Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

A.

ATM

B.

UDP

C.

BPG

D.

OSPF

You are working on a thesis for your doctorate degree in Computer Science. Your thesis is
based on HTML, DHTML, and other web-based languages and how they have evolved
over the years.
You navigate to archive. org and view the HTML code of news.com. You then navigate to
the current news.com website and copy over the source code. While searching through the
code, you come across something abnormal: What have you found?

A.

Web bug

B.

CGI code

C.

Trojan.downloader

D.

Blind bug

You have compromised a lower-level administrator account on an Active Directory network
of a small company in Dallas, Texas. You discover Domain Controllers through
enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe.
What are you trying to accomplish here?

A.

Poison the DNS records with false records

B.

Enumerate MX and A records from DNS

C.

Establish a remote connection to the Domain Controller

D.

Enumerate domain user accounts and built-in groups

As a security analyst, you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?

A.

The IP address of the employees’ computers

B.

Bank account numbers and the corresponding routing numbers

C.

The employees network usernames and passwords

D.

The MAC address of the employees’ computers

You are working as a Computer forensics investigator for a corporation on a computer
abuse case. You discover evidence that shows the subject of your investigation is also
embezzling money from the company. The company CEO and the corporate legal counsel
advise you to contact law enforcement and provide them with the evidence that you have
found. The law enforcement officer that responds requests that you put a network sniffer on
your network and monitor all traffic to the subject’s computer. You inform the officer that
you will not be able to comply with that request because doing so would:

A.

Violate your contract

B.

Cause network congestion

C.

Make you an agent of law enforcement

D.

Write information to the subject’s hard drive

Which of the following is NOT a graphics file?

A.

Picture1.tga

B.

Picture2.bmp

C.

Picture3.nfo

D.

Picture4.psd

Volatile Memory is one of the leading problems for forensics. Worms such as code Red are
memory resident and do write themselves to the hard drive, if you turn the system off they
disappear. In a lab environment, which of the following options would you suggest as the
most appropriate to overcome the problem of capturing volatile memory?

A.

Use VMware to be able to capture the data in memory and examine it

B.

Give the Operating System a minimal amount of memory, forcing it to use a swap file

C.

Create a Separate partition of several hundred megabytes and place the swap file there

D.

Use intrusion forensic techniques to study memory resident infections

The offset in a hexadecimal code is:

A.

The last byte after the colon

B.

The 0x at the beginning of the code

C.

The 0x at the end of the code

D.

 The first byte after the colon

In the context of file deletion process, which of the following statement holds true?

A.

When files are deleted, the data is overwritten and the cluster marked as available

B.

The longer a disk is in use, the less likely it is that deleted files will be overwritten

C.

While booting, the machine may create temporary files that can delete evidence

D.

Secure delete programs work by completely overwriting the file in one go

Corporate investigations are typically easier than public investigations because:

A.

the users have standard corporate equipment and software

B.

the investigator does not have to get a warrant

C.

the investigator has to get a warrant

D.

the users can load whatever they want on their machines

Software firewalls work at which layer of the OSI model?

A.

Application

B.

Network

C.

Transport

D.

Data Link

When you carve an image, recovering the image depends on which of the following skills?

A.

Recognizing the pattern of the header content

B.

Recovering the image from a tape backup

C.

Recognizing the pattern of a corrupt file

D.

Recovering the image from the tape backup