312-49v10 Free Practice Test

- (Exam Topic 3)
Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?

1. A. Isolating the host device
2. B. Installing malware analysis tools
3. C. Using network simulation tools
4. D. Enabling shared folders

Correct Answer: D

- (Exam Topic 1)
When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts ______ in the first letter position of the filename in the FAT database.

1. A. A Capital X
2. B. A Blank Space
3. C. The Underscore Symbol
4. D. The lowercase Greek Letter Sigma (s)

Correct Answer: D

- (Exam Topic 2)
What does 254 represent in ICCID 89254021520014515744?

1. A. Industry Identifier Prefix
2. B. Country Code
3. C. Individual Account Identification Number
4. D. Issuer Identifier Number

Correct Answer: B

- (Exam Topic 2)
How many possible sequence number combinations are there in TCP/IP protocol?

1. A. 1 billion
2. B. 320 billion
3. C. 4 billion
4. D. 32 million

Correct Answer: C

- (Exam Topic 3)
Gill is a computer forensics investigator who has been called upon to examine a seized computer. This computer, according to the police, was used by a hacker who gained access to numerous banking institutions to steal customer information. After preliminary investigations, Gill finds in the computer’s log files that the hacker was able to gain access to these banks through the use of Trojan horses. The hacker then used these Trojan horses to obtain remote access to the companies’ domain controllers. From this point, Gill found that the hacker pulled off the SAM files from the domain controllers to then attempt and crack network passwords. What is the most likely password cracking technique used by this hacker to break the user passwords from the SAM files?

1. A. Syllable attack
2. B. Hybrid attack
3. C. Brute force attack
4. D. Dictionary attack

Correct Answer: D