312-49v10 Free Practice Test

- (Exam Topic 1)
Why should you note all cable connections for a computer you want to seize as evidence?

1. A. to know what outside connections existed
2. B. in case other devices were connected
3. C. to know what peripheral devices exist
4. D. to know what hardware existed

Correct Answer: A

- (Exam Topic 3)
Tasklist command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following tasklist commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

1. A. tasklist /p
2. B. tasklist /v
3. C. tasklist /u
4. D. tasklist /s

Correct Answer: B

- (Exam Topic 2)
In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

1. A. Security Administrator
2. B. Network Administrator
3. C. Director of Information Technology
4. D. Director of Administration

Correct Answer: B

- (Exam Topic 1)
Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

1. A. APIPA
2. B. IANA
3. C. CVE
4. D. RIPE

Correct Answer: C

- (Exam Topic 2)
What stage of the incident handling process involves reporting events?

1. A. Containment
2. B. Follow-up
3. C. Identification
4. D. Recovery

Correct Answer: C