A Review Of Vivid 312-49v9 Practice

NEW QUESTION 1

Networks are vulnerable to an attack which occurs due to overextension of bandwidth, bottlenecks, network data interception, etc.
Which of the following network attacks refers to a process in which an attacker changes his or her IP address so that he or she appears to be someone else?

• A. IP address spoofing
• B. Man-in-the-middle attack
• C. Denial of Service attack
• D. Session sniffing

Answer: A

NEW QUESTION 2

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

• A. Write-blocker
• B. Protocol analyzer
• C. Firewall
• D. Disk editor

Answer: A

NEW QUESTION 3

A law enforcement officer may only search for and seize criminal evidence with ___ , which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime
exists at the place to be searched.

• A. Mere Suspicion
• B. A preponderance of the evidence
• C. Probable cause
• D. Beyond a reasonable doubt

Answer: C

Explanation:
A preponderance of the evidence is the proof requirement in a civil case Beyond a reasonable doubt is the proof requirement in a criminal case

NEW QUESTION 4

What advantage does the tool Evidor have over the built-in Windows search?

• A. It can find deleted files even after they have been physically removed
• B. It can find bad sectors on the hard drive
• C. It can search slack space
• D. It can find files hidden within ADS

Answer: C

NEW QUESTION 5

An attack vector is a path or means by which an attacker can gain access to computer or network resources in order to deliver an attack payload or cause a malicious outcome.

• A. True
• B. False

Answer: A

NEW QUESTION 6

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

• A. ICMP ping sweep
• B. Ping trace
• C. Tracert
• D. Smurf scan

Answer: A

NEW QUESTION 7

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

• A. %systemroot%\LSA
• B. %systemroot%\system32\drivers\etc
• C. %systemroot%\repair
• D. %systemroot%\system32\LSA

Answer: C

NEW QUESTION 8

What does the acronym POST mean as it relates to a PC?

• A. Power On Self Test
• B. Pre Operational Situation Test
• C. Primary Operating System Test
• D. Primary Operations Short Test

Answer: A

NEW QUESTION 9

Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

• A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion \ProfileList
• B. HKEY_LOCAL_MACHlNE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \NetworkList
• C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentsVersion \setup
• D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule

Answer: A

NEW QUESTION 10

A packet is sent to a router that does not have the packet destination address in its route table, how will the packet get to its properA packet is sent to a router that does not have the packet? destination address in its route table, how will the packet get to its proper destination?

• A. Border Gateway Protocol
• B. Root Internet servers
• C. Gateway of last resort
• D. Reverse DNS

Answer: C

NEW QUESTION 11

When you carve an image, recovering the image depends on which of the following skills?

• A. Recognizing the pattern of the header content
• B. Recovering the image from a tape backup
• C. Recognizing the pattern of a corrupt file
• D. Recovering the image from the tape backup

Answer: A

NEW QUESTION 12

As a security analyst you setup a false survey website that will reQuire users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?

• A. The IP address of the employees computers
• B. Bank account numbers and the corresponding routing numbers
• C. The employees network usernames and passwords
• D. The MAC address of theemployees?computers

Answer: C

NEW QUESTION 13

An "idle" system is also referred to as what?

• A. PC not connected to the Internet
• B. PC not being used
• C. Zombie
• D. Bot

Answer: C

NEW QUESTION 14

Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

• A. 18 USC 7029
• B. 18 USC 7030
• C. 18 USC 7361
• D. 18 USC 7371

Answer: B

NEW QUESTION 15

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 server the course of its lifetime?

• A. forensic duplication of hard drive
• B. analysis of volatile data
• C. comparison of MD5 checksums
• D. review of SIDs in the Registry

Answer: D

Explanation:
Not MD5: MD5 checksums are used as integrity checks
User accounts are assigned a unique SID, and the SID are not reused.

NEW QUESTION 16

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

• A. 31402
• B. The zombie will not send a response
• C. 31401
• D. 31399

Answer: C

NEW QUESTION 17

Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the system?

• A. Net sessions
• B. Net file
• C. Net config
• D. Net share

Answer: A

NEW QUESTION 18

The ____ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

• A. Locard Exchange Principle
• B. Clark Standard
• C. Kelly Policy
• D. Silver-Platter Doctrine

Answer: D

Explanation:
Answer “Silver-Platter Doctrine” is probably the most correct. However, the Silver-Platter Doctrine allowed the Federal
court to introduce illegally or improperly “State” seized evidence as long as Federal officers had no role in obtaining it. Also wanted to note that this Doctrine was declared unconstitional in 1960, Elkins vs United States

NEW QUESTION 19

With regard to using an antivirus scanner during a computer forensics investigation, you should:

• A. Scan the suspect hard drive before beginning an investigation
• B. Never run a scan on your forensics workstation because it could change your system configurationNever run a scan on your forensics workstation because it could change your system? configuration
• C. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
• D. Scan your forensics workstation before beginning an investigation

Answer: D

NEW QUESTION 20

What is the slave device connected to the secondary IDE controller on a Linux OS referred to?

• A. hda
• B. hdd
• C. hdb
• D. hdc

Answer: B

NEW QUESTION 21

Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting web attacks. The source, nature, and time of the attack can be determined by ____ of the compromised system.

• A. Analyzing log files
• B. Analyzing SAM file
• C. Analyzing rainbow tables
• D. Analyzing hard disk boot records

Answer: A

NEW QUESTION 22

When investigating a Windows System, it is important to view the contents of the page or swap file because:

• A. Windows stores all of the systems configuration information in this file
• B. This is file that windows use to communicate directly with Registry
• C. A Large volume of data can exist within the swap file of which the computer user has no knowledge
• D. This is the file that windows use to store the history of the last 100 commands that were run from the command line

Answer: C

NEW QUESTION 23

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

• A. Something other than root
• B. Root
• C. Guest
• D. You cannot determine what privilege runs the daemon service

Answer: A

NEW QUESTION 24

What type of file is represented by a colon (:) with a name following it in the Master File Table (MFT) of an NTFS disk?

• A. Compressed file
• B. Data stream file
• C. Encrypted file
• D. Reserved file

Answer: B

NEW QUESTION 25

Operating System logs are most beneficial for Identifying or Investigating suspicious activities involving a particular host. Which of the following Operating System logs contains information about operational actions performed by OS components?

• A. Event logs
• B. Audit logs
• C. Firewall logs
• D. IDS logs

Answer: A

NEW QUESTION 26

Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test. The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?

• A. False negatives
• B. True negatives
• C. True positives
• D. False positives

Answer: A

NEW QUESTION 27
......