312-49V8 ECCouncil Computer Hacking Forensic Investigator Set 4

During first responder procedure you should follow all laws while collecting the evidence, and
contact a computer forensic examiner as soon as possible


Options are :

  • False
  • True (Correct)

Answer : True

Which of the following file in Novel GroupWise stores information about user accounts?


Options are :

  • gwcheck.db
  • PRIV.EDB
  • ngwguard.db (Correct)
  • PRIV.STM

Answer : ngwguard.db

Deposition enables opposing counsel to preview an expert witness's testimony at trial. Which of
the following deposition is not a standard practice?


Options are :

  • Opposing counsel asks questions
  • Only one attorneys is present (Correct)
  • No jury or judge
  • Both attorneys are present

Answer : Only one attorneys is present

Attacker uses vulnerabilities in the authentication or session management functions such as
exposed accounts, session IDs, logout, password management, timeouts, remember me. secret
question, account update etc. to impersonate users, if a user simply closes the browser without
logging out from sites accessed through a public computer, attacker can use the same browser
later and exploit the user's privileges. Which of the following vulnerability/exploitation is referred
above?


Options are :

  • Timeout Exploitation (Correct)
  • Password Exploitation
  • I/O exploitation
  • Session ID in URLs

Answer : Timeout Exploitation

Which of the following passwords are sent over the wire (and wireless) network, or stored on some
media as it is typed without any alteration?


Options are :

  • Hex passwords
  • Clear text passwords (Correct)
  • Obfuscated passwords
  • Hashed passwords

Answer : Clear text passwords

Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the
following law is related to fraud and related activity in connection with computers?


Options are :

  • 18 USC 7029
  • 18 USC 7030 (Correct)
  • 18 USC 7371
  • 18 USC 7361

Answer : 18 USC 7030

An expert witness is a witness, who by virtue of education, profession, or experience, is believed
to have special knowledge of his/her subject beyond that of the average person, sufficient that
others legally depend upon his/her opinion.


Options are :

  • False
  • True (Correct)

Answer : True

In Windows 7 system files, which file reads the Boot.ini file and loads Ntoskrnl.exe. Bootvid.dll.
Hal.dll, and boot-start device drivers?


Options are :

  • Boot.in
  • Kernel32.dll
  • Gdi32.dll
  • Ntldr (Correct)

Answer : Ntldr

If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally
allocated to this file?


Options are :

  • 4 Sectors
  • 7 Sectors
  • 6 Sectors (Correct)
  • 5 Sectors

Answer : 6 Sectors

Which is not a part of environmental conditions of a forensics lab?


Options are :

  • Allocation of workstations as per the room dimensions
  • Open windows facing the public road (Correct)
  • Good cooling system to overcome excess heat generated by the work station
  • Large dimensions of the room

Answer : Open windows facing the public road

Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, X
represents the _________.


Options are :

  • Original file name
  • Drive name (Correct)
  • Sequential number
  • Original file name's extension

Answer : Drive name

Smith, an employee of a reputed forensic Investigation firm, has been hired by a private
organization to investigate a laptop that is suspected to be involved in hacking of organization DC
server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the
following registry key Smith will check to find the above information?


Options are :

  • TypedURLs key
  • MountedDevices key
  • RunMRU key (Correct)
  • UserAssist Key

Answer : RunMRU key

A swap file is a space on a hard disk used as the virtual memory extension of a computer's RAM.
Where is the hidden swap file in Windows located?


Options are :

  • C:\pagefile.sys (Correct)
  • C:\config.sys
  • C:\hiberfil.sys
  • C:\ALCSetup.log

Answer : C:\pagefile.sys

What is the goal of forensic science?


Options are :

  • Mitigate the effects of the information security breach
  • Save the good will of the investigating organization
  • It is a disciple to deal with the legal processes
  • To determine the evidential value of the crime scene and related evidence (Correct)

Answer : To determine the evidential value of the crime scene and related evidence

When the operating system marks cluster as used, but does not allocate them to any file, such
clusters are known as ___________.


Options are :

  • Lost clusters (Correct)
  • Empty clusters
  • Bad clusters
  • Unused clusters

Answer : Lost clusters

What is the first step that needs to be carried out to investigate wireless attacks?


Options are :

  • Document the scene and maintain a chain of custody
  • Obtain a search warrant (Correct)
  • Identify wireless devices at crime scene
  • Detect the wireless connections

Answer : Obtain a search warrant

A computer forensic report is a report which provides detailed information on the complete
forensics investigation process.


Options are :

  • False
  • True (Correct)

Answer : True

Which of the following reports are delivered under oath to a board of directors/managers/panel of
jury?


Options are :

  • Verbal Informal Report
  • Written Formal Report
  • Written informal Report
  • Verbal Formal Report (Correct)

Answer : Verbal Formal Report

Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency
spectrum around 5 GHz?


Options are :

  • 802.11i
  • 802.11a (Correct)
  • 802.11g
  • 802.11b

Answer : 802.11a

Why is it Important to consider health and safety factors in the work carried out at all stages of the
forensic process conducted by the forensic analysts?


Options are :

  • Local law enforcement agencies compel them to wear latest gloves
  • This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date (Correct)
  • All forensic teams should wear protective latex gloves which makes them look professional and cool
  • It is a part of ANSI 346 forensics standard

Answer : This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date

When NTFS Is formatted, the format program assigns the __________ sectors to the boot sectors
and to the bootstrap code


Options are :

  • First 24
  • First 16 (Correct)
  • First 12
  • First 22

Answer : First 16

Event correlation is a procedure that is assigned with a new meaning for a set of events that occur
in a predefined interval of time.
Which type of correlation will you use if your organization wants to use different OS and network
hardware platforms throughout the network?


Options are :

  • Multiple-platform correlation
  • Network-platform correlation
  • Same-platform correlation
  • Cross-platform correlation (Correct)

Answer : Cross-platform correlation

The Recycle Bin is located on the Windows desktop. When you delete an item from the hard disk,
Windows sends that deleted item to the Recycle Bin and the icon changes to full from empty, but
items deleted from removable media, such as a floppy disk or network drive, are not stored in the
Recycle Bin.
What is the size limit for Recycle Bin in Vista and later versions of the Windows?


Options are :

  • Maximum of 5.99 GB
  • Maximum of 4.99 GB
  • No size limit (Correct)
  • Maximum of 3.99 GB

Answer : No size limit

Router log files provide detailed Information about the network traffic on the Internet. It gives
information about the attacks to and from the networks. The router stores log files in
the____________.


Options are :

  • IDS logs
  • Router cache (Correct)
  • Audit logs
  • Application logs

Answer : Router cache

What is the first step that needs to be carried out to crack the password?


Options are :

  • A word list is created using a dictionary generator program or dictionaries (Correct)
  • The list of dictionary words is hashed or encrypted
  • The hashed wordlist is compared against the target hashed password, generally one word at a time
  • If it matches, that password has been cracked and the password cracker displays the unencrypted version of the password

Answer : A word list is created using a dictionary generator program or dictionaries

The Apache server saves diagnostic information and error messages that it encounters while
processing requests. The default path of this file is usr/local/apache/logs/error.log in Linux. Identify
the Apache error log from the following logs.


Options are :

  • [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test (Correct)
  • 127.0.0.1 - frank [10/Oct/2000:13:55:36-0700] "GET /apache_pb.grf HTTP/1.0" 200 2326
  • http://victim.com/scripts/..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af ./..%c0%af./../winnt/system32/cmd.exe?/c+di r+c:\wintt\system32\Logfiles\W3SVC1
  • 127.0.0.1 --[10/Apr/2007:10:39:11 +0300] ] [error] "GET /apache_pb.gif HTTP/1.0' 200 2326

Answer : [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test

All the Information about the user activity on the network, like details about login and logoff
attempts, is collected in the security log of the computer. When a user's login is successful,
successful audits generate an entry whereas unsuccessful audits generate an entry for failed login
attempts in the logon event ID table.
In the logon event ID table, which event ID entry (number) represents a successful logging on to a computer?


Options are :

  • 531
  • 529
  • 528 (Correct)
  • 530

Answer : 528

Steganography is a technique of hiding a secret message within an ordinary message and
extracting it at the destination to maintain the confidentiality of data.


Options are :

  • True (Correct)
  • False

Answer : True

Quality of a raster Image is determined by the _________________and the amount of information
in each pixel.


Options are :

  • Image file size
  • Total number of pixels (Correct)
  • Compression method
  • Image file format

Answer : Total number of pixels

Which of the following is not an example of a cyber-crime?


Options are :

  • Fraud achieved by the manipulation of the computer records
  • Deliberate circumvention of the computer security systems
  • Firing an employee for misconduct (Correct)
  • Intellectual property theft, including software piracy

Answer : Firing an employee for misconduct

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions