- All Exams Instant Download
Which of the following are you most interested in when trying to trace the source of the message?
You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?A . The X509 Address B. The SMTP reply Address C. The...
How would you permanently erase the data on the hard disk?
You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?A . Throw the hard disk into the fire B. Run the...
How would you answer?
You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology...
When investigating a Windows System, it is important to view the contents of the page or swap file because:
When investigating a Windows System, it is important to view the contents of the page or swap file because:A . Windows stores all of the systems configuration information in this file B. This is file that windows use to communicate directly with Registry C. A Large volume of data can...
Which of the following formats correctly specifies these sectors?
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?A . 0:1000, 150 B. 0:1709, 150 C. 1:1709, 150 D. 0:1709-1858View AnswerAnswer: B
How will the packet get to its proper destination?
A packet is sent to a router that does not have the packet destination address in its route table. How will the packet get to its proper destination?A . Root Internet servers B. Border Gateway Protocol C. Gateway of last resort D. Reverse DNSView AnswerAnswer: C
What tool should you use?
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their...
In what state are these ports?
Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?A . Closed B. Open C....
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to:
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to:A . Automate Collection from image files B. Avoiding copying data from the boot partition C. Acquire data from host-protected area on a disk D. Prevent Contamination to the evidence driveView...
When obtaining a warrant, it is important to:
When obtaining a warrant, it is important to:A . particularlydescribe the place to be searched and particularly describe the items to be seized B. generallydescribe the place to be searched and particularly describe the items to be seized C. generallydescribe the place to be searched and generally describe the items...
