What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?
A . ICMP header field
B . TCP header field
C . IP header field
D . UDP header field
Answer: B
What could have prevented this information from being stolen from the laptops?
Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces .
What could have prevented this information from being stolen from the laptops?
A . EFS Encryption
B . DFS Encryption
C . IPS Encryption
D . SDW Encryption
Answer: A
From the following spam mail header, identify the host IP that sent this spam?
From the following spam mail header, identify the host IP that sent this spam?
From ji[email protected] [email protected] Tue Nov 27 17:27:11 2001
Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk
(8.11.6/8.11.6) with ESMTP id
fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)
Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by
viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1)
with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)
Message-Id: >[email protected]
From: "china hotel web"
To: "Shlam"
Subject: SHANGHAI (HILTON HOTEL) PACKAGE
Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0
X-Priority: 3 X-MSMail-
Priority: Normal
Reply-To: "china hotel web"
A . 137.189.96.52
B . 8.12.1.0
C . 203.218.39.20
D . 203.218.39.50
Answer: C
What have you discovered?
You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company.
You type in the following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router .
What have you discovered?
A . HTTP Configuration Arbitrary Administrative Access Vulnerability
B . HTML Configuration Arbitrary Administrative Access Vulnerability
C . Cisco IOS Arbitrary Administrative Access Online Vulnerability
D . URL Obfuscation Arbitrary Administrative Access Vulnerability
Answer: A
With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.
With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.
A . 0
B . 10
C . 100
D . 1
Answer: A
If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?
If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?
A . true
B . false
Answer: A
How many sectors will a 125 KB file use in a FAT32 file system?
How many sectors will a 125 KB file use in a FAT32 file system?
A . 32
B . 16
C . 256
D . 25
Answer: C
When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.
When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.
A . Hard Drive Failure
B . Scope Creep
C . Unauthorized expenses
D . Overzealous marketing
Answer: B
In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?
In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?
A . one who has NTFS 4 or 5 partitions
B . one who uses dynamic swap file capability
C . one who uses hard disk writes on IRQ 13 and 21
D . one who has lots of allocation units per block or cluster
Answer: D
What can you do to prove that the evidence is the same as it was when it first entered the lab?
You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question whether evidence has been changed while at the lab .
What can you do to prove that the evidence is the same as it was when it first entered the lab?
A . make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
B . make an MD5 hash of the evidence and compare it to the standard database developed by NIST
C . there is no reason to worry about this possible claim because state labs are certified
D . sign a statement attesting that the evidence is the same as it was when it entered the lab
Answer: A