Item 2If you come across a sheepdip machine at your client site, what would you infer?

A.

A sheepdip coordinates several honeypots

B.

A sheepdip computer is another name for a honeypot

C.

A sheepdip computer is used only for virus-checking.

D.

A sheepdip computer defers a denial of service attack

If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

A.

deltree command

B.

CMOS

C.

Boot.sys

D.

Scandisk utility

Bob has been trying to penetrate a remote production system for the past two weeks. This
time however, he is able to get into the system. He was able to use the System for a period
of three weeks. However, law enforcement agencies were recoding his every activity and
this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual
Environment?

A.

A Honeypot that traps hackers

B.

A system Using Trojaned commands

C.

An environment set up after the user logs in

D.

An environment set up before a user logs in

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

A.

mcopy

B.

image

C.

MD5

D.

dd

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine that drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and
admissible in future proceeding?

A.

Bit-stream Copy

B.

Robust Copy

C.

Full backup Copy

D.

Incremental Backup Copy

You are assisting a Department of Defense contract company to become compliant with
the stringent security policies set by the DoD. One such strict rule is that firewalls must only
allow incoming connections that were first initiated by internal computers. What type of
firewall must you implement to abide by this policy?

A.

Packet filtering firewall

B.

Circuit-level proxy firewall

C.

Application-level proxy firewall

D.

Stateful firewall

In Linux, what is the smallest possible shellcode?

A.

24 bytes

B.

8 bytes

C.

800 bytes

D.

80 bytes

When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

A.

Multiple access points can be set up on the same channel without any issues

B.

Avoid over-saturation of wireless signals

C.

So that the access points will work on different frequencies

D.

Avoid cross talk

After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks.
What countermeasures could he take to prevent DDoS attacks?

A.

Enable direct broadcasts

B.

Disable direct broadcasts

C.

Disable BGP

D.

Enable BGP

Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside
in the lobby for some employees to get to work and follows behind them when they access
the restricted areas. After entering the main office, he is able to get into the server room
telling the IT manager that there is a problem with the outlets in that room. What type of
attack has the technician performed?

A.

Tailgating

B.

Backtrapping

C.

Man trap attack

D.

Fuzzing

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

A.

Tracert

B.

Smurf scan

C.

Ping trace

D.

ICMP ping sweep

Jason has set up a honeypot environment by creating a DMZ that has no physical or logical
access to his production network. In this honeypot, he has placed a server running
Windows Active Directory. He has also placed a Web server in the DMZ that services a
number of web pages that offer visitors a chance to download sensitive information by
clicking on a button. A week later, Jason finds in his network logs how an intruder accessed
the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

A.

Entrapment

B.

Enticement

C.

Intruding into a honeypot is not illegal

D.

Intruding into a DMZ is not illegal