Summer Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

312-49v9 Exam Dumps - ECCouncil Computer Hacking Forensic Investigator (V9)

Question # 4

In Microsoft file structures, sectors are grouped together to form:

A.

Clusters

B.

Drives

C.

Bitstreams

D.

Partitions

Full Access
Question # 5

What is the slave device connected to the secondary IDE controller on a Linux OS referred to?

A.

hda

B.

hdd

C.

hdb

D.

hdc

Full Access
Question # 6

Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

A.

Value list cell

B.

Value cell

C.

Key cell

D.

Security descriptor cell

Full Access
Question # 7

You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a porno graphic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?

A.

ARP Poisoning

B.

DNS Poisoning

C.

HTTP redirect attack

D.

IP Spoofing

Full Access
Question # 8

Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

A.

The data is still present until the original location of the file is used

B.

The data is moved to the Restore directory and is kept there indefinitely

C.

The data will reside in the L2 cache on a Windows computer until it is manually deleted

D.

It is not possible to recover data that has been emptied from the Recycle Bin

Full Access
Question # 9

Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.

From the log, the investigator can see where the person in question went on the Internet. From the log, it appears that the user was manually typing in different user ID numbers. What technique this user was trying?

A.

Parameter tampering

B.

Cross site scripting

C.

SQL injection

D.

Cookie Poisoning

Full Access
Question # 10

Before performing a logical or physical search of a drive in Encase, what must be added to the program?

A.

File signatures

B.

Keywords

C.

Hash sets

D.

Bookmarks

Full Access
Question # 11

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

A.

Net sessions

B.

Net config

C.

Net share

D.

Net use

Full Access
Question # 12

Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use.

A.

Windows 98

B.

Linux

C.

Windows 8.1

D.

Windows XP

Full Access
Question # 13

The following is a log file screenshot from a default installation of IIS 6.0.

What time standard is used by IIS as seen in the screenshot?

A.

UTC

B.

GMT

C.

TAI

D.

UT

Full Access
Question # 14

How will you categorize a cybercrime that took place within a CSP’s cloud environment?

A.

Cloud as a Subject

B.

Cloud as a Tool

C.

Cloud as an Audit

D.

Cloud as an Object

Full Access
Question # 15

Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?

A.

gif

B.

bmp

C.

jpeg

D.

png

Full Access
Question # 16

What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?

A.

Fraggle

B.

Smurf scan

C.

SYN flood

D.

Teardrop

Full Access
Question # 17

Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

A.

Data collection

B.

Secure the evidence

C.

First response

D.

Data analysis

Full Access
Question # 18

Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and GRUB (Grand Unified Bootloader). In which stage of the booting process do the bootloaders become active?

A.

Bootloader Stage

B.

Kernel Stage

C.

BootROM Stage

D.

BIOS Stage

Full Access
Question # 19

Which MySQL log file contains information on server start and stop?

A.

Slow query log file

B.

General query log file

C.

Binary log

D.

Error log file

Full Access
Question # 20

Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server’s root directory?

A.

Parameter/form tampering

B.

Unvalidated input

C.

Directory traversal

D.

Security misconfiguration

Full Access
Question # 21

Which among the following files provides email header information in the Microsoft Exchange server?

A.

gwcheck.db

B.

PRIV.EDB

C.

PUB.EDB

D.

PRIV.STM

Full Access
Question # 22

What feature of Windows is the following command trying to utilize?

A.

White space

B.

AFS

C.

ADS

D.

Slack file

Full Access
Question # 23

Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?

A.

Net config

B.

Net file

C.

Net share

D.

Net sessions

Full Access
Question # 24

What method of copying should always be performed first before carrying out an investigation?

A.

Parity-bit copy

B.

Bit-stream copy

C.

MS-DOS disc copy

D.

System level copy

Full Access
Question # 25

What must be obtained before an investigation is carried out at a location?

A.

Search warrant

B.

Subpoena

C.

Habeas corpus

D.

Modus operandi

Full Access
Question # 26

To check for POP3 traffic using Ethereal, what port should an investigator search by?

A.

143

B.

25

C.

110

D.

125

Full Access
Question # 27

Which of the following tool creates a bit-by-bit image of an evidence media?

A.

Recuva

B.

FileMerlin

C.

AccessData FTK Imager

D.

Xplico

Full Access
Question # 28

What will the following command accomplish?

dd if=/dev/xxx of=mbr.backup bs=512 count=1

A.

Back up the master boot record

B.

Restore the master boot record

C.

Mount the master boot record on the first partition of the hard drive

D.

Restore the first 512 bytes of the first partition of the hard drive

Full Access
Question # 29

When a router receives an update for its routing table, what is the metric value change to that path?

A.

Increased by 2

B.

Decreased by 1

C.

Increased by 1

D.

Decreased by 2

Full Access
Question # 30

When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

A.

All virtual memory will be deleted

B.

The wrong partition may be set to active

C.

This action can corrupt the disk

D.

The computer will be set in a constant reboot state

Full Access
Question # 31

Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first response while maintaining the integrity of evidence?

A.

Record the system state by taking photographs of physical system and the display

B.

Perform data acquisition without disturbing the state of the systems

C.

Open the systems, remove the hard disk and secure it

D.

Switch off the systems and carry them to the laboratory

Full Access
Question # 32

Which of the following web browser uses the Extensible Storage Engine (ESE) database format to store browsing records, including history, cache, and cookies?

A.

Safari

B.

Mozilla Firefox

C.

Microsoft Edge

D.

Google Chrome

Full Access
Question # 33

What is the role of Alloc.c in Apache core?

A.

It handles allocation of resource pools

B.

It is useful for reading and handling of the configuration files

C.

It takes care of all the data exchange and socket connections between the client and the server

D.

It handles server start-ups and timeouts

Full Access
Question # 34

An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: Disk&Ven_Best_Buy&Prod_Geek_Squad_U3&Rev_6.15. What does the “Geek_Squad” part represent?

A.

Product description

B.

Manufacturer Details

C.

Developer description

D.

Software or OS used

Full Access
Question # 35

What do you call the process of studying the changes that have taken place across a system or a machine after a series of actions or incidents?

A.

Windows Services Monitoring

B.

System Baselining

C.

Start-up Programs Monitoring

D.

Host integrity Monitoring

Full Access
Question # 36

Steve, a forensic investigator, was asked to investigate an email incident in his organization. The organization has Microsoft Exchange Server deployed for email communications. Which among the following files will Steve check to analyze message headers, message text, and standard attachments?

A.

PUB.EDB

B.

PRIV.EDB

C.

PUB.STM

D.

PRIV.STM

Full Access
Question # 37

Which program uses different techniques to conceal a malware's code, thereby making it difficult for security mechanisms to detect or remove it?

A.

Dropper

B.

Packer

C.

Injector

D.

Obfuscator

Full Access
Question # 38

Analyze the hex representation of mysql-bin.000013 file in the screenshot below. Which of the following will be an inference from this analysis?

A.

A user with username bad_guy has logged into the WordPress web application

B.

A WordPress user has been created with the username anonymous_hacker

C.

An attacker with name anonymous_hacker has replaced a user bad_guy in the WordPress database

D.

A WordPress user has been created with the username bad_guy

Full Access
Question # 39

In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?

A.

Chosen-message attack

B.

Known-cover attack

C.

Known-message attack

D.

Known-stego attack

Full Access
Question # 40

Which of the following is NOT an anti-forensics technique?

A.

Data Deduplication

B.

Password Protection

C.

Encryption

D.

Steganography

Full Access
Question # 41

Amber, a black hat hacker, has embedded malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing?

A.

Malvertising

B.

Compromising a legitimate site

C.

Click-jacking

D.

Spearphishing

Full Access
Question # 42

Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?

A.

Sparse File

B.

Master File Table

C.

Meta Block Group

D.

Slack Space

Full Access
Question # 43

Identify the file system that uses $BitMap file to keep track of all used and unused clusters on a volume.

A.

NTFS

B.

FAT

C.

EXT

D.

FAT32

Full Access
Question # 44

Select the tool appropriate for examining the dynamically linked libraries of an application or malware.

A.

DependencyWalker

B.

SysAnalyzer

C.

PEiD

D.

ResourcesExtract

Full Access
Question # 45

In Linux OS, different log files hold different information, which help the investigators to analyze various issues during a security incident. What information can the investigators obtain from the log file

var/log/dmesg?

A.

Kernel ring buffer information

B.

All mail server message logs

C.

Global system messages

D.

Debugging log messages

Full Access
Question # 46

If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.

A.

Slack space

B.

Deleted space

C.

Sector space

D.

Cluster space

Full Access
Question # 47

Select the data that a virtual memory would store in a Windows-based system.

A.

Information or metadata of the files

B.

Documents and other files

C.

Application data

D.

Running processes

Full Access
Question # 48

Which of the following statements is incorrect when preserving digital evidence?

A.

Verify if the monitor is in on, off, or in sleep mode

B.

Turn on the computer and extract Windows event viewer log files

C.

Remove the plug from the power router or modem

D.

Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals

Full Access
Question # 49

What does the bytes 0x0B-0x53 represent in the boot sector of NTFS volume on Windows 2000?

A.

Jump instruction and the OEM ID

B.

BIOS Parameter Block (BPB) and the OEM ID

C.

BIOS Parameter Block (BPB) and the extended BPB

D.

Bootstrap code and the end of the sector marker

Full Access
Question # 50

The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output?

A.

dir /o:d

B.

dir /o:s

C.

dir /o:e

D.

dir /o:n

Full Access
Question # 51

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees don’t like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

A.

tcp.port = 23

B.

tcp.port == 21

C.

tcp.port == 21 || tcp.port == 22

D.

tcp.port != 21

Full Access
Question # 52

Which of the following does Microsoft Exchange E-mail Server use for collaboration of various e-mail applications?

A.

Simple Mail Transfer Protocol (SMTP)

B.

Messaging Application Programming Interface (MAPI)

C.

Internet Message Access Protocol (IMAP)

D.

Post Office Protocol version 3 (POP3)

Full Access
Question # 53

An investigator has acquired packed software and needed to analyze it for the presence of malice. Which of the following tools can help in finding the packaging software used?

A.

SysAnalyzer

B.

PEiD

C.

Comodo Programs Manager

D.

Dependency Walker

Full Access
Question # 54

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network.

A.

48-bit address

B.

24-bit address

C.

16-bit address

D.

32-bit address

Full Access
Question # 55

Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?

A.

OpenGL/ES and SGL

B.

Surface Manager

C.

Media framework

D.

WebKit

Full Access
Question # 56

Which list contains the most recent actions performed by a Windows User?

A.

MRU

B.

Activity

C.

Recents

D.

Windows Error Log

Full Access
Question # 57

Which of these Windows utility help you to repair logical file system errors?

A.

Resource Monitor

B.

Disk cleanup

C.

Disk defragmenter

D.

CHKDSK

Full Access
Question # 58

What is an investigator looking for in the rp.log file stored in a system running on Windows 10 operating system?

A.

Restore point interval

B.

Automatically created restore points

C.

System CheckPoints required for restoring

D.

Restore point functions

Full Access
Question # 59

The Recycle Bin exists as a metaphor for throwing files away, but it also allows a user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to the log file that exists in the Recycle Bin. Which of the following files contains records that correspond to each deleted file in the Recycle Bin?

A.

INFO2

B.

INFO1

C.

LOGINFO1

D.

LOGINFO2

Full Access
Question # 60

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

A.

All three servers need to be placed internally

B.

A web server and the database server facing the Internet, an application server on the internal network

C.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Full Access
Question # 61

Self-Monitoring, Analysis, and Reporting Technology (SMART) is built into the hard drives to monitor and report system activity. Which of the following is included in the report generated by SMART?

A.

Power Off time

B.

Logs of high temperatures the drive has reached

C.

All the states (running and discontinued) associated with the OS

D.

List of running processes

Full Access
Question # 62

E-mail logs contain which of the following information to help you in your investigation? (Choose four.)

A.

user account that was used to send the account

B.

attachments sent with the e-mail message

C.

unique message identifier

D.

contents of the e-mail message

E.

date and time the message was sent

Full Access
Question # 63

It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

A.

by law, three

B.

quite a few

C.

only one

D.

at least two

Full Access
Question # 64

The objective of this act was to protect consumers’ personal financial information held by financial institutions and their service providers.

A.

Gramm-Leach-Bliley Act

B.

Sarbanes-Oxley 2002

C.

California SB 1386

D.

HIPAA

Full Access
Question # 65

What does the acronym POST mean as it relates to a PC?

A.

Primary Operations Short Test

B.

PowerOn Self Test

C.

Pre Operational Situation Test

D.

Primary Operating System Test

Full Access
Question # 66

To preserve digital evidence, an investigator should ____________________.

A.

Make two copies of each evidence item using a single imaging tool

B.

Make a single copy of each evidence item using an approved imaging tool

C.

Make two copies of each evidence item using different imaging tools

D.

Only store the original evidence item

Full Access
Question # 67

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

A.

digital attack

B.

denial of service

C.

physical attack

D.

ARP redirect

Full Access
Question # 68

The following excerpt is taken from a honeypot log. The log captures activities across three days.

There are several intrusion attempts; however, a few are successful.

(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)

Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169

Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482

Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53

Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21

Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53

Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111

Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80

Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)

Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)

Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080

Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

From the options given below choose the one which best interprets the following entry:

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

A.

An IDS evasion technique

B.

A buffer overflow attempt

C.

A DNS zone transfer

D.

Data being retrieved from 63.226.81.13

Full Access
Question # 69

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

A.

EFS uses a 128-bit key that can't be cracked, so you will not be able to recover the information

B.

When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information.

C.

The EFS Revoked Key Agent can be used on the Computer to recover the information

D.

When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.

Full Access
Question # 70

This organization maintains a database of hash signatures for known software.

A.

International Standards Organization

B.

Institute of Electrical and Electronics Engineers

C.

National Software Reference Library

D.

American National standards Institute

Full Access
Question # 71

Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

A.

Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media

B.

Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence

C.

Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media

D.

Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media

Full Access
Question # 72

When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format?

A.

FF D8 FF E0 00 10

B.

FF FF FF FF FF FF

C.

FF 00 FF 00 FF 00

D.

EF 00 EF 00 EF 00

Full Access
Question # 73

Why would a company issue a dongle with the software they sell?

A.

To provide source code protection

B.

To provide wireless functionality with the software

C.

To provide copyright protection

D.

To ensure that keyloggers cannot be used

Full Access
Question # 74

Which US law does the interstate or international transportation and receiving of child pornography fall under?

A.

§18. U.S.C. 1466A

B.

§18. U.S.C 252

C.

§18. U.S.C 146A

D.

§18. U.S.C 2252

Full Access
Question # 75

Ivanovich, a forensics investigator, is trying to extract complete information about running processes from a system. Where should he look apart from the RAM and virtual memory?

A.

Swap space

B.

Application data

C.

Files and documents

D.

Slack space

Full Access
Question # 76

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:

http://172.168.4.131/level/99/exec/show/config

After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

A.

HTTP Configuration Arbitrary Administrative Access Vulnerability

B.

HTML Configuration Arbitrary Administrative Access Vulnerability

C.

Cisco IOS Arbitrary Administrative Access Online Vulnerability

D.

URL Obfuscation Arbitrary Administrative Access Vulnerability

Full Access
Question # 77

Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

A.

A disk imaging tool would check for CRC32s for internal self-checking and validation and have MD5 checksum

B.

Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file

C.

A simple DOS copy will not include deleted files, file slack and other information

D.

There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

Full Access
Question # 78

The use of warning banners helps a company avoid litigation by overcoming an employee assumed __________________________. When connecting to the company's intranet, network or Virtual Private Network(VPN) and will allow the company's investigators to monitor, search and retrieve information stored within the network.

A.

Right to work

B.

Right of free speech

C.

Right to Internet Access

D.

Right of Privacy

Full Access
Question # 79

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

A.

The registry

B.

The swap file

C.

The recycle bin

D.

The metadata

Full Access
Question # 80

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

A.

ATM

B.

UDP

C.

BPG

D.

OSPF

Full Access
Question # 81

In Linux, what is the smallest possible shellcode?

A.

24 bytes

B.

8 bytes

C.

800 bytes

D.

80 bytes

Full Access
Question # 82

One way to identify the presence of hidden partitions on a suspect's hard drive is to:

A.

Add up the total size of all known partitions and compare it to the total size of the hard drive

B.

Examine the FAT and identify hidden partitions by noting an H in the partition Type field

C.

Examine the LILO and note an H in the partition Type field

D.

It is not possible to have hidden partitions on a hard drive

Full Access
Question # 83

Which of the following should a computer forensics lab used for investigations have?

A.

isolation

B.

restricted access

C.

open access

D.

an entry log

Full Access
Question # 84

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

A.

APIPA

B.

IANA

C.

CVE

D.

RIPE

Full Access
Question # 85

What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

A.

Cached password hashes for the past 20 users

B.

Service account passwords in plain text

C.

IAS account names and passwords

D.

Local store PKI Kerberos certificates

Full Access
Question # 86

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

A.

Trick the switch into thinking it already has a session with Terri's computer

B.

Poison the switch's MAC address table by flooding it with ACK bits

C.

Crash the switch with a DoS attack since switches cannot send ACK bits

D.

Enable tunneling feature on the switch

Full Access
Question # 87

Why is it a good idea to perform a penetration test from the inside?

A.

It is never a good idea to perform a penetration test from the inside

B.

Because 70% of attacks are from inside the organization

C.

To attack a network from a hacker's perspective

D.

It is easier to hack from the inside

Full Access
Question # 88

You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subject’s computer. You inform the officer that you will not be able to comply with that request because doing so would:

A.

Violate your contract

B.

Cause network congestion

C.

Make you an agent of law enforcement

D.

Write information to the subject’s hard drive

Full Access