Which of the following tools is used to collect volatile data over a network?

Which of the following groups provides tools and creates procedures for testing and validating computer forensic software?

Which of the following is the ability of a hacker to determine the nature of the network?

Which of the following NETSH commands for interface Internet protocol version 4 (IPv4) is used to delete a DNS server or all DNS servers from a list of DNS servers for a specified interface or for all interfaces?

In which of the following attacks does a hacker imitate a DNS server and obtain the entire DNS database?

What is the process of detecting unauthorized access known as?

Which of the following methods is a behavior-based IDS detection method?

Which of the following is a checksum algorithm?

Adam works as a Computer Hacking Forensic Investigator in a law firm. He has been assigned with his first project. Adam collected all required evidences and clues. He is now required to write an investigative report to present before court for further prosecution of the case. He needs guidelines to write an investigative report for expressing an opinion. Which of the following are the guidelines to write an investigative report in an efficient way?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following forensic tool suite is developed for Linux operating system?

Which of the following types of Intrusion detection systems (IDS) is used for port mirroring?

Which of the following Windows XP system files handles memory management, I/O operations, and interrupts?

Which of the following utilities allows to view all files including invisible files and folders on a Macintosh OS X?

What is the maximum size of an IP datagram for Ethernet?

Which of the following partitions contains the system files that are used to start the operating system?

Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

Which of the following is not a Denial of Service (DoS) attack?

Which of the following statements are true about an IPv6 network?

Each correct answer represents a complete solution. Choose all that apply.

You work as a Network Administrator for McNeil Inc. The company's Windows 2000-based network is configured with Internet Security and Acceleration (ISA) Server 2000. You want to configure intrusion detection on the server. You find that the different types of attacks on the Intrusion Detection tab page of the IP Packet Filters Properties dialog box are disabled. What is the most likely cause?

Which of the following hacking tools provides shell access over ICMP?

Routers work at which layer of the OSI reference model?

Which of the following is a hardware/software platform that is designed to analyze, detect, and report on security related events. NIPS is designed to inspect traffic and based on its configuration or security policy, it can drop the malicious traffic?

Which of the following can be applied as countermeasures against DDoS attacks?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following encryption methods are used by the BlackBerry to provide security to the data stored in it?

Each correct answer represents a complete solution. Choose two.

You are responsible for security at a company that specializes in e-commerce. You realize that given the high volume of Web traffic, there is a significant chance of someone being able to breach your perimeter. You want to make sure that should this occur, you can redirect the attacker away from sensitive data. How would you best accomplish this?

The National Shoes Inc. has an SNMP enabled router installed on its network. IT Manager wants to monitor all SNMP traffic generated by the router. So, he installs a Network Monitor on a Windows2000 Server computer on the network. The router is configured to send traps to an SNMP manager installed on another server. He wants to get a notification whenever the network router raises an SNMP trap. What will he do to achieve this?

(Click the Exhibit button on the toolbar to see the case study.)

Each correct answer represents a part of the solution. Choose two.

Which of the following is an asymmetric encryption algorithm?

John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?

Which of the following is the default port used by Simple Mail Transfer Protocol (SMTP)?

Web applications are accessed by communicating over TCP ports via an IP address. Choose the two most common Web Application TCP ports and their respective protocol names.

Each correct answer represents a complete solution. Choose two.

Choose the proper transport protocol and port number used for Domain Name System. You should be concerned only with DNS lookups.

Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to do?

Which of the following types of write blocker device uses one interface for one side and a different one for the other?

A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?

What is the function of PING LOCALHOST command?

Which of the following is an expression of interference that triggers a false positive signal during an intrusion detection process performed by IDS?

Which of the following classes refers to the fire involving electricity?

Which of the following is not a valid Failed Logon EventID?

Which of the following switches is used with Pslist command on the command line to show the statistics for all active threads on the system, grouping these threads with their owning process?

Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

You work as a Network Administrator for Infonet Inc. The company has a Windows Server 2008 domain-based network. The network has three Windows Server 2008 member servers and 150 Windows Vista client computers. The network contains a Windows Server 2008 Core computer. You want to install the DNS server role on the Windows Server 2008 Core computer. Which of the following commands will you use to accomplish the task?

John works as a Network Security Administrator for NetPerfect Inc. The manager of the company has told John that the company's phone bill has increased drastically. John suspects that the company's phone system has been cracked by a malicious hacker. Which attack is used by malicious hackers to crack the phone system?

Which of the following software is used for Steganography?

Which of the following files records all driver installations after the system has booted?

Maria works as a professional Ethical Hacker. She is assigned a project to test the security of www.we-are-secure.com. She wants to test a DoS attack on the We-are-secure server. She finds that the firewall of the server is blocking the ICMP messages, but it is not checking the UDP packets. Therefore, she sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the We-are-secure server.

Which of the following DoS attacks is Maria using to accomplish her task?

John works as a Network Security Administrator for NetPerfect Inc. The manager of the company has told John that the company's phone bill has increased drastically. John suspects that the company's phone system has been cracked by a malicious hacker. Which attack is used by malicious hackers to crack the phone system?

John works as a professional Ethical Hacker for SecureEnet Inc. The company has a Windowsbased network. All client computers run on Windows XP. A project has been assigned to John to investigate about the open ports responsible for various malicious attacks on the network. John wants to use the DOS command-line utility to find out the open ports. Which of the following DOS commands will John use to accomplish the task?

Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:

1. Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.

2. Reducing noise by adjusting color and averaging pixel value.

3. Sharpening, Rotating, Resampling, and Softening the image.

Which of the following Steganography attacks is Victor using?

You work as a Network Administrator for NetTech Inc. You want to know the local IP address, subnet mask, and default gateway of a NIC in a Windows 98 computer. Which of the following utilities will you use to accomplish this ?

Which of the following are not functions of the SNORT application?

Each correct answer represents a complete solution. Choose two.

You work as a network administrator for Tech Perfect Inc. Rick, your assistant, requires information regarding his computer's IP address lease start date and expiry date. Which of the following commands will help him?

Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

Adam works as a Network Administrator for passguide Inc. He wants to prevent the network from

DOS attacks. Which of the following is most useful against DOS attacks?

Which of the following is the default port for TACACS?

Peter works as a professional Computer Hacking Forensic Investigator for eLaw-Suit law firm. He is working on a case of a cyber crime. Peter knows that the good investigative report should not only communicate the relevant facts, but also present expert opinion. This report should not include the cases in which the expert acted as a lay witness. Which of the following type of witnesses is a lay witness?

Which of the following tools can be used for passive OS fingerprinting?

Which of the following file systems is designed by Sun Microsystems?

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

An attacker makes an attempt against a Web server. The result is that the attack takes the form of URLs. These URLs search for a certain string that identifies an attack against the Web server.

Which IDS/IPS detection method do the URLs use to detect and prevent an attack?

Andrew works as a System Administrator for NetPerfect Inc. All client computers on the network run on Mac OS X. The Sales Manager of the company complains that his MacBook is not able to boot. Andrew wants to check the booting process. He suspects that an error persists in the bootloader of Mac OS X. Which of the following is the default bootloader on Mac OS X that he should use to resolve the issue?

John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date:

logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid

SELECT

timegenerated AS LogonTime,

extract_token(strings, 0, '|') AS UserName

FROM Security

WHERE EventID IN (529;

530;

531;

532;

533;

534;

535;

537;

539)

AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%'

After investigation, John concludes that two logon attempts were made by using an expired account. Which of the following EventID refers to this failed logon?

Fill in the blank with the appropriate facts regarding IP version 6 (IPv6).

IP addressing version 6 uses_____ -bit address. Its____ IP address assigned to a single host allows the host to send and receive data.

Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task?

Adam works as a Security administrator for Umbrella Inc. He runs the following traceroute and notice that hops 19 and 20 both show the same IP address.

1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-

1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-

1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv. cox.net (68.100.0.1)

16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933

ms 20.938 ms 5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms

6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7

unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms "PassGuide" -

8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9

so-7-0-0.gar1. NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms

10 so-4-0-0.edge1.NewYork1.Level3.

net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3-

oc48.NewYork1.Level3.net

(209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET

(152.63.21.78)

21.203 ms 22.670 ms 20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153)

30.929 ms 24.858 ms

23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms

33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms

49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.

NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-

0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 passguidegw1.

customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19

www.passguide.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20

www.passguide.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms

Which of the following is the most like cause of this issue?

Users on a TCP/IP network are able to ping resources using IP addresses. However, they are unable to connect to those resources through their host names. A malfunction or failure of which of the following servers may be the cause of the issue?

Which of the following types of firewall functions at the Session layer of OSI model?

Which of the following honeypots is a low-interaction honeypot and is used by companies or corporations for capturing limited information about malicious hackers?

Fill in the blank with the appropriate term.

___________is the practice of monitoring and potentially restricting the flow of information outbound from one network to another

You work as a Network Administrator for Rick International. The company has a TCP/IP-based network. A user named Kevin wants to set an SSH terminal at home to connect to the company's network. You have to configure your company's router for it. By default, which of the following standard ports does the SSH protocol use for connection?

Which of the following IDs is used to reassemble the fragments of a datagram at the destination point?

Adam works as a professional Computer Hacking Forensic Investigator, a project has been assigned to him to investigate and examine files present on suspect's computer. Adam uses a tool with the help of which he can examine recovered deleted files, fragmented files, and other corrupted data. He can also examine the data, which was captured from the network, and access the physical RAM, and any processes running in virtual memory with the help of this tool. Which of the following tools is Adam using?

Which of the following statements about a host-based intrusion prevention system (HIPS) are true?

Each correct answer represents a complete solution. Choose two.

Which of the following is a signature-based intrusion detection system (IDS) ?

Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized

Zone (DMZ) to insulate the rest of the network from the portions that is available to the Internet.

Which of the following security threats may occur if DMZ protocol attacks are performed?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following techniques is used to identify attacks originating from a botnet?