EC0-349 Exam Dumps | Computer security logs contain information about the events occurring within an organization's systems

<< Prev Question Next Question >>

Question 168/222

Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting web attacks.
The source, nature, and time of the attack can be determined by _________of the compromised system.

A. Analyzing hard disk boot records

B. Analyzing SAM file

C. Analyzing log files

D. Analyzing rainbow tables

Question List (222q): Question 1: Data Acquisition is the process of imaging or otherwise obta...; Question 2: Lance wants to place a honeypot on his network. Which of the...; Question 3: Which of the following commands shows you the NetBIOS name t...; Question 4: Windows Security Accounts Manager (SAM) is a registry file w...; Question 5: Cylie is investigating a network breach at a state organizat...; Question 6: Why is it still possible to recover files that have been emp...; Question 7: First responder is a person who arrives first at the crime s...; Question 8: If you see the files Zer0.tar.gz and copy.tar.gz on a Linux ...; Question 9: Wireless network discovery tools use two different methodolo...; Question 10: In an echo data hiding technique, the secret message is embe...; Question 11: What does the superblock in Linux define?...; Question 12: While searching through a computer under investigation, you ...; Question 13: Physical security recommendations: There should be only one ...; Question 14: In what way do the procedures for dealing with evidence in a...; Question 15: You are working as a computer forensics investigator for a c...; Question 16: Profiling is a forensics technique for analyzing evidence wi...; Question 17: What is the First Step required in preparing a computer for ...; Question 18: You have compromised a lower-level administrator account on ...; Question 19: What is a bit-stream copy?; Question 20: Area density refers to:; Question 21: The rule of thumb when shutting down a system is to pull the...; Question 22: George is the network administrator of a large Internet comp...; Question 23: What must be obtained before an investigation is carried out...; Question 24: Click on the Exhibit Button Paulette works for an IT securit...; Question 25: File deletion is a way of removing a file from a computer's ...; Question 26: You have used a newly released forensic investigation tool, ...; Question 27: Steganography is a technique of hiding a secret message with...; Question 28: Jim performed a vulnerability analysis on his network and fo...; Question 29: When should an MD5 hash check be performed when processing e...; Question 30: Which device in a wireless local area network (WLAN) determi...; Question 31: Consistency in the investigative report is more important th...; Question 32: When performing a forensics analysis, what device is used to...; Question 33: Office documents (Word, Excel, PowerPoint) contain a code th...; Question 34: Email archiving is a systematic approach to save and protect...; Question 35: You are working as an independent computer forensics investi...; Question 36: Hard disk data addressing is a method of allotting addresses...; Question 37: This is the original file structure database that Microsoft ...; Question 38: The need for computer forensics is highlighted by an exponen...; Question 39: You are a computer forensics investigator working with local...; Question 40: Printing under a Windows Computer normally requires which on...; Question 41: In a virtual test environment, Michael is testing the streng...; Question 42: What file is processed at the end of a Windows XP boot to in...; Question 43: Computer security logs contain information about the events ...; Question 44: What is the smallest physical storage unit on a hard drive?...; Question 45: At what layer of the OSI model do routers function on?...; Question 46: Davidson Trucking is a small transportation company that has...; Question 47: You are assisting a Department of Defense contract company t...; Question 48: First response to an incident may involve three different gr...; Question 49: At the time of evidence transfer, both sender and receiver n...; Question 50: What is considered a grant of a property right given to an i...; Question 51: Ron. a computer forensics expert, Is Investigating a case in...; Question 52: Which of the following is not an example of a cyber-crime?...; Question 53: Tyler is setting up a wireless network for his business that...; Question 54: In the following directory listing, (Exhibit) which file sho...; Question 55: Which of the following passwords are sent over the wire (and...; Question 56: When a router receives an update for its routing table, what...; Question 57: SMTP (Simple Mail Transfer protocol) receives outgoing mail ...; Question 58: A system with a simple logging mechanism has not been given ...; Question 59: Attackers can manipulate variables that reference files with...; Question 60: Which one of the following is not a consideration in a foren...; Question 61: Which of the following password cracking techniques works li...; Question 62: You are the security analyst working for a private company o...; Question 63: When investigating a network that uses DHCP to assign IP add...; Question 64: You just passed your ECSA exam and are about to start your f...; Question 65: Daryl, a computer forensics investigator, has just arrived a...; Question 66: If the partition size Is 4 GB, each cluster will be 32 K. Ev...; Question 67: An employee is attempting to wipe out data stored on a coupl...; Question 68: The Recycle Bin exists as a metaphor for throwing files away...; Question 69: On an Active Directory network using NTLM authentication, wh...; Question 70: When you carve an image, recovering the image depends on whi...; Question 71: You have been called in to help with an investigation of an ...; Question 72: When examining a hard disk without a write-blocker, you shou...; Question 73: Data acquisition system is a combination of tools or process...; Question 74: Paul's company is in the process of undergoing a complete se...; Question 75: Jacob is a computer forensics investigator with over 10 year...; Question 76: What hashing method is used to password protect Blackberry d...; Question 77: Which of the following statement is not correct when dealing...; Question 78: To preserve digital evidence, an investigator should _______...; Question 79: When carrying out a forensics investigation, why should you ...; Question 80: If you come across a sheepdip machine at your client site, w...; Question 81: You are working as an investigator for a corporation and you...; Question 82: You are called by an author who is writing a book and he wan...; Question 83: When NTFS Is formatted, the format program assigns the _____...; Question 84: Syslog is a client/server protocol standard for forwarding l...; Question 85: The following excerpt is taken from a honeypot log. The log ...; Question 86: Diskcopy is:; Question 87: When investigating a wireless attack, what information can b...; Question 88: A rogue/unauthorized access point is one that Is not authori...; Question 89: You should always work with original evidence...; Question 90: You setup SNMP in multiple offices of your company. Your SNM...; Question 91: Which of the following approaches checks and compares all th...; Question 92: You are running known exploits against your network to test ...; Question 93: John and Hillary works at the same department in the company...; Question 94: Which of the following reports are delivered under oath to a...; Question 95: What is the "Best Evidence Rule"?...; Question 96: You are a security analyst performing reconnaissance on a co...; Question 97: The newer Macintosh Operating System (MacOS X) is based on:...; Question 98: A picture file is recovered from a computer under investigat...; Question 99: You should make at least how many bit-stream copies of a sus...; Question 100: You are working for a local police department that services ...; Question 101: Data is striped at a byte level across multiple drives and p...; Question 102: Why would you need to find out the gateway of a device when ...; Question 103: You are assigned to work in the computer forensics lab of a ...; Question 104: After passively scanning the network of Department of Defens...; Question 105: Networks are vulnerable to an attack which occurs due to ove...; Question 106: While working for a prosecutor, What do you think you should...; Question 107: You are a security analyst performing a penetration tests fo...; Question 108: Which is a standard procedure to perform during all computer...; Question 109: Harold is a web designer who has completed a website for ght...; Question 110: Which of the following is NOT a graphics file?...; Question 111: What is the first step taken in an investigation for laborat...; Question 112: To calculate the number of bytes on a disk, the formula is: ...; Question 113: When obtaining a warrant it is important to:...; Question 114: When monitoring for both intrusion and security events betwe...; Question 115: Why should you never power on a computer that you need to ac...; Question 116: Why is it Important to consider health and safety factors in...; Question 117: The use of warning banners helps a company avoid litigation ...; Question 118: An "idle" system is also referred to as what?...; Question 119: After attending a CEH security seminar, you make a list of c...; Question 120: When you are running a vulnerability scan on a network and t...; Question 121: Which of the following statements is incorrect related to ac...; Question 122: Who is responsible for the following tasks? - Secure the sce...; Question 123: What will the following Linux command accomplish? dd if=/dev...; Question 124: You are assisting in the investigation of a possible Web Ser...; Question 125: The ____________________ refers to handing over the results ...; Question 126: When investigating a Windows System, it is important to view...; Question 127: You work as an IT security auditor hired by a law firm in Bo...; Question 128: A state department site was recently attacked and all the se...; Question 129: A steganographic file system is a method to store the files ...; Question 130: What must an investigator do before disconnecting an iPod fr...; Question 131: An Internet standard protocol (built on top of TCP/IP) that ...; Question 132: What file structure database would you expect to find on flo...; Question 133: What operating system would respond to the following command...; Question 134: How do you define Technical Steganography?...; Question 135: What is the first step that needs to be carried out to crack...; Question 136: John is working as a computer forensics investigator for a c...; Question 137: Michael works for Kimball Construction Company as senior sec...; Question 138: Smith, an employee of a reputed forensic Investigation firm,...; Question 139: A forensics investigator needs to copy data from a computer ...; Question 140: Which of the following is not correct when documenting an el...; Question 141: What is the smallest allocation unit of a hard disk?...; Question 142: If an attacker's computer sends an IPID of 31400 to a zombie...; Question 143: The Recycle Bin is located on the Windows desktop. When you ...; Question 144: Attacker uses vulnerabilities in the authentication or sessi...; Question 145: If you plan to startup a suspect's computer, you must modify...; Question 146: How many possible sequence number combinations are there in ...; Question 147: Paul is a computer forensics investigator working for Tyler ...; Question 148: In conducting a computer abuse investigation you become awar...; Question 149: An attack vector is a path or means by which an attacker can...; Question 150: Billy, a computer forensics expert, has recovered a large nu...; Question 151: An image is an artifact that reproduces the likeness of some...; Question 152: How do you define forensic computing?...; Question 153: The following excerpt is taken from a honeypot log that was ...; Question 154: Under confession, an accused criminal admitted to encrypting...; Question 155: What document does the screenshot represent? (Exhibit)...; Question 156: In Linux, what is the smallest possible shellcode?...; Question 157: Harold is a security analyst who has just run the rdisk /s c...; Question 158: Raw data acquisition format creates ____________of a data se...; Question 159: Using Internet logging software to investigate a case of mal...; Question 160: During an investigation, an employee was found to have delet...; Question 161: Melanie was newly assigned to an investigation and asked to ...; Question 162: In General, __________________ Involves the investigation of...; Question 163: Heather, a computer forensics investigator, is assisting a g...; Question 164: Why would a company issue a dongle with the software they se...; Question 165: A mobile operating system manages communication between the ...; Question 166: When marking evidence that has been collected with the aa/dd...; Question 167: Microsoft Outlook maintains email messages in a proprietary ...; Question 168: Computer security logs contain information about the events ...; Question 169: To make sure the evidence you recover and analyze with compu...; Question 170: What layer of the OSI model do TCP and UDP utilize?...; Question 171: Which root folder (hive) of registry editor contains a vast ...; Question 172: Which Is a Linux journaling file system?...; Question 173: Which of the following Steganography techniques allows you t...; Question 174: What is the following command trying to accomplish? C:\> ...; Question 175: The objective of this act was to protect consumers personal ...; Question 176: You have completed a forensic investigation case. You would ...; Question 177: Which of the following filesystem is used by Mac OS X?...; Question 178: Which response organization tracks hoaxes as well as viruses...; Question 179: Which of the following Steganography techniques allows you t...; Question 180: You are running through a series of tests on your network to...; Question 181: James is testing the ability of his routers to withstand DoS...; Question 182: What encryption technology is used on Blackberry devices?Pas...; Question 183: From the following spam mail header, identify the host IP th...; Question 184: George was recently fired from his job as an IT analyst at P...; Question 185: When operating systems mark a cluster as used but not alloca...; Question 186: Which of the following attacks allows an attacker to access ...; Question 187: Which table is used to convert huge word lists (i .e. dictio...; Question 188: John is using Firewalk to test the security of his Cisco PIX...; Question 189: Why is it a good idea to perform a penetration test from the...; Question 190: Travis, a computer forensics investigator, is finishing up a...; Question 191: Which legal document allows law enforcement to search an off...; Question 192: When collecting electronic evidence at the crime scene, the ...; Question 193: When using Windows acquisitions tools to acquire digital evi...; Question 194: When examining the log files from a Windows IIS Web Server, ...; Question 195: Deposition enables opposing counsel to preview an expert wit...; Question 196: You have been asked to investigate after a user has reported...; Question 197: Steven has been given the task of designing a computer foren...; Question 198: What information do you need to recover when searching a vic...; Question 199: Dumpster Diving refers to:; Question 200: What is the name of the standard Linux command that can be u...; Question 201: JPEG is a commonly used method of compressing photographic I...; Question 202: The evolution of web services and their increasing use in bu...; Question 203: What type of attack sends SYN requests to a target system wi...; Question 204: An on-site incident response team is called to investigate a...; Question 205: Meyer Electronics Systems just recently had a number of lapt...; Question 206: What will the following command accomplish? C:\> nmap -v ...; Question 207: John is working on his company policies and guidelines. The ...; Question 208: How many bits is Source Port Number in TCP Header packet?...; Question 209: Microsoft Security IDs are available in Windows Registry Edi...; Question 210: Jason, a renowned forensic investigator, is investigating a ...; Question 211: Ever-changing advancement or mobile devices increases the co...; Question 212: When setting up a wireless network with multiple access poin...; Question 213: Which of the following email headers specifies an address fo...; Question 214: George is a senior security analyst working for a state agen...; Question 215: The status of the network interface cards (NICs) connected t...; Question 216: What is the CIDR from the following screenshot? (Exhibit)...; Question 217: Chris has been called upon to investigate a hacking incident...; Question 218: Your company uses Cisco routers exclusively throughout the n...; Question 219: You are carrying out the last round of testing for your new ...; Question 220: Injection flaws are web application vulnerabilities that all...; Question 221: TCP/IP (Transmission Control Protocol/Internet Protocol) is ...; Question 222: Where is the default location for Apache access logs on a Li...

Question 168/222

LEAVE A REPLY

Download PDF File