Exam Number/Code: 312-49
Exam name: Computer Hacking Forensic Investigator
150 questions with full explanations
Free Today! Guaranteed Training- Pass 312-49 Exam.
312-49 Exam Questions and Answers (2016 Updated):
Qustion No. 1
Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia.
Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?
A. Text semagram
B. Visual semagram
C. Grill cipher
D. Visual cipher
Qustion No. 2
An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as ow level? How long will the team have to respond to the incident?
A. One working day
B. Two working days
D. Four hours
Qustion No. 3
One way to identify the presence of hidden partitions on a suspect hard drive is to:One way to identify the presence of hidden partitions on a suspect? hard drive is to:
A. Add up the total size of all known partitions and compare it to the total size of the hard drive
B. Examine the FAT and identify hidden partitions by noting an in the artition Type field
C. Examine the LILO and note an ?in the artition Type?field
D. It is not possible to have hidden partitions on a hard drive
Qustion No. 4
When operating systems mark a cluster as used but not allocated, the cluster is considered as
Qustion No. 5
Why should you never power on a computer that you need to acquire digital evidence from?
A. When the computer boots up, files are written to the computer rendering the data nclean
B. When the computer boots up, the system cache is cleared which could destroy evidence
C. When the computer boots up, data in the memory buffer is cleared which could destroy evidence
D. Powering on a computer has no affect when needing to acquire digital evidence from it
External 312-49 vce links
312-49 vce rapidshare.net
312-49 Pearsonvue Scheduled Home:
312-49 Dumps exambibl.com