Julia is a senior security analyst for Berber Consulting group. She is currently working on a
contract for a small accounting firm in Florid a. They have given her permission to perform
social engineering attacks on the company to see if their in-house training did any good.
Julia calls the main number for the accounting firm and talks to the receptionist. Julia says
that she is an IT technician from the company's main office in Iowa. She states that she
needs the receptionist's network username and password to troubleshoot a problem they
are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for. What principal of social engineering did Julia use?

A.

ASocial Validation

B.

Scarcity

C.

Friendship/Liking

D.

Reciprocation

A state department site was recently attacked and all the servers had their disks erased.
The incident response team sealed the area and commenced investigation. During
evidence collection they came across a zip disks that did not have the standard labeling on
it. The incident team ran the disk on an isolated system and found that the system disk was
accidentally erased. They decided to call in the FBI for further investigation. Meanwhile,
they short listed possible suspects including three summer interns. Where did the incident
team go wrong?

A.

They examined the actual evidence on an unrelated system

B.

They attempted to implicate personnel without proof

C.

They tampered with evidence by using it

D.

They called in the FBI without correlating with the fingerprint data

As a CHFI professional, which of the following is the most important to your professional reputation?

A.

Your Certifications

B.

The correct, successful management of each and every case

C.

The free that you charge

D.

The friendship of local law enforcement officers

Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

A.

18 U.S.C. 1029 Possession of Access Devices

B.

18 U.S.C. 1030 Fraud and related activity in connection with computers

C.

18 U.S.C. 1343 Fraud by wire, radio or television

D.

D18 U.S.C. 1361 Injury to Government Property

E.

18 U.S.C. 1362 Government communication systems

F.

18 U.S.C. 1831 Economic Espionage Act

G.

18 U.S.C. 1832 Trade Secrets Act

You are the security analyst working for a private company out of France. Your current
assignment is to obtain credit card information from a Swiss bank owned by that company.
After initial reconnaissance, you discover that the bank security defenses are very strong
and would take too long to penetrate. You decide to get the information by monitoring the
traffic between the bank and one of its subsidiaries in London. After monitoring some of the
traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic
and extract usernames and passwords. What tool could you use to get this information?

A.

Airsnort

B.

Snort

C.

Ettercap

D.

RaidSniff

Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

A.

A disk imaging tool would check for CRC32s for internal self-checking and validation and have MD5 checksum

B.

Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file

C.

A simple DOS copy will not include deleted files, file slack and other information

D.

There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

What does the superblock in Linux define?

A.

filesynames

B.

diskgeometr

C.

location of the firstinode

D.

available space

You just passed your ECSA exam and are about to start your first consulting job running
security audits for a financial institution in Los Angeles. The IT manager of the company
you will be working for tries to see if you remember your ECSA class. He asks about the
methodology you will be using to test the company's network. How would you answer?

A.

Microsoft Methodology

B.

Google Methodology

C.

IBM Methodology

D.

LPT Methodology

You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

A.

The tool hasn't been tested by the International Standards Organization (ISO)

B.

Only the local law enforcement should use the tool

C.

The total has not been reviewed and accepted by your peers

D.

You are not certified for using the tool

What does ICMP Type 3/Code 13 mean?

A.

Host Unreachable

B.

Administratively Blocked

C.

Port Unreachable

D.

Protocol Unreachable

When an investigator contacts by telephone the domain administrator or controller listed by
a Who is lookup to request all e-mails sent and received for a user account be preserved,
what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail
records?

A.

Title 18, Section 1030

B.

Title 18, Section 2703(d)

C.

Title 18, Section Chapter 90

D.

Title 18, Section 2703(f)

Which response organization tracks hoaxes as well as viruses?

A.

NIPC

B.

FEDCIRC

C.

CERT

D.

CIAC