Free 312-49v9 Exam Dumps

Question 106

- (Topic 3)
One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a
.jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

A. the File Allocation Table
B. the file header
C. the file footer
D. the sector map

Correct Answer:B

Question 107

- (Topic 3)
You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading
inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a implePC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a ?imple backup copy?of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a imple backup copy?will not provide deleted files or recover file fragments. What type of copy do you need to make toYou inform him that a ?imple backup copy?will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

A. Bit-stream copy
B. Robust copy
C. Full backup copy
D. Incremental backup copy

Correct Answer:A

Question 108

- (Topic 1)
Which of the following is not an example of a cyber-crime?

A. Fraud achieved by the manipulation of the computer records
B. Firing an employee for misconduct
C. Deliberate circumvention of the computer security systems
D. Intellectual property theft, including software piracy

Correct Answer:B

Question 109

- (Topic 3)
In Linux, what is the smallest possible shellcode?

A. 8 bytes
B. 24 bytes
C. 800 bytes
D. 80 bytes

Correct Answer:B

Question 110

- (Topic 3)
When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time
among multiple computers?

A. Time-Sync Protocol
B. SyncTime Service
C. Network Time Protocol
D. Universal Time Set

Correct Answer:C