312-49v10 Free Practice Test

- (Exam Topic 1)
Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?

1. A. A Honeypot that traps hackers
2. B. A system Using Trojaned commands
3. C. An environment set up after the user logs in
4. D. An environment set up before a user logs in

Correct Answer: A

- (Exam Topic 3)
The MAC attributes are timestamps that refer to a time at which the file was last modified or last accessed or originally created. Which of the following file systems store MAC attributes in Coordinated Universal Time (UTC) format?

1. A. File Allocation Table (FAT
2. B. New Technology File System (NTFS)
3. C. Hierarchical File System (HFS)
4. D. Global File System (GFS)

Correct Answer: B

- (Exam Topic 2)
Which of the following techniques can be used to beat steganography?

1. A. Encryption
2. B. Steganalysis
3. C. Decryption
4. D. Cryptanalysis

Correct Answer: B

- (Exam Topic 4)
Fred, a cybercrime Investigator for the FBI, finished storing a solid-state drive In a static resistant bag and filled out the chain of custody form. Two days later. John grabbed the solid-state drive and created a clone of It (with write blockers enabled) In order to Investigate the drive. He did not document the chain of custody though. When John was finished, he put the solid-state drive back in the static resistant and placed it back in the evidence locker. A day later, the court trial began and upon presenting the evidence and the supporting documents, the chief Justice outright rejected them. Which of the following statements strongly support the reason for rejecting the evidence?

1. A. Block clones cannot be created with solid-state drives
2. B. Write blockers were used while cloning the evidence
3. C. John did not document the chain of custody
4. D. John investigated the clone instead of the original evidence itself

Correct Answer: C

- (Exam Topic 3)
Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?

1. A. Server storage archives are the server information and settings stored on a local system, whereas the local archives are the local email client information stored on the mail server
2. B. It is difficult to deal with the webmail as there is no offline archive in most case
3. C. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers
4. D. Local archives should be stored together with the server storage archives in order to be admissible in a court of law
5. E. Local archives do not have evidentiary value as the email client may alter the message data

Correct Answer: B