لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Item 2If you come across a sheepdip machine at your client site, what would you infer?
A. sheepdip coordinates several honeypots
B. sheepdip computer is another name for a honeypot
C. sheepdip computer is used only for virus-checking
D. sheepdip computer defers a denial of service attack
عرض الإجابة
اجابة صحيحة: C
السؤال #2
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
A. ules of evidence
B. aw of probability
C. hain of custody
D. olicy of separation
عرض الإجابة
اجابة صحيحة: C
السؤال #3
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 28
B. 4
C. 2
D. 6
عرض الإجابة
اجابة صحيحة: C
السؤال #4
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
A. eb bug
B. GI code
C. rojan
D. lind bug
عرض الإجابة
اجابة صحيحة: A
السؤال #5
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
A. :1000, 150
B. :1709, 150
C. :1709, 150
D. :1709-1858
عرض الإجابة
اجابة صحيحة: B
السؤال #6
A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)03/15-20:21:24.107053 211.185.12
A. he attacker has conducted a network sweep on port 111
B. he attacker has scanned and exploited the system using Buffer Overflow
C. he attacker has used a Trojan on port 32773
D. he attacker has installed a backdoor
عرض الإجابة
اجابة صحيحة: A
السؤال #7
The newer Macintosh Operating System is based on:
A. S/2
B. SD Unix
C. inux
D. icrosoft Windows
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Before you are called to testify as an expert, what must an attorney do first?
A. ngage in damage control
B. rove that the tools you used to conduct your examination are perfect
C. ead your curriculum vitae to the jury
D. ualify you as an expert witness
عرض الإجابة
اجابة صحيحة: D
السؤال #9
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer dat
A. reate a compressed copy of the file with DoubleSpace
B. reate a sparse data copy of a folder or file
C. ake a bit-stream disk-to-image file
D. ake a bit-stream disk-to-disk file
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
A. ast processor to help with network traffic analysis
B. hey must be dual-homed
C. imilar RAM requirements
D. ast network interface cards
عرض الإجابة
اجابة صحيحة: B
السؤال #11
Which of the following is an application that requires a host application for replication?
A. icro
B. orm
C. rojan
D. irus
عرض الإجابة
اجابة صحيحة: D
السؤال #12
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
A. aros Proxy
B. BProxy
C. BCrack
D. looover
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
A. estore a random file
B. erform a full restore
C. ead the first 512 bytes of the tape
D. ead the last 512 bytes of the tape
عرض الإجابة
اجابة صحيحة: B
السؤال #14
Which of the following describes the characteristics of a Boot Sector Virus?
A. oves the MBR to another location on the RAM and copies itself to the original location of the MBR
B. oves the MBR to another location on the hard disk and copies itself to the original location of the MBR
C. odifies directory table entries so that directory entries point to the virus code instead of the actual program
D. verwrites the original MBR and only executes the new virus code
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Which statement is TRUE regarding network firewalls preventing Web Application attacks?
A. etwork firewalls can prevent attacks because they can detect malicious HTTP traffic
B. etwork firewalls cannot prevent attacks because ports 80 and 443 must be opened
C. etwork firewalls can prevent attacks if they are properly configured
D. etwork firewalls cannot prevent attacks because they are too complex to configure
عرض الإجابة
اجابة صحيحة: B
السؤال #16
Which of the following programs is usually targeted at Microsoft Office products?
A. olymorphic virus
B. ultipart virus
C. acro virus
D. tealth virus
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Bluetooth uses which digital modulation technique to exchange information between paired devices?
A. SK (phase-shift keying)
B. SK (frequency-shift keying)
C. SK (amplitude-shift keying)
D. AM (quadrature amplitude modulation)
عرض الإجابة
اجابة صحيحة: A
السؤال #18
In order to show improvement of security over time, what must be developed?
A. eports
B. esting tools
C. etrics
D. axonomy of vulnerabilities
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Passive reconnaissance involves collecting information through which of the following?
A. ocial engineering
B. etwork traffic sniffing
C. an in the middle attacks
D. ublicly accessible sources
عرض الإجابة
اجابة صحيحة: D
السؤال #20
While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What We
A. lickjacking
B. ross-Site Scripting
C. ross-Site Request Forgery
D. eb form input validation
عرض الإجابة
اجابة صحيحة: C
السؤال #21
Which service in a PKI will vouch for the identity of an individual or company?
A. DC
B. R
C. BC
D. A
عرض الإجابة
اجابة صحيحة: D
السؤال #22
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
A. DAP Injection attack
B. ross-Site Scripting (XSS)
C. QL injection attack
D. ross-Site Request Forgery (CSRF)
عرض الإجابة
اجابة صحيحة: B
السؤال #23
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?
A. pplication
B. ransport
C. ession
D. resentation
عرض الإجابة
اجابة صحيحة: D
السؤال #24
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
A. he WAP does not recognize the client's MAC address
B. he client cannot see the SSID of the wireless network
C. lient is configured for the wrong channel
D. he wireless client is not configured to use DHCP
عرض الإجابة
اجابة صحيحة: A
السؤال #25
If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use?
A. r
B. F
C. P
D. sP
عرض الإجابة
اجابة صحيحة: B
السؤال #26
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
A. OA
B. iometrics
C. ingle sign on
D. KI
عرض الإجابة
اجابة صحيحة: D
السؤال #27
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She
A. ocial engineering
B. iggybacking
C. ailgating
D. avesdropping
عرض الإجابة
اجابة صحيحة: A
السؤال #28
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
A. raceroute
B. ping
C. CP ping
D. roadcast ping
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Which is the first step followed by Vulnerability Scanners for scanning a network?
A. S Detection
B. irewall detection
C. CP/UDP Port scanning
D. hecking if the remote host is alive
عرض الإجابة
اجابة صحيحة: D
السؤال #30
In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56?bits. Which is this encryption algorithm?
A. DEA
B. riple Data Encryption Standard
C. ES
D. D5 encryption algorithm
عرض الإجابة
اجابة صحيحة: B
السؤال #31
John is investigating web-application firewall logs and observers that someone is attempting to inject the following:What type of attack is this?
A. QL injection
B. uffer overflow
C. SRF
D. SS
عرض الإجابة
اجابة صحيحة: B
السؤال #32
John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization.Which of the following attack techniques is used by John?
A. nsider threat
B. iversion theft
C. pear-phishing sites
D. dvanced persistent threat
عرض الإجابة
اجابة صحيحة: D
السؤال #33
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
A. map -A - Pn
B. map -sP -p-65535 -T5
C. map -sT -O -T0
D. map -A --host-timeout 99 -T1
عرض الإجابة
اجابة صحيحة: C
السؤال #34
This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve.Which is this wireless security protocol?
A. PA3-Personal
B. PA3-Enterprise
C. PA2-Enterprise
D. PA2-Personal
عرض الإجابة
اجابة صحيحة: B
السؤال #35
What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?
A. ttpd
B. dministration
C. hp
D. dq
عرض الإجابة
اجابة صحيحة: C
السؤال #36
Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. He further exp
A. owelroot
B. native
C. ANTI
D. luto
عرض الإجابة
اجابة صحيحة: D
السؤال #37
Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords.Which of the following tools would not be useful for cracking the hashed passwords?
A. ashcat
B. ohn the Ripper
C. HC-Hydra
D. etcat
عرض الإجابة
اجابة صحيحة: B
السؤال #38
Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a specified target URL?
A. inurl:]
B. info:]
C. site:]
D. related:]
عرض الإجابة
اجابة صحيحة: D
السؤال #39
You are a penetration tester working to test the user awareness of the employees of the client XYZ. You harvested two employees’ emails from some public sources and are creating a client-side backdoor to send it to the employees via email.Which stage of the cyber kill chain are you at?
A. econnaissance
B. eaponization
C. ommand and control
D. xploitation
عرض الإجابة
اجابة صحيحة: D
السؤال #40
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
A. itle 18, Section 1030
B. itle 18, Section 2703(d)
C. itle 18, Section Chapter 90
D. itle 18, Section 2703(f)
عرض الإجابة
اجابة صحيحة: D
السؤال #41
Item 2If you come across a sheepdip machine at your client site, what would you infer?
A. sheepdip coordinates several honeypots
B. sheepdip computer is another name for a honeypot
C. sheepdip computer is used only for virus-checking
D. sheepdip computer defers a denial of service attack
عرض الإجابة
اجابة صحيحة: C
السؤال #42
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
A. ules of evidence
B. aw of probability
C. hain of custody
D. olicy of separation
عرض الإجابة
اجابة صحيحة: C
السؤال #43
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 28
B. 4
C. 2
D. 6
عرض الإجابة
اجابة صحيحة: C
السؤال #44
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
A. eb bug
B. GI code
C. rojan
D. lind bug
عرض الإجابة
اجابة صحيحة: A
السؤال #45
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
A. :1000, 150
B. :1709, 150
C. :1709, 150
D. :1709-1858
عرض الإجابة
اجابة صحيحة: B
السؤال #46
A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)03/15-20:21:24.107053 211.185.12
A. he attacker has conducted a network sweep on port 111
B. he attacker has scanned and exploited the system using Buffer Overflow
C. he attacker has used a Trojan on port 32773
D. he attacker has installed a backdoor
عرض الإجابة
اجابة صحيحة: A
السؤال #47
The newer Macintosh Operating System is based on:
A. S/2
B. SD Unix
C. inux
D. icrosoft Windows
عرض الإجابة
اجابة صحيحة: B
السؤال #48
Before you are called to testify as an expert, what must an attorney do first?
A. ngage in damage control
B. rove that the tools you used to conduct your examination are perfect
C. ead your curriculum vitae to the jury
D. ualify you as an expert witness
عرض الإجابة
اجابة صحيحة: D
السؤال #49
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer dat
A. reate a compressed copy of the file with DoubleSpace
B. reate a sparse data copy of a folder or file
C. ake a bit-stream disk-to-image file
D. ake a bit-stream disk-to-disk file
عرض الإجابة
اجابة صحيحة: C
السؤال #50
What is the First Step required in preparing a computer for forensics investigation?
A. o not turn the computer off or on, run any programs, or attempt to access data on a computer
B. ecure any relevant media
C. uspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
D. dentify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination
عرض الإجابة
اجابة صحيحة: A
السؤال #51
Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident.
A. rue
B. alse
عرض الإجابة
اجابة صحيحة: A
السؤال #52
Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?
A. et sessions
B. et file
C. etconfig
D. et share
عرض الإجابة
اجابة صحيحة: B
السؤال #53
The Recycle Bin exists as a metaphor for throwing files away, but it also allows user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to the log file that exists in the Recycle Bin.Which of the following files contains records that correspond to each deleted file in the Recycle Bin?
A. NFO2 file
B. NFO1 file
C. OGINFO2 file
D. OGINFO1 file
عرض الإجابة
اجابة صحيحة: A
السؤال #54
An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?
A. everse Social Engineering
B. ailgating
C. iggybacking
D. nnounced
عرض الإجابة
اجابة صحيحة: B
السؤال #55
Which of the following is the best countermeasure to encrypting ransomwares?
A. se multiple antivirus softwares
B. eep some generation of off-line backup
C. nalyze the ransomware to get decryption key of encrypted data
D. ay a ransom
عرض الإجابة
اجابة صحيحة: B
السؤال #56
If an attacker uses the command SELECT*FROM user WHERE name = "?x' AND userid IS NULL; --"?; which type of SQL injection attack is the attacker performing?
A. nd of Line Comment
B. NION SQL Injection
C. llegal/Logically Incorrect Query
D. autology
عرض الإجابة
اجابة صحيحة: A
السؤال #57
Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?
A. ull Disk encryption
B. IOS password
C. idden folders
D. assword protected files
عرض الإجابة
اجابة صحيحة: A
السؤال #58
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", that the user is directed to a phishing site.Which file does the attacker need to modify?
A. oot
B. udoers
C. etworks
D. osts
عرض الإجابة
اجابة صحيحة: D
السؤال #59
Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?
A. roduces less false positives
B. an identify unknown attacks
C. equires vendor updates for a new threat
D. annot deal with encrypted network traffic
عرض الإجابة
اجابة صحيحة: B
السؤال #60
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.Which command would you use?
A. :\gpedit
B. :\compmgmt
C. :\ncpa
D. :\services
عرض الإجابة
اجابة صحيحة: B
السؤال #61
Which of the following act requires employer's standard national numbers to identify them on standard transactions?
A. OX
B. IPAA
C. MCA
D. CI-DSS
عرض الإجابة
اجابة صحيحة: B
السؤال #62
In Wireshark, the packet bytes panes show the data of the current packet in which format?
A. ecimal
B. SCII only
C. inary
D. exadecimal
عرض الإجابة
اجابة صحيحة: D
السؤال #63
_________ is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.
A. NSSEC
B. esource records
C. esource transfer
D. one transfer
عرض الإجابة
اجابة صحيحة: A
السؤال #64
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
A. ast processor to help with network traffic analysis
B. hey must be dual-homed
C. imilar RAM requirements
D. ast network interface cards
عرض الإجابة
اجابة صحيحة: B
السؤال #65
Which of the following is an application that requires a host application for replication?
A. icro
B. orm
C. rojan
D. irus
عرض الإجابة
اجابة صحيحة: D
السؤال #66
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
A. aros Proxy
B. BProxy
C. BCrack
D. looover
عرض الإجابة
اجابة صحيحة: B
السؤال #67
Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
A. estore a random file
B. erform a full restore
C. ead the first 512 bytes of the tape
D. ead the last 512 bytes of the tape
عرض الإجابة
اجابة صحيحة: B
السؤال #68
Which of the following describes the characteristics of a Boot Sector Virus?
A. oves the MBR to another location on the RAM and copies itself to the original location of the MBR
B. oves the MBR to another location on the hard disk and copies itself to the original location of the MBR
C. odifies directory table entries so that directory entries point to the virus code instead of the actual program
D. verwrites the original MBR and only executes the new virus code
عرض الإجابة
اجابة صحيحة: B
السؤال #69
Which statement is TRUE regarding network firewalls preventing Web Application attacks?
A. etwork firewalls can prevent attacks because they can detect malicious HTTP traffic
B. etwork firewalls cannot prevent attacks because ports 80 and 443 must be opened
C. etwork firewalls can prevent attacks if they are properly configured
D. etwork firewalls cannot prevent attacks because they are too complex to configure
عرض الإجابة
اجابة صحيحة: B
السؤال #70
Which of the following programs is usually targeted at Microsoft Office products?
A. olymorphic virus
B. ultipart virus
C. acro virus
D. tealth virus
عرض الإجابة
اجابة صحيحة: C
السؤال #71
Bluetooth uses which digital modulation technique to exchange information between paired devices?
A. SK (phase-shift keying)
B. SK (frequency-shift keying)
C. SK (amplitude-shift keying)
D. AM (quadrature amplitude modulation)
عرض الإجابة
اجابة صحيحة: A
السؤال #72
In order to show improvement of security over time, what must be developed?
A. eports
B. esting tools
C. etrics
D. axonomy of vulnerabilities
عرض الإجابة
اجابة صحيحة: C
السؤال #73
Passive reconnaissance involves collecting information through which of the following?
A. ocial engineering
B. etwork traffic sniffing
C. an in the middle attacks
D. ublicly accessible sources
عرض الإجابة
اجابة صحيحة: D
السؤال #74
Deposition enables opposing counsel to preview an expert witness's testimony at trial.Which of the following deposition is not a standard practice?
A. Both attorneys are present
B. Only one attorneys is present
C. No jury or judge
D. Opposing counsel asks questions
عرض الإجابة
اجابة صحيحة: B
السؤال #75
If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?
A. 4 Sectors
B. 5 Sectors
C. 6 Sectors
D. 7 Sectors
عرض الإجابة
اجابة صحيحة: C
السؤال #76
Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #77
During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #78
Which one of the following is not a consideration in a forensic readiness planning checklist?
A. Define the business states that need digital evidence
B. Identify the potential evidence available
C. Decide the procedure for securely collecting the evidence that meets the requirement fn a forensically sound manner
D. Take permission from all employees of the organization
عرض الإجابة
اجابة صحيحة: D
السؤال #79
When collecting electronic evidence at the crime scene, the collection should proceed from the most volatile to the least volatile
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #80
What is a chain of custody?
A. A legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory
B. It is a search warrant that is required for seizing evidence at a crime scene
C. It Is a document that lists chain of windows process events
D. Chain of custody refers to obtaining preemptive court order to restrict further damage of evidence in electronic seizures
عرض الإجابة
اجابة صحيحة: A
السؤال #81
Data is striped at a byte level across multiple drives and parity information is distributed among all member drives.What RAID level is represented here?
A. RAID Level0
B. RAID Level 1
C. RAID Level 3
D. RAID Level 5
عرض الإجابة
اجابة صحيحة: D
السؤال #82
Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details of the incident and should be clear to understand. Which of the following attributes of a forensics report can render it inadmissible in a court of law?
A. It includes metadata about the incident
B. It includes relevant extracts referred to In the report that support analysis or conclusions
C. It is based on logical assumptions about the incident timeline
D. It maintains a single document style throughout the text
عرض الإجابة
اجابة صحيحة: C
السؤال #83
Email spoofing refers to:
A. The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source
B. The criminal act of sending an illegitimate email, falsely claiming to be from a legitimate site in an attempt to acquire the user's personal or account information
C. Sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address Is hosted to cause a denial-of-service attack
D. A sudden spike of "Reply All" messages on an email distribution list, caused by one misdirected message
عرض الإجابة
اجابة صحيحة: A
السؤال #84
Volatile information can be easily modified or lost when the system is shut down or rebooted. It helps to determine a logical timeline of the security incident and the users who would be responsible.
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #85
A steganographic file system is a method to store the files in a way that encrypts and hides the data without the knowledge of others
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #86
Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?
A. Wireless router
B. Wireless modem
C. Antenna
D. Mobile station
عرض الإجابة
اجابة صحيحة: A
السؤال #87
Data Acquisition is the process of imaging or otherwise obtaining information from a digital device and its peripheral equipment and media
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #88
LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.
A. Sequential number
B. Index number
C. Operating system number
D. Sector number
عرض الإجابة
اجابة صحيحة: A
السؤال #89
File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?
A. The last letter of a file name is replaced by a hex byte code E5h
B. The operating system marks the file's name in the MFT with a special character that indicates that the file has been deleted
C. Corresponding clusters in FAT are marked as used
D. The computer looks at the clusters occupied by that file and does not avails space to store a new file
عرض الإجابة
اجابة صحيحة: B
السؤال #90
Networks are vulnerable to an attack which occurs due to overextension of bandwidth, bottlenecks, network data interception, etc.Which of the following network attacks refers to a process in which an attacker changes his or her IP address so that he or she appears to be someone else?
A. IP address spoofing
B. Man-in-the-middle attack
C. Denial of Service attack
D. Session sniffing
عرض الإجابة
اجابة صحيحة: A
السؤال #91
The evolution of web services and their increasing use in business offers new attack vectors in an application framework. Web services are based on XML protocols such as web Services Definition Language (WSDL) for describing the connection points, UniversalDescription, Discovery, and Integration (UDDI) for the description and discovery of Web services and Simple Object Access Protocol (SOAP) for communication between Web services that are vulnerable to various web application threats. Which of the following
A. Presentation Layer
B. Security Layer
C. Discovery Layer
D. Access Layer
عرض الإجابة
اجابة صحيحة: C
السؤال #92
The ARP table of a router comes in handy for Investigating network attacks, as the table contains IP addresses associated with the respective MAC addresses.The ARP table can be accessed using the __________command in Windows 7.
A. C:\arp -a
B. C:\arp -d
C. C:\arp -s
D. C:\arp -b
عرض الإجابة
اجابة صحيحة: A
السؤال #93
What document does the screenshot represent?
A. Chain of custody form
B. Search warrant form
C. Evidence collection form
D. Expert witness form
عرض الإجابة
اجابة صحيحة: A
السؤال #94
Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd.Identify the attack referred.
A. Directory traversal
B. SQL Injection
C. XSS attack
D. File injection
عرض الإجابة
اجابة صحيحة: A
السؤال #95
What is a SCSI (Small Computer System Interface)?
A. A set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drives
B. A standard electronic interface used between a computer motherboard's data paths or bus and the computer's disk storage devices
C. A "plug-and-play" interface, which allows a device to be added without an adapter card and without rebooting the computer
D. A point-to-point serial bi-directional interface for transmitting data between computer devices at data rates of up to 4 Gbps
عرض الإجابة
اجابة صحيحة: A
السؤال #96
Billy, a computer forensics expert, has recovered a large number of DBX files during forensic investigation of a laptop. Which of the following email clients he can use to analyze the DBX files?
A. Microsoft Outlook
B. Microsoft Outlook Express
C. Mozilla Thunderoird
D. Eudora
عرض الإجابة
اجابة صحيحة: B
السؤال #97
Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?
A. 18 USC 7029
B. 18 USC 7030
C. 18 USC 7361
D. 18 USC 7371
عرض الإجابة
اجابة صحيحة: B
السؤال #98
What is a bit-stream copy?
A. Bit-Stream Copy is a bit-by-bit copy of the original storage medium and exact copy of the original disk
B. A bit-stream image is the file that contains the NTFS files and folders of all the data on a disk or partition
C. A bit-stream image is the file that contains the FAT32 files and folders of all the data on a disk or partition
D. Creating a bit-stream image transfers only non-deleted files from the original disk to the image disk
عرض الإجابة
اجابة صحيحة: A
السؤال #99
Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident.
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #100
According to US federal rules, to present a testimony in a court of law, an expert witness needs to furnish certain information to prove his eligibility. Jason, a qualified computer forensic expert who has started practicing two years back, was denied an expert testimony in a computer crime case by the US Court of Appeals for the Fourth Circuit in Richmond,Virginia. Considering the US federal rules, what could be the most appropriate reason for the court to reject Jason's eligibility as an expert witness?
A. Jason was unable to furnish documents showing four years of previous experience in the field
B. Being a computer forensic expert, Jason is not eligible to present testimony in a computer crime case
C. Jason was unable to furnish documents to prove that he is a computer forensic expert
D. Jason was not aware of legal issues involved with computer crimes
عرض الإجابة
اجابة صحيحة: A
السؤال #101
Syslog is a client/server protocol standard for forwarding log messages across an IP network. Syslog uses ___________to transfer log messages in a clear text format.
A. TCP
B. FTP
C. SMTP
D. POP
عرض الإجابة
اجابة صحيحة: A
السؤال #102
Which of the following statements is incorrect when preserving digital evidence?
A. Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
B. Verily if the monitor is in on, off, or in sleep mode
C. Remove the power cable depending on the power state of the computer i
D. Turn on the computer and extract Windows event viewer log files
عرض الإجابة
اجابة صحيحة: D
السؤال #103
An Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Which of the following statement is true for NTP Stratum Levels?
A. Stratum-0 servers are used on the network; they are not directly connected to computers which then operate as stratum-1 servers
B. Stratum-1 time server is linked over a network path to a reliable source of UTC time such as GPS, WWV, or CDMA transmissions
C. A stratum-2 server is directly linked (not over a network path) to a reliable source of UTC time such as GPS, WWV, or CDMA transmissions
D. A stratum-3 server gets its time over a network link, via NTP, from a stratum-2 server, and so on
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.