Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Which principle states that “anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave”?

A.

Locard's Exchange Principle

B.

Enterprise Theory of Investigation

C.

Locard's Evidence Principle

D.

Evidence Theory of Investigation

Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?

A.

Tokenmon

B.

PSLoggedon

C.

TCPView

D.

Process Monitor

Which of the following is a federal law enacted in the US to control the ways that financial institutions deal with the private information of individuals?

A.

SOX

B.

HIPAA 1996

C.

GLBA

D.

PCI DSS

Which of the following Linux command searches through the current processes and lists the process IDs those match the selection criteria to stdout?

A.

pstree

B.

pgrep

C.

ps

D.

grep

Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. He wants to recover all the data, which includes his personal photos, music, documents, videos, official emails, etc. Which of the following tools shall resolve Bob's purpose?

A.

Cain & Abel

B.

Recuva

C.

Xplico

D.

Colasoft’s Capsa

Examination of a computer by a technically unauthorized person will almost always result in:

A.

Rendering any evidence found inadmissible in a court of law

B.

Completely accurate results of the examination

C.

The chain of custody being fully maintained

D.

Rendering any evidence found admissible in a court of law

Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

A.

Physical block

B.

Operating system block

C.

Hard disk block

D.

Logical block

After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?

A.

PRIV.STM

B.

PUB.EDB

C.

PRIV.EDB

D.

PUB.STM

What must an attorney do first before you are called to testify as an expert?

A.

Qualify you as an expert witness

B.

Read your curriculum vitae to the jury

C.

Engage in damage control

D.

Prove that the tools you used to conduct your examination are perfect

In Linux OS, different log files hold different information, which help the investigators to analyze various issues during a security incident. What information can the investigators obtain from the log file

var/log/dmesg?

A.

Kernel ring buffer information

B.

All mail server message logs

C.

Global system messages

D.

Debugging log messages

In a computer that has Dropbox client installed, which of the following files related to the Dropbox client store information about local Dropbox installation and the Dropbox user account, along with email IDs linked with the account?

A.

config.db

B.

install.db

C.

sigstore.db

D.

filecache.db

Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

A.

SWGDE & SWGIT

B.

Daubert

C.

Frye

D.

IOCE

Which of these Windows utility help you to repair logical file system errors?

A.

Resource Monitor

B.

Disk cleanup

C.

Disk defragmenter

D.

CHKDSK

NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?

A.

Encrypted FEK

B.

Checksum

C.

EFS Certificate Hash

D.

Container Name

> NMAP -sn 192.168.11.200-215 The NMAP command above performs which of the following?

A.

A trace sweep

B.

A port scan

C.

A ping scan

D.

An operating system detect