EC0-349 Exam Dumps | A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt

Valid EC0-349 Dumps shared by ExamDiscuss.com for Helping Passing EC0-349 Exam! ExamDiscuss.com now offer the newest EC0-349 exam dumps, the ExamDiscuss.com EC0-349 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com EC0-349 dumps with Test Engine here:

Access EC0-349 Dumps Premium Version
(490 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 210/294

A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.
(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)
03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111
TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32
TCP Options (3) => NOP NOP TS: 23678634 2878772
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111
UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84
Len: 64
01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................
00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................
00 00 00 11 00 00 00 00 ........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773
UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104
Len: 1084
47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8

A. The attacker has installed a backdoor

B. The attacker has conducted a network sweep on port 111

C. The attacker has scanned and exploited the system using Buffer Overflow

D. The attacker has used a Trojan on port 32773

Question List (294q): Question 1: What advantage does the tool Evidor have over the built-in W...; Question 2: What is kept in the following directory? HKLM\SECURITY\Polic...; Question 3: Jack Smith is a forensics investigator who works for Mason C...; Question 4: Steven has been given the task of designing a computer foren...; Question 5: Michael works for Kimball Construction Company as senior sec...; Question 6: You have completed a forensic investigation case. You would ...; Question 7: While looking through the IIS log file of a web server, you ...; Question 8: What feature of Windows is the following command trying to u...; Question 9: Julia is a senior security analyst for Berber Consulting gro...; Question 10: You are called by an author who is writing a book and he wan...; 1 commentQuestion 11: Jacob is a computer forensics investigator with over 10 year...; Question 12: What feature of Decryption Collection allows an investigator...; Question 13: Hackers can gain access to Windows Registry and manipulate u...; Question 14: The offset in a hexadecimal code is:...; Question 15: Software firewalls work at which layer of the OSI model?...; Question 16: You work as an IT security auditor hired by a law firm in Bo...; Question 17: In the context of file deletion process, which of the follow...; Question 18: What is one method of bypassing a system BIOS password?...; Question 19: You have used a newly released forensic investigation tool, ...; 1 commentQuestion 20: After attending a CEH security seminar, you make a list of c...; Question 21: What file structure database would you expect to find on flo...; Question 22: What does mactime, an essential part of the coroner's toolki...; Question 23: You are contracted to work as a computer forensics investiga...; Question 24: The following excerpt is taken from a honeypot log that was ...; Question 25: Your company's network just finished going through a SAS 70 ...; Question 26: Which part of the Windows Registry contains the user's passw...; Question 27: This is original file structure database that Microsoft orig...; Question 28: Windows identifies which application to open a file with by ...; Question 29: If a suspect computer is located in an area that may have to...; Question 30: An on-site incident response team is called to investigate a...; Question 31: Heather, a computer forensics investigator, is assisting a g...; Question 32: What stage of the incident handling process involves reporti...; Question 33: You are the network administrator for a small bank in Dallas...; Question 34: What operating system would respond to the following command...; Question 35: To make sure the evidence you recover and analyze with compu...; Question 36: Julie is a college student majoring in Information Systems a...; Question 37: What is a good security method to prevent unauthorized users...; Question 38: George is a senior security analyst working for a state agen...; Question 39: You have been asked to investigate after a user has reported...; Question 40: You are working for a large clothing manufacturer as a compu...; Question 41: Paul's company is in the process of undergoing a complete se...; Question 42: Which of the following is NOT a graphics file?...; Question 43: In handling computer-related incidents, which IT role should...; Question 44: ____________________ is simply the application of Computer I...; Question 45: When using an iPod and the host computer is running Windows,...; Question 46: Corporate investigations are typically easier than public in...; Question 47: Tyler is setting up a wireless network for his business that...; Question 48: You are called in to assist the police in an investigation i...; Question 49: After passively scanning the network of Department of Defens...; Question 50: Diskcopy is:; Question 51: Frank is working on a vulnerability assessment for a company...; Question 52: This type of testimony is presented by someone who does the ...; Question 53: Area density refers to:; Question 54: What will the following URL produce in an unpatched IIS Web ...; Question 55: The use of warning banners helps a company avoid litigation ...; Question 56: The following is a log file screenshot from a default instal...; Question 57: To preserve digital evidence, an investigator should _______...; Question 58: After undergoing an external IT audit, George realizes his n...; Question 59: You are running known exploits against your network to test ...; Question 60: If a PDA is seized in an investigation while the device is t...; Question 61: When reviewing web logs, you see an entry for resource not f...; Question 62: You setup SNMP in multiple offices of your company. Your SNM...; Question 63: Which Intrusion Detection System (IDS) usually produces the ...; Question 64: A forensics investigator is searching the hard drive of a co...; Question 65: Larry is an IT consultant who works for corporations and gov...; Question 66: You are using DriveSpy, a forensic tool and want to copy 150...; Question 67: What is the following command trying to accomplish?...; Question 68: What is the smallest physical storage unit on a hard drive?...; Question 69: When cataloging digital evidence, the primary goal is to...; Question 70: When obtaining a warrant, it is important to:...; Question 71: Paul is a computer forensics investigator working for Tyler ...; Question 72: When investigating a computer forensics case where Microsoft...; Question 73: When monitoring for both intrusion and security events betwe...; Question 74: After passing her CEH exam, Carol wants to ensure that her n...; Question 75: Why would a company issue a dongle with the software they se...; Question 76: With Regard to using an Antivirus scanner during a computer ...; Question 77: How many bits is Source Port Number in TCP Header packet?...; Question 78: Davidson Trucking is a small transportation company that has...; Question 79: You are working as Computer Forensics investigator and are c...; Question 80: What is considered a grant of a property right given to an i...; Question 81: A picture file is recovered from a computer under investigat...; Question 82: A small law firm located in the Midwest has possibly been br...; Question 83: Paraben Lockdown device uses which operating system to write...; Question 84: You are running through a series of tests on your network to...; Question 85: You are working as an independent computer forensics investi...; Question 86: An Employee is suspected of stealing proprietary information...; Question 87: At what layer of the OSI model do routers function on?...; Question 88: An Expert witness give an opinion if:...; Question 89: Bob has been trying to penetrate a remote production system ...; Question 90: Bill is the accounting manager for Grummon and Sons LLC in C...; Question 91: You have been asked to investigate the possibility of comput...; Question 92: When examining the log files from a Windows IIS Web Server, ...; Question 93: Why would you need to find out the gateway of a device when ...; Question 94: When an investigator contacts by telephone the domain admini...; Question 95: What technique used by Encase makes it virtually impossible ...; Question 96: As a security analyst, you setup a false survey website that...; Question 97: You work as a penetration tester for Hammond Security Consul...; Question 98: What will the following command produce on a website login p...; Question 99: Harold is finishing up a report on a case of network intrusi...; Question 100: Why is it a good idea to perform a penetration test from the...; Question 101: Under which Federal Statutes does FBI investigate for comput...; Question 102: When should an MD5 hash check be performed when processing e...; Question 103: What does the superblock in Linux define?...; Question 104: Office documents (Word, Excel, PowerPoint) contain a code th...; Question 105: You have been called in to help with an investigation of an ...; Question 106: Cylie is investigating a network breach at a state organizat...; Question 107: Sectors in hard disks typically contain how many bytes?...; Question 108: When investigating a potential e-mail crime, what is your fi...; Question 109: Harold wants to set up a firewall on his network but is not ...; Question 110: In the following email header, where did the email first ori...; Question 111: You are a computer forensics investigator working with local...; Question 112: Chris has been called upon to investigate a hacking incident...; Question 113: An employee is attempting to wipe out data stored on a coupl...; Question 114: In Microsoft file structures, sectors are grouped together t...; Question 115: In a FAT32 system, a 123 KB file will use how many sectors?...; Question 116: What will the following command accomplish?...; Question 117: Which of the following should a computer forensics lab used ...; Question 118: Item 2If you come across a sheepdip machine at your client s...; Question 119: Microsoft Outlook maintains email messages in a proprietary ...; Question 120: Simon is a former employee of Trinitron XML Inc. He feels he...; Question 121: Jonathan is a network administrator who is currently testing...; Question 122: Meyer Electronics Systems just recently had a number of lapt...; Question 123: It takes _____________ mismanaged case/s to ruin your profes...; Question 124: In conducting a computer abuse investigation you become awar...; Question 125: You just passed your ECSA exam and are about to start your f...; Question 126: When investigating a network that uses DHCP to assign IP add...; Question 127: The rule of thumb when shutting down a system is to pull the...; Question 128: In the following directory listing, (Exhibit) Which file sho...; Question 129: Daryl, a computer forensics investigator, has just arrived a...; Question 130: When examining a hard disk without a write-blocker, you shou...; Question 131: What layer of the OSI model do TCP and UDP utilize?...; Question 132: You are trying to locate Microsoft Outlook Web Access Defaul...; Question 133: If you discover a criminal act while investigating a corpora...; Question 134: Jim performed a vulnerability analysis on his network and fo...; Question 135: In a computer forensics investigation, what describes the ro...; Question 136: Before performing a logical or physical search of a drive in...; Question 137: While presenting his case to the court, Simon calls many wit...; Question 138: Which legal document allows law enforcement to search an off...; Question 139: George is performing security analysis for Hammond and Sons ...; Question 140: During an investigation, an employee was found to have delet...; Question 141: Lance wants to place a honeypot on his network. Which of the...; Question 142: All Blackberry email is eventually sent and received through...; Question 143: What is the target host IP in the following command?...; Question 144: You are conducting an investigation of fraudulent claims in ...; Question 145: What type of attack occurs when an attacker can force a rout...; Question 146: If you plan to startup a suspect's computer, you must modify...; Question 147: You are carrying out the last round of testing for your new ...; Question 148: How many characters long is the fixed-length MD5 algorithm c...; Question 149: The efforts to obtain information before a trail by demandin...; Question 150: You should make at least how many bit-stream copies of a sus...; Question 151: Using Linux to carry out a forensics investigation, what wou...; Question 152: John is using Firewalk to test the security of his Cisco PIX...; Question 153: The MD5 program is used to:; Question 154: Law enforcement officers are conducting a legal search for w...; Question 155: Where are files temporarily written in Unix when printing?...; Question 156: When a file is deleted by Windows Explorer or through the MS...; Question 157: What type of analysis helps to identify the time and sequenc...; Question 158: Volatile Memory is one of the leading problems for forensics...; Question 159: What is the slave device connected to the secondary IDE cont...; Question 160: On an Active Directory network using NTLM authentication, wh...; Question 161: When performing a forensics analysis, what device is used to...; Question 162: Why is it still possible to recover files that have been emp...; Question 163: Profiling is a forensics technique for analyzing evidence wi...; Question 164: When conducting computer forensic analysis, you must guard a...; Question 165: In a forensic examination of hard drives for digital evidenc...; Question 166: The police believe that Melvin Matthew has been obtaining un...; Question 167: As a CHFI professional, which of the following is the most i...; Question 168: What must an investigator do before disconnecting an iPod fr...; Question 169: John and Hillary works at the same department in the company...; Question 170: From the following spam mail header, identify the host IP th...; Question 171: Jessica works as systems administrator for a large electroni...; Question 172: When marking evidence that has been collected with the aa/dd...; Question 173: What binary coding is used most often for e-mail purposes?...; Question 174: Where is the default location for Apache access logs on a Li...; Question 175: If you are concerned about a high level of compression but n...; Question 176: The following excerpt is taken from a honeypot log. The log ...; Question 177: Harold is a web designer who has completed a website for ght...; Question 178: A forensics investigator needs to copy data from a computer ...; Question 179: What will the following command accomplish? dd if=/dev/xxx o...; Question 180: What does the acronym POST mean as it relates to a PC?...; 1 commentQuestion 181: Given the drive dimensions as follows and assuming a sector ...; Question 182: What type of flash memory card comes in either Type I or Typ...; Question 183: When investigating a Windows System, it is important to view...; Question 184: Jason has set up a honeypot environment by creating a DMZ th...; Question 185: You are assisting a Department of Defense contract company t...; Question 186: You are working for a local police department that services ...; Question 187: E-mail logs contain which of the following information to he...; Question 188: One technique for hiding information is to change the file e...; Question 189: Where is the startup configuration located on a router?...; Question 190: Harold is a computer forensics investigator working for a co...; Question 191: Why are Linux/Unix based computers better to use than Window...; Question 192: What does ICMP Type 3/Code 13 mean?...; Question 193: What information do you need to recover when searching a vic...; Question 194: Kyle is performing the final testing of an application he de...; Question 195: During the course of a corporate investigation, you find tha...; Question 196: What method of computer forensics will allow you to trace al...; Question 197: What encryption technology is used on Blackberry devices Pas...; Question 198: When is it appropriate to use computer forensics?...; Question 199: You have compromised a lower-level administrator account on ...; Question 200: Which is a standard procedure to perform during all computer...; Question 201: Which of the following refers to the data that might still e...; Question 202: What is the name of the Standard Linux Command that is also ...; Question 203: When you are running a vulnerability scan on a network and t...; Question 204: Your company uses Cisco routers exclusively throughout the n...; Question 205: A packet is sent to a router that does not have the packet d...; Question 206: How many characters long is the fixed-length MD5 algorithm c...; Question 207: What will the following Linux command accomplish? dd if=/dev...; Question 208: What are the security risks of running a "repair" installati...; Question 209: The newer Macintosh Operating System is based on:...; Question 210: A honey pot deployed with the IP 172.16.1.108 was compromise...; Question 211: Melanie was newly assigned to an investigation and asked to ...; Question 212: What is the first step taken in an investigation for laborat...; Question 213: How many possible sequence number combinations are there in ...; Question 214: Travis, a computer forensics investigator, is finishing up a...; Question 215: Which program is the bootloader when Windows XP starts up?...; Question 216: What method of copying should always be performed first befo...; Question 217: You are employed directly by an attorney to help investigate...; Question 218: When you carve an image, recovering the image depends on whi...; Question 219: You are a security analyst performing reconnaissance on a co...; Question 220: What is the CIDR from the following screenshot? (Exhibit)...; Question 221: When examining a file with a Hex Editor, what space does the...; Question 222: What type of attack sends spoofed UDP packets (instead of pi...; Question 223: What type of attack sends SYN requests to a target system wi...; Question 224: Sniffers that place NICs in promiscuous mode work at what la...; Question 225: When making the preliminary investigations in a sexual haras...; Question 226: Which federal computer crime law specifically refers to frau...; Question 227: Why should you never power on a computer that you need to ac...; Question 228: When reviewing web logs, you see an entry for resource not f...; Question 229: You are the security analyst working for a private company o...; Question 230: On Linux/Unix based Web servers, what privilege should the d...; Question 231: How many times can data be written to a DVD+R disk?...; Question 232: What header field in the TCP/IP protocol stack involves the ...; Question 233: When setting up a wireless network with multiple access poin...; Question 234: The objective of this act was to protect consumers' personal...; Question 235: An investigator is searching through the firewall logs of a ...; Question 236: Where does Encase search to recover NTFS files and folders?...; Question 237: Jason is the security administrator of ACMA metal Corporatio...; Question 238: At what layer does a cross site scripting attack occur on?...; Question 239: In a virtual test environment, Michael is testing the streng...; Question 240: What TCP/UDP port does the toolkit program netstat use?...; Question 241: When needing to search for a website that is no longer prese...; Question 242: When carrying out a forensics investigation, why should you ...; Question 243: When using Windows acquisitions tools to acquire digital evi...; Question 244: An "idle" system is also referred to as what?...; Question 245: If you see the files Zer0.tar.gz and copy.tar.gz on a Linux ...; Question 246: Madison is on trial for allegedly breaking into her universi...; Question 247: John is working as a computer forensics investigator for a c...; Question 248: James is testing the ability of his routers to withstand DoS...; Question 249: While searching through a computer under investigation, you ...; Question 250: Which forensic investigating concept trails the whole incide...; Question 251: You are a security analyst performing a penetration tests fo...; Question 252: To check for POP3 traffic using Ethereal, what port should a...; Question 253: A law enforcement officer may only search for and seize crim...; Question 254: In General, __________________ Involves the investigation of...; Question 255: What technique is used by JPEGs for compression?...; Question 256: You are assigned to work in the computer forensics lab of a ...; Question 257: Study the log given below and answer the following question:...; Question 258: What happens when a file is deleted by a Microsoft operating...; Question 259: Kimberly is studying to be an IT security analyst at a vocat...; Question 260: When investigating a wireless attack, what information can b...; Question 261: This organization maintains a database of hash signatures fo...; Question 262: George is the network administrator of a large Internet comp...; Question 263: One way to identify the presence of hidden partitions on a s...; Question 264: Printing under a Windows Computer normally requires which on...; Question 265: You are assisting in the investigation of a possible Web Ser...; Question 266: Before you are called to testify as an expert, what must an ...; Question 267: What hashing method is used to password protect Blackberry d...; Question 268: Using Internet logging software to investigate a case of mal...; Question 269: Why should you note all cable connections for a computer you...; Question 270: What should you do when approached by a reporter about a cas...; Question 271: A computer forensics investigator is inspecting the firewall...; Question 272: Office Documents (Word, Excel and PowerPoint) contain a code...; Question 273: When operating systems mark a cluster as used but not alloca...; Question 274: Preparing an image drive to copy files to is the first step ...; Question 275: How often must a company keep log files for them to be admis...; Question 276: Under confession, an accused criminal admitted to encrypting...; Question 277: What type of equipment would a forensics investigator store ...; Question 278: The ____________________ refers to handing over the results ...; Question 279: In Linux, what is the smallest possible shellcode?...; Question 280: With the standard Linux second extended file system (Ext2fs)...; Question 281: While working for a prosecutor, what do you think you should...; Question 282: What will the following command accomplish in Linux? fdisk /...; Question 283: Which of the following file system is used by Mac OS X?...; Question 284: Harold is a security analyst who has just run the rdisk /s c...; Question 285: You are working in the security Department of law firm. One ...; Question 286: Terri works for a security consulting firm that is currently...; Question 287: If an attacker's computer sends an IPID of 31400 to a zombie...; Question 288: You are working on a thesis for your doctorate degree in Com...; Question 289: In what way do the procedures for dealing with evidence in a...; Question 290: John is working on his company policies and guidelines. The ...; Question 291: Which response organization tracks hoaxes as well as viruses...; Question 292: What term is used to describe a cryptographic technique for ...; Question 293: How many sectors will a 125 KB file use in a FAT32 file syst...; Question 294: A(n) _____________________ is one that's performed by a comp...

Question 210/294

LEAVE A REPLY

Download PDF File