EC1-349 Online Practice Questions and Answers

When is it appropriate to use computer forensics?

A. If copyright and intellectual property theft/misuse has occurred

B. If employees do not care for their boss?management techniques

C. If sales drop off for no apparent reason for an extended period of time

D. If a financial institution is burglarized by robbers

To calculate the number of bytes on a disk, the formula is: CHS**

A. number of circles x number of halves x number of sides x 512 bytes per sector

B. number of cylinders x number of halves x number of shims x 512 bytes per sector

C. number of cells x number of heads x number of sides x 512 bytes per sector

D. number of cylinders x number of heads x number of sides x 512 bytes per sector

From the following spam mail header, identify the host IP that sent this spam?

From [email protected] [email protected] Tue Nov 27 17:27:11 2001

Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6)

with ESMTP id

fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)

Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk

(8.12.1/8.12.1)

with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)

Message-Id: >[email protected]

From: "china hotel web"

To: "Shlam"

Subject: SHANGHAI (HILTON HOTEL) PACKAGE

Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0

X-Priority: 3 X-MSMail-

Priority: Normal

Reply-To: "china hotel web"

A. 137.189.96.52

B. 8.12.1.0

C. 203.218.39.20

D. 203.218.39.50

TCP/IP (Transmission Control Protocol/Internet Protocol) is a communication protocol used to connect different hosts in the Internet. It contains four layers, namely the network interface layer. Internet layer, transport layer, and application layer.

Which of the following protocols works under the transport layer of TCP/IP?

A. UDP

B. HTTP

C. FTP

D. SNMP

Data files from original evidence should be used for forensics analysis

A. True

B. False

Which of the following file in Novel GroupWise stores information about user accounts?

A. ngwguard.db

B. gwcheck.db

C. PRIV.EDB

D. PRIV.STM

Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?

A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM

B. He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN

C. He should again attempt PIN guesses after a time of 24 hours

D. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM

What is the first step that needs to be carried out to crack the password?

A. A word list is created using a dictionary generator program or dictionaries

B. The list of dictionary words is hashed or encrypted

C. The hashed wordlist is compared against the target hashed password, generally one word at a time

D. If it matches, that password has been cracked and the password cracker displays the unencrypted version of the password

Wireless network discovery tools use two different methodologies to detect, monitor and log a WLAN device (i.e. active scanning and passive scanning). Active scanning methodology involves ____________and waiting for responses from available wireless networks.

A. Broadcasting a probe request frame

B. Sniffing the packets from the airwave

C. Scanning the network

D. Inspecting WLAN and surrounding networks

BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?

A. Header

B. The RGBQUAD array

C. Information header

D. Image data