Hkey hklm dnew question exam topic shane

Passing Certification Exams Made Easy

visit - https://www.2PassEasy.com

NEW QUESTION 2
- (Exam Topic 3)
Which type of attack is possible when attackers know some credible information about the victim's password, such as the password length, algorithms involved, or the strings and characters used in its creation?

A. Rule-Based Attack
B. Brute-Forcing Attack
C. Dictionary Attack
D. Hybrid Password Guessing Attack

NEW QUESTION 4
- (Exam Topic 3)
What technique is used by JPEGs for compression?

A. TIFF-8
B. ZIP
C. DCT
D. TCD

NEW QUESTION 6
- (Exam Topic 3)
What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?

A. AA55
B. 00AA
C. AA00
D. A100

A. PUB.EDB
B. PRIV.EDB
C. PUB.STM
D. PRIV.STM

NEW QUESTION 9
- (Exam Topic 3)
Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?

A. International Mobile Equipment Identifier (IMEI)
B. Integrated circuit card identifier (ICCID)
C. International mobile subscriber identity (IMSI)
D. Equipment Identity Register (EIR)

NEW QUESTION 10
- (Exam Topic 3)
In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?

A. Determines the data associated with value EnablePrefetcher
B. Monitors the first 10 seconds after the process is started
C. Checks whether the data is processed
D. Checks hard page faults and soft page faults

NEW QUESTION 20
- (Exam Topic 3)
Which U.S. law sets the rules for sending emails for commercial purposes, establishes the minimum requirements for commercial messaging, gives the recipients of emails the right to ask the senders to stop emailing them, and spells out the penalties in case the above said rules are violated?

A. NO-SPAM Act
B. American: NAVSO P-5239-26 (RLL)
C. CAN-SPAM Act
D. American: DoD 5220.22-M

NEW QUESTION 22
- (Exam Topic 3)
POP3 is an Internet protocol, which is used to retrieve emails from a mail server. Through which port does an email client connect with a POP3 server?

A. 110
B. 143
C. 25
D. 993

NEW QUESTION 32
- (Exam Topic 3)
UEFI is a specification that defines a software interface between an OS and platform firmware. Where does this interface store information about files present on a disk?

A. BIOS-MBR
B. GUID Partition Table (GPT)
C. Master Boot Record (MBR)
D. BIOS Parameter Block

NEW QUESTION 42
- (Exam Topic 3)
Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?

A. Isolating the host device
B. Installing malware analysis tools
C. Using network simulation tools
D. Enabling shared folders

NEW QUESTION 49
- (Exam Topic 3)
Data Files contain Multiple Data Pages, which are further divided into Page Header, Data Rows, and Offset Table. Which of the following is true for Data Rows?

A. Data Rows store the actual data
B. Data Rows present Page typ
C. Page ID, and so on
D. Data Rows point to the location of actual data

Answer: B

NEW QUESTION 53
- (Exam Topic 3)
What is the capacity of Recycle bin in a system running on Windows Vista?

Answer: B

NEW QUESTION 56
- (Exam Topic 3)
Which ISO Standard enables laboratories to demonstrate that they comply with quality assurance and provide valid results?

visit - https://www.2PassEasy.com

A. mysql-bin
B. mysql-log
C. iblog
D. ibdata1

Answer: D

A. Volume Boot Record

Passing Certification Exams Made Easy

NEW QUESTION 71
- (Exam Topic 3)
Which of the following is found within the unique instance ID key and helps investigators to map the entry from USBSTOR key to the MountedDevices key?

A. ParentIDPrefix
B. LastWrite
C. UserAssist key
D. MRUListEx key

NEW QUESTION 73
- (Exam Topic 3)
What is the location of a Protective MBR in a GPT disk layout?

A. Logical Block Address (LBA) 2
B. Logical Block Address (LBA) 0
C. Logical Block Address (LBA) 1
D. Logical Block Address (LBA) 3

NEW QUESTION 78
- (Exam Topic 3)
Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

A. Expert Witness
B. Evidence Examiner
C. Forensic Examiner
D. Defense Witness

Passing Certification Exams Made Easy

visit - https://www.2PassEasy.com

NEW QUESTION 88
- (Exam Topic 3)
Self-Monitoring, Analysis, and Reporting Technology (SMART) is built into the hard drives to monitor and report system activity. Which of the following is included in the report generated by SMART?

A. Power Off time
B. Logs of high temperatures the drive has reached
C. All the states (running and discontinued) associated with the OS
D. List of running processes

NEW QUESTION 94
- (Exam Topic 3)
In which registry does the system store the Microsoft security IDs?

A. HKEY_CLASSES_ROOT (HKCR)
B. HKEY_CURRENT_CONFIG (HKCC)
C. HKEY_CURRENT_USER (HKCU)
D. HKEY_LOCAL_MACHINE (HKLM)

NEW QUESTION 97
- (Exam Topic 3)
Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from
Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network
vulnerability assessment plan?

A. Their first step is to make a hypothesis of what their final findings will be.

A. Restore point interval

Passing Certification Exams Made Easy

NEW QUESTION 101
- (Exam Topic 3)
Which forensic investigation methodology believes that criminals commit crimes solely to benefit their criminal enterprises?

A. Scientific Working Group on Digital Evidence
B. Daubert Standard
C. Enterprise Theory of Investigation
D. Fyre Standard

NEW QUESTION 106
- (Exam Topic 3)
Buffer overflow vulnerabilities, of web applications, occurs when the application fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the ______. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.

A. Adjacent buffer locations
B. Adjacent string locations
C. Adjacent bit blocks
D. Adjacent memory locations

NEW QUESTION 111
- (Exam Topic 3)
Select the tool appropriate for examining the dynamically linked libraries of an application or malware.

A. DependencyWalker
B. SysAnalyzer
C. PEiD
D. ResourcesExtract

NEW QUESTION 117
- (Exam Topic 3)

Passing Certification Exams Made Easy

Answer: B

NEW QUESTION 122
- (Exam Topic 3)
Tasklist command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following tasklist commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

Answer: B

NEW QUESTION 128
- (Exam Topic 3)
Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

B. Constitution
C. Fourth Amendment of the U.

D. Constitution
E. Third Amendment of the U.

A. Volume density
B. Track density
C. Linear or recording density
D. Areal density

Answer: A

A. Windows 10
B. Windows 8
C. Windows 7
D. Windows 8.1

Answer: C

A. Segmented image files
B. Simple sequential flat files
C. Compressed image files
D. Segmented files

Answer: B

A. Virtual Files
B. Image Files
C. Shortcut Files
D. Prefetch Files

Answer: C

A. SOX
B. HIPAA 1996
C. GLBA
D. PCI DSS

Answer: C

BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains a header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?

A. Information header
B. Image data
C. The RGBQUAD array
D. Header

NEW QUESTION 169
- (Exam Topic 3)
Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. He wants to recover all the data, which includes his personal photos, music, documents, videos, official emails, etc. Which of the following tools shall resolve Bob's purpose?

A. Cain & Abel
B. Recuva
C. Xplico
D. Colasoft’s Capsa

NEW QUESTION 173
- (Exam Topic 3)
Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the ______. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.

A. Adjacent memory locations
B. Adjacent bit blocks
C. Adjacent buffer locations
D. Adjacent string locations

NEW QUESTION 176
- (Exam Topic 3)
Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?

A. Server storage archives are the server information and settings stored on a local system, whereas the local archives are the local email client information stored on the mail server

Answer: B

NEW QUESTION 181
- (Exam Topic 3)
An attacker has compromised a cloud environment of a company and used the employee information to perform an identity theft attack. Which type of attack is this?

Answer: A

NEW QUESTION 187
- (Exam Topic 2)
On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

Answer: C

NEW QUESTION 193
- (Exam Topic 2)
You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

Passing Certification Exams Made Easy

visit - https://www.2PassEasy.com

Answer: C

NEW QUESTION 200
- (Exam Topic 2)
A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?

Answer: C

NEW QUESTION 205
- (Exam Topic 2)
What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?

Answer: B

NEW QUESTION 214
- (Exam Topic 2)
Which of the following are small pieces of data sent from a website and stored on the user’s computer by the user’s web browser to track, validate, and maintain specific user information?

Passing Certification Exams Made Easy

visit - https://www.2PassEasy.com

A. /24A./24A./24
B. /32 B./32 B./32
C. /16 C./16 C./16
D. /8D./8D./8

Answer: A

NEW QUESTION 222
- (Exam Topic 2)
Which of the following commands shows you all of the network services running on Windows-based servers?

visit - https://www.2PassEasy.com

A. Spycrack
B. Spynet
C. Netspionage
D. Hackspionage

Answer: C

A. ESH
B. 5EH
C. H5E
D. E5H

Answer: D

A. The files have been marked as hidden
B. The files have been marked for deletion
C. The files are corrupt and cannot be recovered
D. The files have been marked as read-only

Answer: B

visit - https://www.2PassEasy.com

A. Non-forensics staff
B. Lawyers
C. System administrators
D. Local managers or other non-forensic staff

Answer: A

A. wmic service
B. Reg.exe
C. fsutil
D. Devcon

Answer: C

A. Copyright
B. Design patent
C. Trademark
D. Utility patent

Answer: D

B. Employees themselves
C. Supervisors
D. Administrative assistant in charge of writing policies

NEW QUESTION 280
- (Exam Topic 2)
What is the first step taken in an investigation for laboratory forensic staff members?

A. Packaging the electronic evidence
B. Securing and evaluating the electronic crime scene
C. Conducting preliminary interviews
D. Transporting the electronic evidence

NEW QUESTION 287
- (Exam Topic 2)
Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

A. HIPAA
B. GLBA
C. SOX
D. FISMA

Answer: C

Passing Certification Exams Made Easy

Answer: D

NEW QUESTION 294
- (Exam Topic 2)
John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and finds nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual memory of the computer to possibly find something he had missed. What information will the virtual memory scan produce?

Answer: D

NEW QUESTION 299
- (Exam Topic 2)
What is the size value of a nibble?

Answer: B

NEW QUESTION 306
- (Exam Topic 2)
Steven has been given the task of designing a computer forensics lab for the company he works for. He has found documentation on all aspects of how to design a lab except the number of exits needed. How many exits should Steven include in his design for the computer forensics lab?

visit - https://www.2PassEasy.com

Answer: C

NEW QUESTION 312
- (Exam Topic 2)
Which password cracking technique uses every possible combination of character sets?

Answer: C

NEW QUESTION 316
- (Exam Topic 2)
Why would a company issue a dongle with the software they sell?

Answer: B

NEW QUESTION 320
- (Exam Topic 2)
Which of the following tools will help the investigator to analyze web server logs?

visit - https://www.2PassEasy.com