Ensurepass    QUESTION 111 In what circumstances would you conduct searches without a warrant?   A. When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity B. Agents may search a place or object without a warrant if he suspect the crime was committed C. A search warrant is not required if the crime involves Denial-Of-Service attack over Read more [...]
Ensurepass  QUESTION 81 File signature analysis involves collecting information from the __________ of a file to determine the type and function of the file   A. First 10 bytes B. First 20 bytes C. First 30 bytes D. First 40 bytes   Correct Answer: B     QUESTION 82 In an echo data hiding technique, the secret message is embedded into a __________ as an echo.   A. Cover audio signal B. Phase spectrum of a digital signal C. Pseudo-random signal Read more [...]
Ensurepass  QUESTION 91 Data files from original evidence should be used for forensics analysis   A. True B. False   Correct Answer: B     QUESTION 92 Attacker uses vulnerabilities in the authentication or session management functions such as exposed accounts, session IDs, logout, password management, timeouts, remember me. secret question, account update etc. to impersonate users, if a user simply closes the browser without logging out from sites accessed through Read more [...]
Ensurepass  QUESTION 101 File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?   A. The last letter of a file name is replaced by a hex byte code E5h B. The operating system marks the file's name in the MFT with a special character that indicates that the file has been deleted C. Corresponding clusters in FAT are marked as used D. The computer looks at the clusters occupied by that file and does not avails Read more [...]
Ensurepass    QUESTION 51 Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd. Identify the attack referred.   A. Directory traversal B. SQL Injection C. XSS attack D. File injection   Correct Answer: A     QUESTION 52 What is a SCSI (Small Computer System Interface)?   A. A set of ANSI standard electronic Read more [...]
Ensurepass  QUESTION 61 Email spoofing refers to:   A. The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source B. The criminal act of sending an illegitimate email, falsely claiming to be from a legitimate site in an attempt to acquire the user's personal or account information C. Sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email Read more [...]
Ensurepass  QUESTION 71 Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?   A. It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and Read more [...]
EnsurepassQUESTION 31 You can interact with the Registry through intermediate programs. Graphical user interface (GUI) Registry editors such as Regedit.exe or Regedt32 exe are commonly used as intermediate programs in Windows 7. Which of the following is a root folder of the registry editor?   A. HKEY_USERS B. HKEY_LOCAL_ADMIN C. HKEY_CLASSES_ADMIN D. HKEY_CLASSES_SYSTEM   Correct Answer: A     QUESTION 32 According to US federal rules, to present a testimony in Read more [...]
Ensurepass  QUESTION 41 Which of the following reports are delivered under oath to a board of directors/managers/panel of jury?   A. Written informal Report B. Verbal Formal Report C. Written Formal Report D. Verbal Informal Report   Correct Answer: B           QUESTION 42 Computer security logs contain information about the events occurring within an organization's systems and networks. Which of the following security logs contains Logs of network Read more [...]
Ensurepass  QUESTION 11 P0P3 (Post Office Protocol 3) is a standard protocol for receiving email that deletes mail on the server as soon as the user downloads it. When a message arrives, the POP3 server appends it to the bottom of the recipient's account file, which can be retrieved by the email client at any preferred time. Email client connects to the POP3 server at _______________ by default to fetch emails.   A. Port 109 B. Port 110 C. Port 115 D. Port 123   Correct Read more [...]
Ensurepass  QUESTION 21 Physical security recommendations: There should be only one entrance to a forensics lab.   A. True B. False   Correct Answer: A     QUESTION 22 Syslog is a client/server protocol standard for forwarding log messages across an IP network. Syslog uses ___________to transfer log messages in a clear text format.   A. TCP B. FTP C. SMTP D. POP   Correct Answer: A     QUESTION 23 Which of the following attacks allows Read more [...]