Microsoft (MS-500) Exam Questions And Answers page 14
One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?
the file header
the file footer
the sector map
Implement and manage identity and access
Implement and manage information protection
One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?
The file header
The File Allocation Table
The file footer
The sector map
Implement and manage identity and access
Implement and manage information protection
One way to identify the presence of hidden partitions on a suspect's hard drive is to:
Add up the total size of all known partitions and compare it to the total size of the hard drive
Examine the FAT and identify hidden partitions by noting an H in the partition Type field
Examine the LILO and note an H in the partition Type field
It is not possible to have hidden partitions on a hard drive
Implement and manage identity and access
Monitor and troubleshoot Microsoft 365 security
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
Guest
Root
You cannot determine what privilege runs the daemon service
Something other than root
Implement and manage identity and access
Monitor and troubleshoot Microsoft 365 security
Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?
Place PDA, including all devices, in an antistatic bag
Unplug all connected devices
Power off all devices if currently on
Photograph and document the peripheral devices
Manage governance and compliance features in Microsoft 365
Monitor and troubleshoot Microsoft 365 security
Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?
Tailgating
Backtrapping
Man trap attack
Fuzzing
Implement and manage threat protection
Manage governance and compliance features in Microsoft 365
Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.
Statement of personal or family history
Prior statement by witness
Statement against interest
Statement under belief of impending death
Manage governance and compliance features in Microsoft 365
Monitor and troubleshoot Microsoft 365 security
Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish?
dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync
dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync
Fill the disk with zeros
Low-level format
Fill the disk with 4096 zeros
Copy files from the master disk to the slave disk on the secondary IDE controller
Implement and manage information protection
Printing under a Windows Computer normally requires which one of the following files types to be created?
EME
MEM
EMF
CME
Implement and manage identity and access
Monitor and troubleshoot Microsoft 365 security
Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?
A text file deleted from C drive in sixth sequential order
A text file deleted from C drive in fifth sequential order
A text file copied from D drive to C drive in fifth sequential order
A text file copied from C drive to D drive in fifth sequential order
Implement and manage identity and access
Monitor and troubleshoot Microsoft 365 security
Comments