven_Best_Buy&Prod_Geek_Squad_U3&Rev_6.15. What does the “Geek_Squad” part represent?

1. A. Product description
2. B. Manufacturer Details
3. C. Developer description
4. D. Software or OS used

Correct Answer: A

- (Exam Topic 3)
As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc. Which of the following commands does she need to execute in order to extract the desired information?

1. A. DBCC LOG(Transfers, 1)
2. B. DBCC LOG(Transfers, 3)
3. C. DBCC LOG(Transfers, 0)
4. D. DBCC LOG(Transfers, 2)

Correct Answer: D