312-49 Exam Dumps | George is the network administrator of a large Internet company on the west coast. Per corporate policy,

<< Prev Question Next Question >>

Question 65/310

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?

A. net port 22

B. src port 22 and dst port 22

C. udp port 22 and host 172.16.28.1/24

D. src port 23 and dst port 23

Question List (310q): Question 1: Who is responsible for the following tasks? Secure the scene...; Question 2: Which Intrusion Detection System (IDS) usually produces the ...; Question 3: Why is it a good idea to perform a penetration test from the...; Question 4: Meyer Electronics Systems just recently had a number of lapt...; Question 5: What should you do when approached by a reporter about a cas...; Question 6: You are the security analyst working for a private company o...; Question 7: What will the following command produce on a website login p...; Question 8: Lance wants to place a honeypot on his network. Which of the...; Question 9: Davidson Trucking is a small transportation company that has...; Question 10: To check for POP3 traffic using Ethereal, what port should a...; Question 11: Corporate investigations are typically easier than public in...; Question 12: You have been called in to help with an investigation of an ...; Question 13: What is the smallest physical storage unit on a hard drive?...; Question 14: What is the target host IP in the following command?...; Question 15: When you carve an image, recovering the image depends on whi...; Question 16: A packet is sent to a router that does not have the packet d...; Question 17: You have used a newly released forensic investigation tool, ...; Question 18: Using Internet logging software to investigate a case of mal...; Question 19: What feature of Decryption Collection allows an investigator...; Question 20: You just passed your ECSA exam and are about to start your f...; Question 21: You are called by an author who is writing a book and he wan...; Question 22: Paul's company is in the process of undergoing a complete se...; Question 23: In Microsoft file structures, sectors are grouped together t...; Question 24: Jason has set up a honeypot environment by creating a DMZ th...; Question 25: A state department site was recently attacked and all the se...; Question 26: On Linux/Unix based Web servers, what privilege should the d...; Question 27: E-mail logs contain which of the following information to he...; 3 commentQuestion 28: Sniffers that place NICs in promiscuous mode work at what la...; Question 29: When operating systems mark a cluster as used but not alloca...; Question 30: You are a computer forensics investigator working with local...; Question 31: An investigator is searching through the firewall logs of a ...; Question 32: What are the security risks of running a "repair" installati...; Question 33: In the context of file deletion process, which of the follow...; Question 34: You are a security analyst performing reconnaissance on a co...; Question 35: What layer of the OSI model do TCP and UDP utilize?...; Question 36: Which of the following tool captures and allows you to inter...; Question 37: The following excerpt is taken from a honeypot log. The log ...; Question 38: How many bits is Source Port Number in TCP Header packet?...; Question 39: What will the following command accomplish in Linux? fdisk /...; Question 40: A picture file is recovered from a computer under investigat...; Question 41: Which is a standard procedure to perform during all computer...; Question 42: Michael works for Kimball Construction Company as senior sec...; Question 43: Which forensic investigating concept trails the whole incide...; Question 44: Jacob is a computer forensics investigator with over 10 year...; Question 45: When examining the log files from a Windows IIS Web Server, ...; Question 46: When obtaining a warrant, it is important to:...; Question 47: With Regard to using an Antivirus scanner during a computer ...; Question 48: Under which Federal Statutes does FBI investigate for comput...; Question 49: As a CHFI professional, which of the following is the most i...; Question 50: When you are running a vulnerability scan on a network and t...; Question 51: In conducting a computer abuse investigation you become awar...; Question 52: When examining a file with a Hex Editor, what space does the...; Question 53: In a computer forensics investigation, what describes the ro...; Question 54: What type of attack sends spoofed UDP packets (instead of pi...; Question 55: You are called in to assist the police in an investigation i...; Question 56: In what way do the procedures for dealing with evidence in a...; Question 57: Where are files temporarily written in Unix when printing?...; Question 58: Your company's network just finished going through a SAS 70 ...; Question 59: Why would a company issue a dongle with the software they se...; Question 60: You have been asked to investigate the possibility of comput...; Question 61: Heather, a computer forensics investigator, is assisting a g...; Question 62: When a file is deleted by Windows Explorer or through the MS...; Question 63: When carrying out a forensics investigation, why should you ...; Question 64: What encryption technology is used on Blackberry devices Pas...; Question 65: George is the network administrator of a large Internet comp...; Question 66: When examining a hard disk without a write-blocker, you shou...; Question 67: What does the acronym POST mean as it relates to a PC?...; Question 68: When making the preliminary investigations in a sexual haras...; Question 69: Harold is a computer forensics investigator working for a co...; Question 70: You should make at least how many bit-stream copies of a sus...; Question 71: Kimberly is studying to be an IT security analyst at a vocat...; Question 72: John is working as a computer forensics investigator for a c...; Question 73: In handling computer-related incidents, which IT role should...; Question 74: You are running known exploits against your network to test ...; Question 75: Bob has been trying to penetrate a remote production system ...; Question 76: When setting up a wireless network with multiple access poin...; Question 77: You are working as an independent computer forensics investi...; Question 78: You are the network administrator for a small bank in Dallas...; Question 79: Travis, a computer forensics investigator, is finishing up a...; Question 80: Which US law does the interstate or international transporta...; Question 81: Software firewalls work at which layer of the OSI model?...; Question 82: If you discover a criminal act while investigating a corpora...; Question 83: Office documents (Word, Excel, PowerPoint) contain a code th...; Question 84: An employee is attempting to wipe out data stored on a coupl...; Question 85: What does the superblock in Linux define?...; Question 86: During the course of an investigation, you locate evidence t...; Question 87: When performing a forensics analysis, what device is used to...; Question 88: Which of the following standard represents a legal precedent...; Question 89: Steven has been given the task of designing a computer foren...; Question 90: Larry is an IT consultant who works for corporations and gov...; Question 91: What is the first step taken in an investigation for laborat...; Question 92: Which part of the Windows Registry contains the user's passw...; Question 93: What type of attack occurs when an attacker can force a rout...; Question 94: Why should you never power on a computer that you need to ac...; Question 95: When reviewing web logs, you see an entry for resource not f...; Question 96: Madison is on trial for allegedly breaking into her universi...; Question 97: You have been asked to investigate after a user has reported...; Question 98: How often must a company keep log files for them to be admis...; Question 99: One technique for hiding information is to change the file e...; Question 100: Law enforcement officers are conducting a legal search for w...; Question 101: You are working in the security Department of law firm. One ...; Question 102: You are working as a Computer forensics investigator for a c...; Question 103: At what layer of the OSI model do routers function on?...; Question 104: If you see the files Zer0.tar.gz and copy.tar.gz on a Linux ...; Question 105: Which of the following techniques delete the files permanent...; Question 106: You are trying to locate Microsoft Outlook Web Access Defaul...; Question 107: What technique is used by JPEGs for compression?...; Question 108: Sectors in hard disks typically contain how many bytes?...; Question 109: Windows identifies which application to open a file with by ...; Question 110: It takes _____________ mismanaged case/s to ruin your profes...; Question 111: You are working as an investigator for a corporation and you...; Question 112: You work as an IT security auditor hired by a law firm in Bo...; Question 113: A computer forensics investigator is inspecting the firewall...; Question 114: A forensics investigator is searching the hard drive of a co...; Question 115: Preparing an image drive to copy files to is the first step ...; Question 116: From the following spam mail header, identify the host IP th...; Question 117: Which of the following is a list of recently used programs o...; Question 118: What is the following command trying to accomplish?...; Question 119: This type of testimony is presented by someone who does the ...; Question 120: Cylie is investigating a network breach at a state organizat...; Question 121: To make sure the evidence you recover and analyze with compu...; Question 122: George is a senior security analyst working for a state agen...; Question 123: Why are Linux/Unix based computers better to use than Window...; Question 124: Given the drive dimensions as follows and assuming a sector ...; Question 125: When investigating a Windows System, it is important to view...; Question 126: When marking evidence that has been collected with the aa/dd...; Question 127: What will the following URL produce in an unpatched IIS Web ...; Question 128: Where is the default location for Apache access logs on a Li...; Question 129: What will the following command accomplish?...; Question 130: John is using Firewalk to test the security of his Cisco PIX...; Question 131: Why is it still possible to recover files that have been emp...; Question 132: Which of the following tasks DOES NOT come under the investi...; Question 133: You are working for a local police department that services ...; Question 134: Julia is a senior security analyst for Berber Consulting gro...; Question 135: How many possible sequence number combinations are there in ...; Question 136: What method of computer forensics will allow you to trace al...; Question 137: While working for a prosecutor, what do you think you should...; Question 138: The offset in a hexadecimal code is:...; Question 139: What header field in the TCP/IP protocol stack involves the ...; Question 140: Simon is a former employee of Trinitron XML Inc. He feels he...; Question 141: When using an iPod and the host computer is running Windows,...; Question 142: This is original file structure database that Microsoft orig...; Question 143: The rule of thumb when shutting down a system is to pull the...; Question 144: If you are concerned about a high level of compression but n...; Question 145: What information do you need to recover when searching a vic...; Question 146: What term is used to describe a cryptographic technique for ...; Question 147: Jessica works as systems administrator for a large electroni...; Question 148: Terri works for a security consulting firm that is currently...; Question 149: What does ICMP Type 3/Code 13 mean?...; Question 150: This organization maintains a database of hash signatures fo...; Question 151: How many characters long is the fixed-length MD5 algorithm c...; Question 152: Which federal computer crime law specifically refers to frau...; Question 153: Melanie was newly assigned to an investigation and asked to ...; Question 154: When needing to search for a website that is no longer prese...; Question 155: Paul is a computer forensics investigator working for Tyler ...; Question 156: You are conducting an investigation of fraudulent claims in ...; Question 157: George is performing security analysis for Hammond and Sons ...; Question 158: A small law firm located in the Midwest has possibly been br...; Question 159: You are carrying out the last round of testing for your new ...; Question 160: At what layer does a cross site scripting attack occur on?...; Question 161: John and Hillary works at the same department in the company...; Question 162: Why would you need to find out the gateway of a device when ...; Question 163: What is the slave device connected to the secondary IDE cont...; Question 164: The ____________________ refers to handing over the results ...; Question 165: Which of the following file system is used by Mac OS X?...; Question 166: While looking through the IIS log file of a web server, you ...; Question 167: Where is the startup configuration located on a router?...; Question 168: Under confession, an accused criminal admitted to encrypting...; Question 169: How many sectors will a 125 KB file use in a FAT32 file syst...; Question 170: Jonathan is a network administrator who is currently testing...; Question 171: What binary coding is used most often for e-mail purposes?...; Question 172: Which response organization tracks hoaxes as well as viruses...; Question 173: Bill is the accounting manager for Grummon and Sons LLC in C...; Question 174: When searching through file headers for picture file formats...; Question 175: What is considered a grant of a property right given to an i...; Question 176: In the following email header, where did the email first ori...; Question 177: Julie is a college student majoring in Information Systems a...; Question 178: What is one method of bypassing a system BIOS password?...; Question 179: You are working on a thesis for your doctorate degree in Com...; Question 180: A forensics investigator needs to copy data from a computer ...; Question 181: Area density refers to:; Question 182: After passing her CEH exam, Carol wants to ensure that her n...; Question 183: What advantage does the tool Evidor have over the built-in W...; Question 184: In a FAT32 system, a 123 KB file will use how many sectors?...; Question 185: What must be obtained before an investigation is carried out...; Question 186: Which of the following file contains the traces of the appli...; Question 187: In a virtual test environment, Michael is testing the streng...; Question 188: What feature of Windows is the following command trying to u...; Question 189: On an Active Directory network using NTLM authentication, wh...; Question 190: After passively scanning the network of Department of Defens...; Question 191: What method of copying should always be performed first befo...; Question 192: What is kept in the following directory? HKLM\SECURITY\Polic...; Question 193: While presenting his case to the court, Simon calls many wit...; Question 194: When conducting computer forensic analysis, you must guard a...; Question 195: The police believe that Melvin Matthew has been obtaining un...; Question 196: What stage of the incident handling process involves reporti...; Question 197: You are employed directly by an attorney to help investigate...; Question 198: What type of flash memory card comes in either Type I or Typ...; Question 199: In the following directory listing, (Exhibit) Which file sho...; Question 200: What type of attack sends SYN requests to a target system wi...; Question 201: You are a security analyst performing a penetration tests fo...; Question 202: When monitoring for both intrusion and security events betwe...; Question 203: When a router receives an update for its routing table, what...; Question 204: During an investigation, an employee was found to have delet...; Question 205: If a PDA is seized in an investigation while the device is t...; Question 206: Which legal document allows law enforcement to search an off...; Question 207: All Blackberry email is eventually sent and received through...; Question 208: A honey pot deployed with the IP 172.16.1.108 was compromise...; Question 209: Where does Encase search to recover NTFS files and folders?...; Question 210: Printing under a Windows Computer normally requires which on...; Question 211: During the course of a corporate investigation, you find tha...; Question 212: Jack Smith is a forensics investigator who works for Mason C...; Question 213: Which of the following should a computer forensics lab used ...; Question 214: Before you are called to testify as an expert, what must an ...; Question 215: You are working for a large clothing manufacturer as a compu...; Question 216: Using Linux to carry out a forensics investigation, what wou...; Question 217: When using Windows acquisitions tools to acquire digital evi...; Question 218: John is working on his company policies and guidelines. The ...; Question 219: You setup SNMP in multiple offices of your company. Your SNM...; Question 220: When is it appropriate to use computer forensics?...; Question 221: Wireless access control attacks aim to penetrate a network b...; Question 222: What file is processed at the end of a Windows XP boot to in...; Question 223: What TCP/UDP port does the toolkit program netstat use?...; Question 224: Harold is a security analyst who has just run the rdisk /s c...; Question 225: Which network attack is described by the following statement...; Question 226: What must an investigator do before disconnecting an iPod fr...; Question 227: You are working as Computer Forensics investigator and are c...; Question 228: Kyle is performing the final testing of an application he de...; Question 229: Frank is working on a vulnerability assessment for a company...; Question 230: The following is a log file screenshot from a default instal...; Question 231: A(n) _____________________ is one that's performed by a comp...; Question 232: The objective of this act was to protect consumers' personal...; Question 233: When should an MD5 hash check be performed when processing e...; Question 234: When an investigator contacts by telephone the domain admini...; Question 235: Diskcopy is:; Question 236: What does mactime, an essential part of the coroner's toolki...; Question 237: What hashing method is used to password protect Blackberry d...; Question 238: If an attacker's computer sends an IPID of 31400 to a zombie...; Question 239: One way to identify the presence of hidden partitions on a s...; Question 240: ____________________ is simply the application of Computer I...; Question 241: You are assisting in the investigation of a possible Web Ser...; Question 242: To preserve digital evidence, an investigator should _______...; Question 243: What technique used by Encase makes it virtually impossible ...; Question 244: In Linux, what is the smallest possible shellcode?...; Question 245: James is testing the ability of his routers to withstand DoS...; Question 246: Profiling is a forensics technique for analyzing evidence wi...; Question 247: Office Documents (Word, Excel and PowerPoint) contain a code...; Question 248: The efforts to obtain information before a trail by demandin...; Question 249: If a suspect computer is located in an area that may have to...; Question 250: If you plan to startup a suspect's computer, you must modify...; Question 251: What is a good security method to prevent unauthorized users...; Question 252: An "idle" system is also referred to as what?...; Question 253: What type of analysis helps to identify the time and sequenc...; Question 254: Why should you note all cable connections for a computer you...; Question 255: Volatile Memory is one of the leading problems for forensics...; Question 256: What will the following command accomplish? dd if=/dev/xxx o...; Question 257: You are assisting a Department of Defense contract company t...; Question 258: The MD5 program is used to:; Question 259: When cataloging digital evidence, the primary goal is to...; Question 260: Which of the following is NOT a graphics file?...; Question 261: A suspect is accused of violating the acceptable use of comp...; Question 262: The following excerpt is taken from a honeypot log that was ...; Question 263: Harold is finishing up a report on a case of network intrusi...; Question 264: How many times can data be written to a DVD+R disk?...; Question 265: After attending a CEH security seminar, you make a list of c...; Question 266: An Expert witness give an opinion if:...; Question 267: You have completed a forensic investigation case. You would ...; Question 268: What type of equipment would a forensics investigator store ...; Question 269: As a security analyst, you setup a false survey website that...; Question 270: Daryl, a computer forensics investigator, has just arrived a...; Question 271: An Employee is suspected of stealing proprietary information...; Question 272: An on-site incident response team is called to investigate a...; Question 273: You are assigned to work in the computer forensics lab of a ...; Question 274: A law enforcement officer may only search for and seize crim...; Question 275: Which of the following refers to the data that might still e...; Question 276: Jason is the security administrator of ACMA metal Corporatio...; Question 277: Item 2If you come across a sheepdip machine at your client s...; Question 278: You are running through a series of tests on your network to...; Question 279: The use of warning banners helps a company avoid litigation ...; Question 280: Paraben Lockdown device uses which operating system to write...; Question 281: Microsoft Outlook maintains email messages in a proprietary ...; Question 282: You are using DriveSpy, a forensic tool and want to copy 150...; Question 283: When investigating a computer forensics case where Microsoft...; Question 284: What is the CIDR from the following screenshot? (Exhibit)...; Question 285: Harold is a web designer who has completed a website for ght...; Question 286: You are contracted to work as a computer forensics investiga...; Question 287: Harold wants to set up a firewall on his network but is not ...; Question 288: When investigating a network that uses DHCP to assign IP add...; Question 289: Which of the following stages in a Linux boot process involv...; Question 290: After undergoing an external IT audit, George realizes his n...; Question 291: Hackers can gain access to Windows Registry and manipulate u...; Question 292: Chris has been called upon to investigate a hacking incident...; Question 293: In General, __________________ Involves the investigation of...; Question 294: You work as a penetration tester for Hammond Security Consul...; Question 295: Which password cracking technique uses details such as lengt...; Question 296: What is the name of the Standard Linux Command that is also ...; Question 297: The newer Macintosh Operating System is based on:...; Question 298: Before performing a logical or physical search of a drive in...; Question 299: What type of file is represented by a colon (:) with a name ...; Question 300: Your company uses Cisco routers exclusively throughout the n...; Question 301: While searching through a computer under investigation, you ...; Question 302: What file structure database would you expect to find on flo...; Question 303: When investigating a potential e-mail crime, what is your fi...; Question 304: You have been given the task to investigate web attacks on a...; Question 305: You have compromised a lower-level administrator account on ...; Question 306: When investigating a wireless attack, what information can b...; Question 307: What happens when a file is deleted by a Microsoft operating...; Question 308: Study the log given below and answer the following question:...; Question 309: Tyler is setting up a wireless network for his business that...; Question 310: What operating system would respond to the following command...

Question 65/310

LEAVE A REPLY

Download PDF File