312-49v10 Free Practice Test

- (Exam Topic 2)
Which of the following technique creates a replica of an evidence media?

1. A. Data Extraction
2. B. Backup
3. C. Bit Stream Imaging
4. D. Data Deduplication

Correct Answer: C

- (Exam Topic 2)
When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

1. A. The year the evidence was taken
2. B. The sequence number for the parts of the same exhibit
3. C. The initials of the forensics analyst
4. D. The sequential number of the exhibits seized

Correct Answer: D

- (Exam Topic 2)
A computer forensics investigator is inspecting the firewall logs for a large financial institution that has employees working 24 hours a day, 7 days a week.

What can the investigator infer from the screenshot seen below?

1. A. A smurf attack has been attempted
2. B. A denial of service has been attempted
3. C. Network intrusion has occurred
4. D. Buffer overflow attempt on the firewall.

Correct Answer: C

- (Exam Topic 2)
During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

1. A. C:\Program Files\Exchsrvr\servername.log
2. B. D:\Exchsrvr\Message Tracking\servername.log
3. C. C:\Exchsrvr\Message Tracking\servername.log
4. D. C:\Program Files\Microsoft Exchange\srvr\servername.log

Correct Answer: A

- (Exam Topic 2)
Which password cracking technique uses details such as length of password, character sets used to construct the password, etc.?

1. A. Dictionary attack
2. B. Brute force attack
3. C. Rule-based attack
4. D. Man in the middle attack

Correct Answer: A