Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printer out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the ______________ in order to track the emails back to the suspect.

A.

Routing Table

B.

Firewall log

C.

Configuration files

D.

Email Header

What TCP/UDP port does the toolkit program netstat use?

A.

Port 7

B.

Port 15

C.

Port 23

D.

Port 69

From the following spam mail header, identify the host IP that sent this spam? From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001 Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT) Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk

From: “china hotel web”

To: “Shlam”

Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0 X-Priority: 3 X-MSMail- Priority: Normal Reply-

To: “china hotel web”

A.

137.189.96.52

B.

8.12.1.0

C.

203.218.39.20

D.

203.218.39.50

You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?

A.

Stringsearch

B.

grep

C.

dir

D.

vim

Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, access rights or others features that they may need in order to accomplish their objectives. One simple method for loading an application at startup is to add an entry (Key) to the following Registry Hive:

A.

HKEY_LOCAL_MACHINEhardwarewindowsstart

B.

HKEY_LOCAL_USERSSoftware|MicrosoftoldVersionLoad

C.

HKEY_CURRENT_USERMicrosoftDefault

D.

HKEY_LOCAL_MACHINESoftwareMicrosoftCurrentVersionRun

What binary coding is used most often for e-mail purposes?

A.

MIME

B.

Uuencode

C.

IMAP

D.

SMTP

Law enforcement officers are conducting a legal search for which a valid warrant was obtaineD. While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

A.

Plain view doctrine

B.

Corpus delicti

C.

Locard Exchange Principle

D.

Ex Parte Order

Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

A.

network-based IDS systems (NIDS)

B.

host-based IDS systems (HIDS)

C.

anomaly detection

D.

signature recognition

When obtaining a warrant it is important to:

A.

particularlydescribe the place to be searched and particularly describe the items to be seized

B.

generallydescribe the place to be searched and particularly describe the items to be seized

C.

generallydescribe the place to be searched and generally describe the items to be seized

D.

particularlydescribe the place to be searched and generally describe the items to be seized

What does the superblock in Linux define?

A.

filesynames

B.

diskgeometr

C.

location of the firstinode

D.

available space