Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

A.

Linux/Unix computers are easier to compromise

B.

Linux/Unix computers are constantly talking

C.

Windows computers are constantly talking

D.

Windows computers will not respond to idle scans

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

A.

the Microsoft Virtual Machine Identifier

B.

the Personal Application Protocol

C.

the Globally Unique ID

D.

the Individual ASCII String

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis,
he needs to send PDF documents containing sensitive information through E-mail to his
customers.
Bill protects the PDF documents with a password and sends them to their intended
recipients.
Why PDF passwords do not offer maximum protection?

A.

PDF passwords can easily be cracked by software brute force tools

B.

PDF passwords are converted to clear text when sent through E-mail

C.

PDF passwords are not considered safe by Sarbanes-Oxley

D.

When sent through E-mail, PDF passwords are stripped from the document completely

When obtaining a warrant, it is important to:

A.

particularlydescribe the place to be searched and particularly describe the items to be seized

B.

generallydescribe the place to be searched and particularly describe the items to be seized

C.

generallydescribe the place to be searched and generally describe the items to be seized

D.

particularlydescribe the place to be searched and generally describe the items to be seized

Harold is a web designer who has completed a website for ghttech.net. As part of the
maintenance agreement he signed with the client, Harold is performing research online and
seeing how much exposure the site has received so far. Harold navigates to google.com
and types in the following search. link:www.ghttech.net What will this search produce?

A.

All sites that ghttech.net links to

B.

All sites that link to ghttech.net

C.

All search engines that link to .net domains

D.

Sites that contain the code: link:www.ghttech.net

What will the following URL produce in an unpatched IIS Web Server?
http://www.thetargetsite.com/scripts/..%
co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

A.

Directory listing of C: drive on the web server

B.

Insert a Trojan horse into the C: drive of the web server

C.

Execute a buffer flow in the C: drive of the web server

D.

Directory listing of the C:\windows\system32 folder on the web server

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

A.

rules of evidence

B.

law of probability

C.

chain of custody

D.

policy of separation

One technique for hiding information is to change the file extension from the correct one to
one that might not be noticed by an investigator. For example, changing a .jpg extension to
a .doc extension so that a picture file appears to be a document. What can an investigator
examine to verify that a file has the correct extension?

A.

the File Allocation Table

B.

the file header

C.

the file footer

D.

the sector map

Microsoft Outlook maintains email messages in a proprietary format in what type of file?

A.

email

B.

mail

C.

pst

D.

doc

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

A.

The manufacturer of the system compromised

B.

The logic, formatting and elegance of the code used in the attack

C.

The nature of the attack

D.

The vulnerability exploited in the incident

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James
testing against his network?

A.

Smurf

B.

Trinoo

C.

Fraggle

D.

SYN flood

From the following spam mail header, identify the host IP that sent this spam?
From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001
Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk
(8.11.6/8.11.6) with ESMTP id
fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)
Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by
viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1)
with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)
Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk
From: "china hotel web"
To: "Shlam"
Subject: SHANGHAI (HILTON HOTEL) PACKAGE
Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0
X-Priority: 3 X-MSMail-
Priority: Normal
Reply-To: "china hotel web"

A.

137.189.96.52

B.

8.12.1.0

C.

203.218.39.20

D.

203.218.39.50