- All Exams Instant Download
Item 2If you come across a sheepdip machine at your client site, what would you infer?
Item 2If you come across a sheepdip machine at your client site, what would you infer?A . A sheepdip coordinates several honeypotsB . A sheepdip computer is another name for a honeypotC . A sheepdip computer is used only for virus-checking.D . A sheepdip computer defers a denial of service...
When conducting computer forensic analysis, you must guard against ______________. So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.
When conducting computer forensic analysis, you must guard against ______________. So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.A . Hard Drive FailureB . Scope CreepC . Unauthorized expensesD . Overzealous marketingView AnswerAnswer: B
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?A . Title 18, Section 1030B...
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?A . 128B . 64C . 32D . 16View AnswerAnswer: C
With Regard to using an Antivirus scanner during a computer forensics investigation, You should:
With Regard to using an Antivirus scanner during a computer forensics investigation, You should:A . Scan the suspect hard drive before beginning an investigationB . Never run a scan on your forensics workstation because it could change your systems configurationC . Scan your forensics workstation at intervals of no more...
Which of the following would be your recommendations?
Lance wants to place a honeypot on his network. Which of the following would be your recommendations?A . Use a system that has a dynamic addressing on the networkB . Use a system that is not directly interacting with the routerC . Use it on a system in an external DMZ...
What TCP/UDP port does the toolkit program netstat use?
What TCP/UDP port does the toolkit program netstat use?A . Port 7B . Port 15C . Port 23D . Port 69View AnswerAnswer: B
Which of the following formats correctly specifies these sectors?
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?A . 0:1000, 150B . 0:1709, 150C . 1:1709, 150D . 0:1709-1858View AnswerAnswer: B
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?A . The system files have been copied by a remote attackerB . The system administrator has created an incremental backupC . The system has been compromised using a t0rnrootkitD ....
How many sectors will a 125 KB file use in a FAT32 file system?
How many sectors will a 125 KB file use in a FAT32 file system?A . 32B . 16C . 256D . 25View AnswerAnswer: C
