312-49v11 Exam Question 41

You are a forensic investigator working for a cybersecurity firm tasked with analyzing a suspicious Microsoft Office document named "infected_doc." The document was discovered in an email attachment sent to multiple employees at a large corporation. Concerns have been raised about potential malware embedded within the document, particularly involving VBA macros.
As a forensic investigator examining the "infected_doc" Microsoft Office document, what initial step would you take to identify suspicious or malicious components within the file?
  • 312-49v11 Exam Question 42

    During a forensic investigation of a compromised system, the investigator is analyzing various forensic artifacts to determine the nature and scope of the attack. The investigator is specifically looking for information related to failed sign-in attempts, security policy changes, alerts from intrusion detection systems, and unusual application malfunctions.
    Which type of forensic artifact is most likely to contain this critical information?
  • 312-49v11 Exam Question 43

    A system administrator is configuring a new storage array for a critical application and selects a RAID level that uses data stripping and dedicated parity. The RAID setup requires a minimum of three disks, and it ensures data is striped at the byte level across multiple drives, with one drive set aside to store the parity information for fault tolerance. After configuring the RAID system, the administrator tests its ability to tolerate a single drive failure and confirms the system can still function without data loss. Which RAID level is the system administrator using in this scenario?
  • 312-49v11 Exam Question 44

    Sophia, a forensic expert, is analyzing a system for signs of malware. She observes that the malware has been modifying Windows services and running processes to ensure its operation in the background without detection. She needs to determine which services are automatically starting when the system boots.
    Which tool should Sophia use to examine the Windows services that are set to start automatically?
  • 312-49v11 Exam Question 45

    An attacker, seeking to anonymize their internet activity, utilizes the Tor network, which routes their traffic through a series of relays to obscure the original source. This method is designed to protect the user ' s identity and location. However, despite these measures, the attacker's traffic is traced and identified at the exit relay, potentially exposing them to legal consequences. In response, the attacker turns to a bridge node to circumvent stringent network censorship in a region where access to the Tor network is blocked, thereby regaining access to Tor and attempting to preserve their anonymity. Which role does the bridge node play in the attacker ' s attempt to bypass censorship?