Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

A.

Point-to-point

B.

End-to-end

C.

Thorough

D.

Complete event analysis

Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system?

A.

C: $Recycled.Bin

B.

C: \$Recycle.Bin

C.

C:\RECYCLER

D.

C:\$RECYCLER

Paraben Lockdown device uses which operating system to write hard drive data?

A.

Mac OS

B.

Red Hat

C.

Unix

D.

Windows

Which MySQL log file contains information on server start and stop?

A.

Slow query log file

B.

General query log file

C.

Binary log

D.

Error log file

What type of flash memory card comes in either Type I or Type II and consumes only five percent of the power required by small hard drives?

A.

SD memory

B.

CF memory

C.

MMC memory

D.

SM memory

When reviewing web logs, you see an entry for resource not found in the HTTP status code field. What is the actual error code that you would see in the log for resource not found?

A.

202

B.

404

C.

606

D.

999

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using
Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one
of the servers. Why is that?

A.

RestrictAnonymous must be set to "10" for complete security

B.

RestrictAnonymous must be set to "3" for complete security

C.

RestrictAnonymous must be set to "2" for complete security

D.

There is no way to always prevent an anonymous null session from establishing

What will the following command accomplish?
dd if=/dev/xxx of=mbr.backup bs=512 count=1

A.

Back up the master boot record

B.

Restore the master boot record

C.

Mount the master boot record on the first partition of the hard drive

D.

Restore the first 512 bytes of the first partition of the hard drive

Which of the following standard represents a legal precedent sent in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses’ testimony during federal legal proceedings?

A.

IOCE

B.

SWGDE & SWGIT

C.

Frye

D.

Daubert

Which of the following techniques can be used to beat steganography?

A.

Encryption

B.

Steganalysis

C.

Decryption

D.

Cryptanalysis

What is the first step taken in an investigation for laboratory forensic staff members?

A.

Packaging the electronic evidence

B.

Securing and evaluating the electronic crime scene

C.

Conducting preliminary interviews

D.

Transporting the electronic evidence

Which tool does the investigator use to extract artifacts left by Google Drive on the system?

A.

PEBrowse Professional

B.

RegScanner

C.

RAM Capturer

D.

Dependency Walker