What binary coding is used most often for e-mail purposes?

A.

MIME

B.

Uuencode

C.

IMAP

D.

SMTP

What should you do when approached by a reporter about a case that you are working on or have worked on?

A.

Refer the reporter to the attorney that retained you

B.

Say, "no comment"

C.

Answer all the reporter’s questions as completely as possible

D.

Answer only the questions that help your case

A packet is sent to a router that does not have the packet destination address in its route table. How will the packet get to its proper destination?

A.

Root Internet servers

B.

Border Gateway Protocol

C.

Gateway of last resort

D.

Reverse DNS

You are working for a large clothing manufacturer as a computer forensics investigator and
are called in to investigate an unusual case of an employee possibly stealing clothing
designs from the company and selling them under a different brand name for a different
company. What you discover during the course of the investigation is that the clothing
designs are actually original products of the employee and the company has no policy
against an employee selling his own designs on his own time. The only thing that you can
find that the employee is doing wrong is that his clothing design incorporates the same
graphic symbol as that of the company with only the wording in the graphic being different.
What area of the law is the employee violating?

A.

trademark law

B.

copyright law

C.

printright law

D.

brandmark law

When investigating a network that uses DHCP to assign IP addresses, where would you
look to determine which system (MAC address) had a specific IP address at a specific
time?

A.

on the individual computer's ARP cache

B.

in the Web Server log files

C.

in the DHCP Server log files

D.

there is no way to determine the specific IP address

What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

A.

Cached password hashes for the past 20 users

B.

Service account passwords in plain text

C.

IAS account names and passwords

D.

Local store PKI Kerberos certificates

You are employed directly by an attorney to help investigate an alleged sexual harassment
case at a large pharmaceutical manufacture. While at the corporate office of the company,
the CEO demands to know the status of the investigation. What prevents you from
discussing the case with the CEO?

A.

the attorney-work-product rule

B.

Good manners

C.

Trade secrets

D.

ISO 17799

George is the network administrator of a large Internet company on the west coast. Per
corporate policy, none of the employees in the company are allowed to use FTP or SFTP
programs without obtaining approval from the IT department. Few managers are using
SFTP program on their computers. Before talking to his boss, George wants to have some
proof of their activity. George wants to use Ethereal to monitor network traffic, but only
SFTP traffic to and from his network.
What filter should George use in Ethereal?

A.

src port 23 and dst port 23

B.

udp port 22 and host 172.16.28.1/24

C.

net port 22

D.

src port 22 and dst port 22

When investigating a wireless attack, what information can be obtained from the DHCP logs?

A.

The operating system of the attacker and victim computers

B.

IP traffic between the attacker and the victim

C.

MAC address of the attacker

D.

If any computers on the network are running in promiscuous mode

Which of the following tools will help the investigator to analyze web server logs?

A.

XRY LOGICAL

B.

LanWhois

C.

Deep Log Monitor

D.

Deep Log Analyzer

Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul
has been called upon to help investigate a computer hacking ring broken up by the local
police. Paul begins to inventory the PCs found in the hackers hideout. Paul then comes
across a PDA left by them that is attached to a number of different peripheral devices.
What is the first step that Paul must take with the PDA to ensure the integrity of the
investigation?

A.

Place PDA, including all devices, in an antistatic bag

B.

Unplug all connected devices

C.

Power off all devices if currently on

D.

Photograph and document the peripheral devices

A small law firm located in the Midwest has possibly been breached by a computer hacker
looking to obtain information on their clientele. The law firm does not have any on-site IT
employees, but wants to search for evidence of the breach themselves to prevent any
possible media attention. Why would this not be recommended?

A.

Searching for evidence themselves would not have any ill effects

B.

Searching could possibly crash the machine or device

C.

Searching creates cache files, which would hinder the investigation

D.

Searching can change date/time stamps