Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?

A.

Justification

B.

Authentication

C.

Reiteration

D.

Certification

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

A.

C:\Program Files\Exchsrvr\servername.log

B.

D:\Exchsrvr\Message Tracking\servername.log

C.

C:\Exchsrvr\Message Tracking\servername.log

D.

C:\Program Files\Microsoft Exchange\srvr\servername.log

What is the smallest physical storage unit on a hard drive?

A.

Track

B.

Cluster

C.

Sector

D.

Platter

Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

A.

18 USC §1029

B.

18 USC §1030

C.

18 USC §1361

D.

18 USC §1371

Before performing a logical or physical search of a drive in Encase, what must be added to the program?

A.

File signatures

B.

Keywords

C.

Hash sets

D.

Bookmarks

What is one method of bypassing a system BIOS password?

A.

Removing the processor

B.

Removing the CMOS battery

C.

Remove all the system memory

D.

Login to Windows and disable the BIOS password

What is the default IIS log location?

A.

SystemDrive\inetpub\LogFiles

B.

%SystemDrive%\inetpub\logs\LogFiles

C.

%SystemDrive\logs\LogFiles

D.

SystemDrive\logs\LogFiles

When reviewing web logs, you see an entry for resource not found in the HTTP status code field.

What is the actual error code that you would see in the log for resource not found?

A.

202

B.

404

C.

606

D.

999

What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

A.

Every byte of the file(s) is given an MD5 hash to match against a master file

B.

Every byte of the file(s) is verified using 32-bit CRC

C.

Every byte of the file(s) is copied to three different hard drives

D.

Every byte of the file(s) is encrypted using three different methods

An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?

A.

Postmortem Analysis

B.

Real-Time Analysis

C.

Packet Analysis

D.

Malware Analysis

When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?

A.

RIM Messaging center

B.

Blackberry Enterprise server

C.

Microsoft Exchange server

D.

Blackberry desktop redirector

To check for POP3 traffic using Ethereal, what port should an investigator search by?

A.

143

B.

25

C.

110

D.

125

Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?

A.

filecache.db

B.

config.db

C.

sigstore.db

D.

Sync_config.db

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

A.

NTOSKRNL.EXE

B.

NTLDR

C.

LSASS.EXE

D.

NTDETECT.COM

Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?

A.

Net config

B.

Net file

C.

Net share

D.

Net sessions