312-49 Online Practice Questions and Answers

Item 2If you come across a sheepdip machine at your client site, what would you infer?

A. A sheepdip coordinates several honeypots

B. A sheepdip computer is another name for a honeypot

C. A sheepdip computer is used only for virus-checking.

D. A sheepdip computer defers a denial of service attack

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

A. bench warrant

B. wire tap

C. subpoena

D. search warrant

While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?

A. Keep the information of file for later review

B. Destroy the evidence

C. Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D. Present the evidence to the defense attorney

One way to identify the presence of hidden partitions on a suspect's hard drive is to:

A. Add up the total size of all known partitions and compare it to the total size of the hard drive

B. Examine the FAT and identify hidden partitions by noting an H in the partition Type field

C. Examine the LILO and note an H in the partition Type field

D. It is not possible to have hidden partitions on a hard drive

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

A. mcopy

B. image

C. MD5

D. dd

Davidson Trucking is a small transportation company that has three local offices in Detroit Michigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not upholding company policy?

A. IT personnel

B. Employees themselves

C. Supervisors

D. Administrative assistant in charge of writing policies

Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?

A. Network

B. Transport

C. Physical

D. Data Link

Harold is finishing up a report on a case of network intrusion, corporate spying, and embezzlement that he

has been working on for over six months. He is trying to find the right term to use in his report to describe

network-enabled spying.

What term should Harold use?

A. Spycrack

B. Spynet

C. Netspionage

D. Hackspionage

To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong?

A. Post-investigation Phase

B. Reporting Phase

C. Pre-investigation Phase

D. Investigation Phase

If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.

A. Slack space

B. Deleted space

C. Sector space

D. Cluster space