New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Which federal computer crime law specifically refers to fraud and related activity in connection with access devices like routers?

A.

18 U.S.C. 1029

B.

18 U.S.C. 1362

C.

18 U.S.C. 2511

D.

18 U.S.C. 2703

Full Access
Question # 5

Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, access rights or others features that they may need in order to accomplish their objectives. One simple method for loading an application at startup is to add an entry (Key) to the following Registry Hive:

A.

HKEY_LOCAL_MACHINEhardwarewindowsstart

B.

HKEY_LOCAL_USERSSoftware|MicrosoftoldVersionLoad

C.

HKEY_CURRENT_USERMicrosoftDefault

D.

HKEY_LOCAL_MACHINESoftwareMicrosoftCurrentVersionRun

Full Access
Question # 6

When cataloging digital evidence, the primary goal is to:

A.

Make bit-stream images of all hard drives

B.

Preserve evidence integrity

C.

Not remove the evidence from the scene

D.

Not allow the computer to be turned off

Full Access
Question # 7

You should make at least how many bit-stream copies of a suspect drive?

A.

1

B.

2

C.

3

D.

4

Full Access
Question # 8

What are the security risks of running a "repair" installation for Windows XP?

A.

There are no security risks when running the "repair" installation for Windows XP

B.

Pressing Shift+F1 gives the user administrative rights

C.

Pressing Ctrl+F10 gives the user administrative rights

D.

Pressing Shift+F10 gives the user administrative rights

Full Access
Question # 9

In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet". Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves?

A.

More RESET packets to the affected router to get it to power back up

B.

RESTART packets to the affected router to get it to power back up

C.

The change in the routing fabric to bypass the affected router

D.

STOP packets to all other routers warning of where the attack originated

Full Access
Question # 10

What is a good security method to prevent unauthorized users from "tailgating"?

A.

Electronic key systems

B.

Man trap

C.

Pick-resistant locks

D.

Electronic combination locks

Full Access
Question # 11

Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?

A.

Perform a zone transfer

B.

Perform DNS poisoning

C.

Send DOS commands to crash the DNS servers

D.

Enumerate all the users in the domain

Full Access
Question # 12

Jonathan is a network administrator who is currently testing the internal security of his network. He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?

A.

Only an HTTPS session can be hijacked

B.

Only DNS traffic can be hijacked

C.

Only FTP traffic can be hijacked

D.

HTTP protocol does not maintain session

Full Access
Question # 13

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

A.

Guest

B.

You cannot determine what privilege runs the daemon service

C.

Root

D.

Something other than root

Full Access
Question # 14

What is the following command trying to accomplish?

A.

Verify that TCP port 445 is open for the 192.168.0.0 network

B.

Verify that UDP port 445 is open for the 192.168.0.0 network

C.

Verify that UDP port 445 is closed for the 192.168.0.0 network

D.

Verify that NETBIOS is running for the 192.168.0.0 network

Full Access
Question # 15

An Expert witness give an opinion if:

A.

The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

B.

To define the issues of the case for determination by the finder of fact

C.

To stimulate discussion between the consulting expert and the expert witness

D.

To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

Full Access
Question # 16

One way to identify the presence of hidden partitions on a suspect‟s hard drive is to:

A.

Add up the total size of all known partitions and compare it to the total size of the hard drive

B.

Examine the FAT and identify hidden partitions by noting an H in the partition Type field

C.

Examine the LILO and note an H in the partition Type field

D.

It is not possible to have hidden partitions on a hard drive

Full Access
Question # 17

The police believe that Mevin Mattew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

A.

The Fourth Amendment

B.

The USA patriot Act

C.

The Good Samaritan Laws

D.

The Federal Rules of Evidence

Full Access
Question # 18

When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardware write-blocking device to:

A.

Automate Collection from image files

B.

Avoiding copying data from the boot partition

C.

Acquire data from host-protected area on a disk

D.

Prevent Contamination to the evidence drive

Full Access
Question # 19

You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firms employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will.

What do you do?

A.

Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned

B.

Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment

C.

Inform the owner that conducting an investigation without a policy is a violation of the employees expectation of privacy

D.

Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies

Full Access
Question # 20

One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

A.

the File Allocation Table

B.

the file header

C.

the file footer

D.

the sector map

Full Access
Question # 21

Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier of the machine that created the document. What is that code called?

A.

Globally unique ID

B.

Microsoft Virtual Machine Identifier

C.

Personal Application Protocol

D.

Individual ASCII string

Full Access
Question # 22

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

A.

CVE

B.

IANA

C.

RIPE

D.

APIPA

Full Access
Question # 23

What will the following command produce on a website login page?What will the following command produce on a website? login page?

SELECT email, passwd, login_id, full_name

FROM members

WHERE email = 'someone@somehwere.com'; DROP TABLE members; --'

A.

This command will not produce anything since the syntax is incorrect

B.

Inserts the Error! Reference source not found. email address into the members table

C.

Retrieves the password for the first user in the members table

D.

Deletes the entire members table

Full Access
Question # 24

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?

A.

Fraggle

B.

SYN flood

C.

Trinoo

D.

Smurf

Full Access
Question # 25

In Linux, what is the smallest possible shellcode?

A.

800 bytes

B.

8 bytes

C.

80 bytes

D.

24 bytes

Full Access
Question # 26

John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

A.

Firewalk sets all packets with a TTL of zero

B.

Firewalk cannot pass through Cisco firewalls

C.

Firewalk sets all packets with a TTL of one

D.

Firewalk cannot be detected by network sniffers

Full Access
Question # 27

John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found.

What information will he be able to gather from this?

A.

The SAM file from Hillary computer

B.

Hillary network username and password hash

C.

The SID of Hillary network account

D.

The network shares that Hillary has permissions

Full Access
Question # 28

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company's clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

A.

Ping sweep

B.

Netcraft

C.

Dig

D.

Nmap

Full Access
Question # 29

Which part of the Windows Registry contains the user‟s password file?

A.

HKEY_LOCAL_MACHINE

B.

HKEY_CURRENT_CONFIGURATION

C.

HKEY_USER

D.

HKEY_CURRENT_USER

Full Access
Question # 30

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

A.

128

B.

64

C.

32

D.

16

Full Access
Question # 31

When you carve an image, recovering the image depends on which of the following skills?

A.

Recognizing the pattern of the header content

B.

Recovering the image from a tape backup

C.

Recognizing the pattern of a corrupt file

D.

Recovering the image from the tape backup

Full Access
Question # 32

While working for a prosecutor, What do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense ?

A.

Keep the information of file for later review

B.

Destroy the evidence

C.

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.

Present the evidence to the defense attorney

Full Access
Question # 33

It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

A.

by law, three

B.

quite a few

C.

only one

D.

at least two

Full Access
Question # 34

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

A.

bench warrant

B.

wire tap

C.

subpoena

D.

search warrant

Full Access