312-49Preview

Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

Area density refers to:

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case.
How would you permanently erase the data on the hard disk?

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using
Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

When examining a file with a Hex Editor, what space does the file header occupy?

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

What is the target host IP in the following command?

What operating system would respond to the following command?

Software firewalls work at which layer of the OSI model?

What will the following command accomplish?

In a FAT32 system, a 123 KB file will use how many sectors?

How many sectors will a 125 KB file use in a FAT32 file system?

What should you do when approached by a reporter about a case that you are working on or have worked on?

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

What type of equipment would a forensics investigator store in a StrongHold bag?

You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities: When you type this and click on search, you receive a pop-up window that says: "This is a test."
What is the result of this test?

When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

Which password cracking technique uses details such as length of password, character sets used to construct the password, etc.?

Which response organization tracks hoaxes as well as viruses?

When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.