CHFI-6

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

QUESTION 544 Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations? A. HIPAA B. GLBA C. SOX D. FISMA

Answer: C

QUESTION 556 NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because: A. FAT does not index files B. NTFS is a journaling file system C. NTFS has lower cluster size space D. FAT is an older and inefficient file system

Answer: C

QUESTION 567 Which of the following is NOT a part of pre-investigation phase? A. Building forensics workstation B. Gathering information about the incident C. Gathering evidence data D. Creating an investigation team

Answer: C

QUESTION 568 To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong? A. Post-investigation Phase B. Reporting Phase C. Pre-investigation Phase D. Investigation Phase

Answer: C

QUESTION 569 Which tool does the investigator use to extract artifacts left by Google Drive on the system? A. PEBrowse Professional B. RegScanner C. RAM Capturer D. Dependency Walker

Answer: C

;QUESTION 501 Which of the following commands shows you all of the network services running on Windowsbased servers? A. Netstart B. Net Session C. Net use D. Net config

Answer: A

QUESTION 503 Pagefile.sys is a virtual memory file used to expand the physical memory of a computer. Select the registry path for the page file: A. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management B. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\System Management C. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Device Management D. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

Answer: A

QUESTION 511 Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects? A. Portable Document Format B. MS-office Word Document C. MS-office Word OneNote D. MS-office Word PowerPoint

Answer: A

QUESTION 512 Ivanovich, a forensics investigator, is trying to extract complete information about running processes from a system. Where should he look apart from the RAM and virtual memory? A. Swap space B. Application data C. Files and documents D. Slack space

Answer: A

QUESTION 521 Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where "x" represents the ___________________. A. Drive name B. Original file name's extension C. Sequential number D. Original file name

Answer: A

QUESTION 538 Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first response while maintaining the integrity of evidence? A. Record the system state by taking photographs of physical system and the display B. Perform data acquisition without disturbing the state of the systems C. Open the systems, remove the hard disk and secure it D. Switch off the systems and carry them to the laboratory

Answer: A

QUESTION 540 Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that disappeared upon execution. Now, he wants to examine the MIME stream content. Which of the following files is he going to examine? A. PRIV.STM B. gwcheck.db C. PRIV.EDB D. PUB.EDB

Answer: A

QUESTION 546 Jacky encrypts her documents using a password. It is known that she uses her daughter's year of birth as part of the password. Which password cracking technique would be optimal to crack her password? A. Rule-based attack B. Brute force attack C. Syllable attack D. Hybrid attack

Answer: A

QUESTION 548 When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called "INFO2" in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________. A. Undo the last action performed on the system B. Reboot Windows C. Use a recovery tool to undelete the file D. Download the file from Microsoft website

Answer: A

QUESTION 549 What is the primary function of the tool CHKDSK in Windows that authenticates the file system reliability of a volume? A. Repairs logical file system errors B. Check the disk for hardware errors C. Check the disk for connectivity errors D. Check the disk for Slack Space

Answer: A

QUESTION 555 Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statistics and probability and uses only two variables? A. Bayesian Correlation B. Vulnerability-Based Approach C. Rule-Based Approach D. Route Correlation

Answer: A

QUESTION 561 The process of restarting a computer that is already turned on through the operating system is called? A. Warm boot B. Ice boot C. Hot Boot D. Cold boot

Answer: A

QUESTION 570 BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains a header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap? A. Information header B. Image data C. The RGBQUAD array D. Header

Answer: A

QUESTION 571 Identify the file system that uses $BitMap file to keep track of all used and unused clusters on a volume. A. NTFS B. FAT C. EXT D. FAT32

Answer: A

QUESTION 575 A forensic examiner is examining a Windows system seized from a crime scene. During the examination of a suspect file, he discovered that the file is password protected. He tried guessing the password using the suspect's available information but without any success. Which of the following tool can help the investigator to solve this issue? A. Cain & Abel B. Xplico C. Recuva D. Colasoft's Capsa

Answer: A

QUESTION 576 Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen? A. OpenGL/ES and SGL B. Surface Manager C. Media framework D. WebKit

Answer: A

QUESTION 577 Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section? A. Speculation or opinion as to the cause of the incident B. Purpose of the report C. Author of the report D. Incident summary

Answer: A

QUESTION 581 Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying the search process. Which of the following hex codes should she look for to identify image files? A. ff d8 ff B. 25 50 44 46 C. d0 0f 11 e0 D. 50 41 03 04

Answer: A

QUESTION 583 What must an attorney do first before you are called to testify as an expert? A. Qualify you as an expert witness B. Read your curriculum vitae to the jury C. Engage in damage control D. Prove that the tools you used to conduct your examination are perfect

Answer: A

QUESTION 586 During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for? A. Coordinated Universal Time B. Universal Computer Time C. Universal Time for Computers D. Correlated Universal Time

Answer: A

QUESTION 587 Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack. A. Adjacent memory locations B. Adjacent bit blocks C. Adjacent buffer locations D. Adjacent string locations

Answer: A

QUESTION 591 Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks? A. ISO 9660 B. ISO/IEC 13940 C. ISO 9060 D. IEC 3490

Answer: A

QUESTION 593 What value of the "Boot Record Signature" is used to indicate that the boot-loader exists? A. AA55 B. 00AA C. AA00 D. A100

Answer: A

QUESTION 597 An International Mobile Equipment Identifier (IMEI) is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits of an IMEI number that provide information about the model and origin of the mobile device is also known as: A. Type Allocation Code (TAC) B. Integrated Circuit Code (ICC) C. Manufacturer Identification Code (MIC) D. Device Origin Code (DOC)

Answer: A

QUESTION 598 Which of the following is NOT an anti-forensics technique? A. Data Deduplication B. Steganography C. Encryption D. Password Protection

Answer: A

QUESTION 504 Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file? A. Net config B. Net file C. Net share D. Net sessions

Answer: B

QUESTION 505 The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block? A. 512 bits B. 512 bytes C. 256 bits D. 256 bytes

Answer: B

QUESTION 508 Which among the following search warrants allows the first responder to get the victim's computer information such as service records, billing records, and subscriber information from the service provider? A. Citizen Informant Search Warrant B. Electronic Storage Device Search Warrant C. John Doe Search Warrant D. Service Provider Search Warrant

Answer: B

QUESTION 510 What is the location of the binary files required for the functioning of the OS in a Linux system? A. /run B. /bin C. /root D. /sbin

Answer: B

QUESTION 515 Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups? A. Inode bitmap block B. Superblock C. Block bitmap block D. Data block

Answer: B

QUESTION 517 Which of the following refers to the process of the witness being ;QUESTIONed by the attorney who called the latter to the stand? A. Witness Authentication B. Direct Examination C. Expert Witness D. Cross

Answer: B

QUESTION 518 Which rule requires an original recording to be provided to prove the content of a recording? A. 1004 B. 1002 C. 1003 D. 1005

Answer: B

QUESTION 524 What is the default IIS log location? A. SystemDrive\inetpub\LogFiles B. %SystemDrive%\inetpub\logs\LogFiles C. %SystemDrive\logs\LogFiles D. SystemDrive\logs\LogFiles

Answer: B

QUESTION 529 Which among the following files provides email header information in the Microsoft Exchange server? A. gwcheck.db B. PRIV.EDB C. PUB.EDB D. PRIV.STM

Answer: B

QUESTION 532 Which of the following tool enables a user to reset his/her lost admin password in a Windows system? A. Advanced Office Password Recovery B. Active@ Password Changer C. Smartkey Password Recovery Bundle Standard D. Passware Kit Forensic

Answer: B

QUESTION 535 Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system? A. C: $Recycled.Bin B. C: \$Recycle.Bin C. C:\RECYCLER D. C:\$RECYCLER

Answer: B

QUESTION 537 An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party's claim or defense. A. Expert in criminal investigation B. Subject matter specialist C. Witness present at the crime scene D. Expert law graduate appointed by attorney

Answer: B

QUESTION 543 Which of the following files gives information about the client sync sessions in Google Drive on Windows? A. sync_log.log B. Sync_log.log C. sync.log D. Sync.log

Answer: B

QUESTION 545 Richard is extracting volatile data from a system and uses the command doskey/history. What is he trying to extract? A. Events history B. Previously typed commands C. History of the browser D. Passwords used across the system

Answer: B

QUESTION 550 Which of the following tool enables data acquisition and duplication? A. Colasoft's Capsa B. DriveSpy C. Wireshark D. Xplico

Answer: B

QUESTION 551 What does 254 represent in ICCID 89254021520014515744? A. Industry Identifier Prefix B. Country Code C. Individual Account Identification Number D. Issuer Identifier Number

Answer: B

QUESTION 552 Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program. What part of the analysis is he performing? A. Identifying File Dependencies B. Strings search C. Dynamic analysis D. File obfuscation

Answer: B

QUESTION 554 Which password cracking technique uses every possible combination of character sets? A. Rainbow table attack B. Brute force attack C. Rule-based attack D. Dictionary attack

Answer: B

QUESTION 560 Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury? A. Written Formal Report B. Verbal Formal Report C. Verbal Informal Report D. Written Informal Report

Answer: B

QUESTION 563 Sectors are pie-shaped regions on a hard disk that store data. Which of the following parts of a hard disk do not contribute in determining the addresses of data? A. Sectors B. Interface C. Cylinder D. Heads

Answer: B

QUESTION 564 Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers? A. netstat ?r B. netstat ?ano C. netstat ?b D. netstat ?s

Answer: B

QUESTION 572 An investigator has acquired packed software and needed to analyze it for the presence of malice. Which of the following tools can help in finding the packaging software used? A. SysAnalyzer B. PEiD C. Comodo Programs Manager D. Dependency Walker

Answer: B

QUESTION 573 Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall? A. Civil Investigation B. Administrative Investigation C. Both Civil and Criminal Investigations D. Criminal Investigation

Answer: B

QUESTION 574 Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely? A. Tokenmon B. PSLoggedon C. TCPView D. Process Monitor

Answer: B

QUESTION 580 Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote? A. A text file deleted from C drive in sixth sequential order B. A text file deleted from C drive in fifth sequential order C. A text file copied from D drive to C drive in fifth sequential order D. A text file copied from C drive to D drive in fifth sequential order

Answer: B

QUESTION 584 Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices. A. DevScan B. Devcon C. fsutil D. Reg.exe

Answer: B

QUESTION 590 Which of the following statements is incorrect when preserving digital evidence? A. Verify if the monitor is in on, off, or in sleep mode B. Turn on the computer and extract Windows event viewer log files C. Remove the plug from the power router or modem D. Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals

Answer: B

QUESTION 592 Lynne receives the following email: Dear [email protected]! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11/10 20:40:24 You have 24 hours to fix this problem or risk to be closed permanently! To proceed Please Connect >> My Apple ID Thank You The link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/ What type of attack is this? A. Mail Bombing B. Phishing C. Email Spamming D. Email Spoofing

Answer: B

QUESTION 600 Gary, a computer technician, is facing allegations of abusing children online by befriending them and sending them illicit adult images from his office computer. What type of investigation does this case require? A. Administrative Investigation B. Criminal Investigation C. Both Criminal and Administrative Investigation D. Civil Investigation

Answer: B

QUESTION 502 Which of the following are small pieces of data sent from a website and stored on the user's computer by the user's web browser to track, validate, and maintain specific user information? A. Temporary Files B. Open files C. Cookies D. Web Browser Cache

Answer: C

QUESTION 506 In Windows Security Event Log, what does an event id of 530 imply? A. Logon Failure ?Unknown user name or bad password B. Logon Failure ?User not allowed to logon at this computer C. Logon Failure ?Account logon time restriction violation D. Logon Failure ?Account currently disabled

Answer: C

QUESTION 507 Which of the following technique creates a replica of an evidence media? A. Data Extraction B. Backup C. Bit Stream Imaging D. Data Deduplication

Answer: C

QUESTION 509 Which of the following tool creates a bit-by-bit image of an evidence media? A. Recuva B. FileMerlin C. AccessData FTK Imager D. Xplico

Answer: C

QUESTION 519 The investigator wants to examine changes made to the system's registry by the suspect program. Which of the following tool can help the investigator? A. TRIPWIRE B. RAM Capturer C. Regshot D. What's Running

Answer: C

QUESTION 523 Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key? A. Value list cell B. Value cell C. Key cell D. Security descriptor cell

Answer: C

QUESTION 525 Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Which of the following tool will help Charles? A. Xplico B. Colasoft's Capsa C. FileSalvage D. DriveSpy

Answer: C

QUESTION 526 Which file is a sequence of bytes organized into blocks understandable by the system's linker? A. executable file B. source file C. Object file D. None of these

Answer: C

QUESTION 530 Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server's root directory? A. Parameter/form tampering B. Unvalidated input C. Directory traversal D. Security misconfiguration

Answer: C

QUESTION 531 What is the size value of a nibble? A. 0.5 kilo byte B. 0.5 bit C. 0.5 byte D. 2 bits

Answer: C

QUESTION 533 Which of the following acts as a network intrusion detection system as well as network intrusion prevention system? A. Accunetix B. Nikto C. Snort D. Kismet

Answer: C

QUESTION 534 In Steganalysis, which of the following describes a Known-stego attack? A. The hidden message and the corresponding stego-image are known B. During the communication process, active attackers can change cover C. Original and stego-object are available and the steganography algorithm is known D. Only the steganography medium is available for analysis

Answer: C

QUESTION 541 Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image? A. gif B. bmp C. jpeg D. png

Answer: C

QUESTION 578 You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which among the following MySQL Utilities allow you to do so? A. mysqldump B. myisamaccess C. myisamlog D. myisamchk

Answer: C

QUESTION 585 Which of the following is NOT a physical evidence? A. Removable media B. Cables C. Image file on a hard disk D. Publications

Answer: C

QUESTION 588 Which of the following is a part of a Solid-State Drive (SSD)? A. Head B. Cylinder C. NAND-based flash memory D. Spindle

Answer: C

QUESTION 594 Which of the following is a MAC-based File Recovery Tool? A. VirtualLab B. GetDataBack C. Cisdem DataRecovery 3 D. Smart Undeleter

Answer: C

QUESTION 599 Rusty, a computer forensics apprentice, uses the command nbtstat 璫 while analyzing the network information in a suspect system. What information is he looking for? A. Contents of the network routing table B. Status of the network carrier C. Contents of the NetBIOS name cache D. Network connections

Answer: C

QUESTION 513 When marking evidence that has been collected with the "aaa/ddmmyy/nnnn/zz" format, what does the "nnnn" denote? A. The initials of the forensics analyst B. The sequence number for the parts of the same exhibit C. The year he evidence was taken D. The sequential number of the exhibits seized by the analyst

Answer: D

QUESTION 514 Which MySQL log file contains information on server start and stop? A. Slow query log file B. General query log file C. Binary log D. Error log file

Answer: D

QUESTION 516 Bob works as information security analyst for a big finance company. One day, the anomalybased intrusion detection system alerted that a volumetric DDOS targeting the main IP of the main web server was occurring. What kind of attack is it? A. IDS attack B. APT C. Web application attack D. Network attack

Answer: D

QUESTION 520 What does the part of the log, "% SEC-6-IPACCESSLOGP", extracted from a Cisco router represent? A. The system was not able to process the packet because there was not enough room for all of the desired IP header options B. Immediate action required messages C. Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available D. A packet matching the log criteria for the given access list has been detected (TCP or UDP)

Answer: D

QUESTION 522 Which of the following is an iOS Jailbreaking tool? A. Kingo Android ROOT B. Towelroot C. One Click Root D. Redsn0w

Answer: D

QUESTION 527 Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use. A. Windows 98 B. Linux C. Windows 8.1 D. Windows XP

Answer: D

QUESTION 528 Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name? A. It is a doc file deleted in seventh sequential order B. RIYG6VR.doc is the name of the doc file deleted from the system C. It is file deleted from R drive D. It is a deleted doc file

Answer: D

QUESTION 536 Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed? A. filecache.db B. config.db C. sigstore.db D. Sync_config.db

Answer: D

QUESTION 539 Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored? A. Volume Boot Record B. Master Boot Record C. GUID Partition Table D. Master File Table

Answer: D

QUESTION 542 Which of the following tools will help the investigator to analyze web server logs? A. XRY LOGICAL B. LanWhois C. Deep Log Monitor D. Deep Log Analyzer

Answer: D

QUESTION 547 Which of the following tool can the investigator use to analyze the network to detect Trojan activities? A. Regshot B. TRIPWIRE C. RAM Computer D. Capsa

Answer: D

QUESTION 553 A master boot record (MBR) is the first sector ("sector zero") of a data storage device. What is the size of MBR? A. Depends on the capacity of the storage device B. 1048 Bytes C. 4092 Bytes D. 512 Bytes

Answer: D

QUESTION 557 Smith, as a part his forensic investigation assignment, seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data in the mobile device. Smith found that the SIM was protected by a Personal Identification Number (PIN) code, but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He made three unsuccessful attempts, which blocked the SIM card. What can Jason do in this scenario to reset the PIN and access SIM data? A. He should contact the network operator for a Temporary Unlock Code (TUK) B. Use system and hardware tools to gain access C. He can attempt PIN guesses after 24 hours D. He should contact the network operator for Personal Unlock Number (PUK)

Answer: D

QUESTION 558 Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures? A. Lsproc B. DumpChk C. RegEdit D. EProcess

Answer: D

QUESTION 559 How will you categorize a cybercrime that took place within a CSP's cloud environment? A. Cloud as a Subject B. Cloud as a Tool C. Cloud as an Audit D. Cloud as an Object

Answer: D

QUESTION 562 Amber, a black hat hacker, has embedded a malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing? A. Click-jacking B. Compromising a legitimate site C. Spearphishing D. Malvertising

Answer: D

QUESTION 565 Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to analyze the DBX files? A. Microsoft Outlook B. Eudora C. Mozilla Thunderbird D. Microsoft Outlook Express

Answer: D

QUESTION 566 Which network attack is described by the following statement? "At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries." A. Man-in-the-Middle Attack B. Sniffer Attack C. Buffer Overflow D. DDoS

Answer: D

QUESTION 579 Andie, a network administrator, suspects unusual network services running on a windows system. Which of the following commands should he use to verify unusual network services started on a Windows system? A. net serv B. netmgr C. lusrmgr D. net start

Answer: D

QUESTION 582 Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID "WIN-ABCDE12345F." Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server? A. WIN-ABCDE12345F.err B. WIN-ABCDE12345F-bin.n C. WIN-ABCDE12345F.pid D. WIN-ABCDE12345F.log

Answer: D

QUESTION 589 Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses' testimony during federal legal proceedings? A. SWGDE & SWGIT B. IOCE C. Frye D. Daubert

Answer: D

QUESTION 595 Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the organization's DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry keys will Smith check to find the above information? A. TypedURLs key B. MountedDevices key C. UserAssist Key D. RunMRU key

Answer: D

QUESTION 596 When analyzing logs, it is important that the clocks of all the network devices are synchronized. Which protocol will help in synchronizing these clocks? A. UTC B. PTP C. Time Protocol D. NTP

Answer: D


Set pelajaran terkait

ACCTG 403W Chapter 12 Assessing Control Risk and Reporting on Internal Controls

View Set

WEEK 2: Interpretation of Dental Caries

View Set

Study Unit 3 - Application Architecture & Modelling

View Set

Ch 5: Discrete Probability Distributions

View Set

Essential Biology 6.4- Gas Exchange

View Set

Partie 2: Chapitre 17: Ordonnancement des tâches

View Set