Free 312-49v9 Exam Dumps

Question 26

- (Topic 3)
In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

A. Security Administrator
B. Network Administrator
C. Director of Information Technology
D. Director of Administration

Correct Answer:B

Question 27

- (Topic 2)
A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:RECYCLED using a command line tool but does not find anything. What is the reason for this?

A. He should search in C:\Windows\System32\RECYCLED folder
B. The Recycle Bin does not exist on the hard drive
C. The files are hidden and he must use switch to view themThe files are hidden and he must use ? switch to view them
D. Only FAT system contains RECYCLED folder and not NTFS

Correct Answer:C

Question 28

- (Topic 3)
This is the original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

A. Master Boot Record (MBR)
B. Master File Table (MFT)
C. File Allocation Table (FAT)
D. Disk Operating System (DOS)

Correct Answer:C
A MBR is usually found on fixed disks, not floppy. A MFT is part of NTFS, and NTFS is not used on floppy DOS is an operating system, not a file structure database

Question 29

- (Topic 3)
What should you do when approached by a reporter about a case that you are working on or have worked on?

A. Refer the reporter to the attorney that retained you
B. Say, o comment?Say, ?o comment
C. Answer all the reporter questions as completely as possibleAnswer all the reporter? questions as completely as possible
D. Answer only the questions that help your case

Correct Answer:B

Question 30

- (Topic 2)
John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf?John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and finds
nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual memory of the computer to possibly find something he had missed. What information will the virtual memory scan produce?

A. It contains the times and dates of when the system was last patched
B. It is not necessary to scan the virtual memory of a computer
C. It contains the times and dates of all the system files
D. Hidden running processes

Correct Answer:D