- All Exams Instant Download
What can you infer from the exploit given?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode...
When examining a file with a Hex Editor, what space does the file header occupy?
When examining a file with a Hex Editor, what space does the file header occupy?A . the last several bytes of the fileB . the first several bytes of the fileC . none, file headers are contained in the FATD . one byte at the beginning of the fileView AnswerAnswer:...
Before you are called to testify as an expert, what must an attorney do first?
Before you are called to testify as an expert, what must an attorney do first?A . engage in damage controlB . prove that the tools you used to conduct your examination are perfectC . read your curriculum vitae to the juryD . qualify you as an expert witnessView AnswerAnswer: D
An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are ______________ media used to store large amounts of data and are not affected by the magnet.
An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are ______________ media used to...
When investigating a potential e-mail crime, what is your first step in the investigation?
When investigating a potential e-mail crime, what is your first step in the investigation?A . Trace the IP address to its originB . Write a reportC . Determine whether a crime was actually committedD . Recover the evidenceView AnswerAnswer: A
How will these forms be stored to help preserve the chain of custody of the case?
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence...
The MD5 program is used to:
The MD5 program is used to:A . wipe magnetic media before recycling itB . make directories on an evidence diskC . view graphics files on an evidence driveD . verify that a disk is not altered when you examine itView AnswerAnswer: D
Area density refers to:
Area density refers to:A . the amount of data per diskB . the amount of data per partitionC . the amount of data per square inchD . the amount of data per platterView AnswerAnswer: A
In a FAT32 system, a 123 KB file will use how many sectors?
In a FAT32 system, a 123 KB file will use how many sectors?A . 34B . 25C . 11D . 56View AnswerAnswer: B
In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the data.
In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the data.A . Network ForensicsB . Data RecoveryC . Disaster RecoveryD . Computer ForensicsView AnswerAnswer: D
