Online Access Free 312-49v11 Practice Test

Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

• A.Value cell
• B.Security descriptor cell
• C.Value list cell
• D.Key cell

You are an information security analyst at a large pharmaceutical company. While performing a routine review of audit logs, you have noticed a significant amount of egress traffic to various IP addresses on destination port 22 during off-peak hours. You researched some of the IP addresses and found that many of them are in Eastern Europe. What is the most likely cause of this traffic?

• A.Internal systems are downloading automatic Windows updates
• B.Malicious software on internal system is downloading research data from partner 5FTP servers in Eastern Europe
• C.The organization's primary internal DNS server has been compromised and is performing DNS zone transfers to malicious external entities
• D.Data is being exfiltrated by an advanced persistent threat (APT)

FAT32 is a 32-bit version of FAT file system using smaller clusters and results in efficient storage capacity. What is the maximum drive size supported?

• A.1 terabytes
• B.4 terabytes
• C.3 terabytes
• D.2 terabytes

Brian has the job of analyzing malware for a software security company. Brian has setup a virtual environment that includes virtual machines running various versions of OSes. Additionally, Brian has setup separated virtual networks within this environment The virtual environment does not connect to the company's intranet nor does it connect to the external Internet. With everything setup, Brian now received an executable file from client that has undergone a cyberattack. Brian ran the executable file In the virtual environment to see what it would do. What type of analysis did Brian perform?

• A.Status malware analysis
• B.Dynamic malware analysis
• C.Static malware analysis
• D.Static OS analysis

Consider the scenario where a large multinational corporation suspects an internal security breach, with significant data possibly compromised. The corporate forensic team initiates the process of conducting a comprehensive forensic investigation following the search and seizure protocols. During this process, they want to ensure they capture all the required information and minimize disruption to the company's ongoing business operations. Which among the following activities should NOT be a part of their plan for this search and seizure operation?

• A.Obtaining formal written consent from the company's owner before beginning the investigation process
• B.Carrying out all search and seizure activities without seeking witness signatures for the activities performed
• C.Generating a comprehensive list of all potentially involved devices along with their specifications, status, and locations
• D.Requesting a warrant for search and seizure detailing the exact locations and types of evidence expected to be found