As a security analyst you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?
A. The employees network usernames and passwords
B. The MAC address of the employees?computers
C. The IP address of the employees computers
D. Bank account numbers and the corresponding routing numbers
Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?
A. %systemroot%\LSA
B. %systemroot%\repair
C. %systemroot%\system32\drivers\etc
D. %systemroot%\system32\LSA
What will the following command produce on a website login page?What will the following command produce on a website? login page?
SELECT email, passwd, login_id, full_name FROM members WHERE email = 'someone@somehwere.com'; DROP TABLE members; --'
A. This command will not produce anything since the syntax is incorrect
B. Inserts the Error! Reference source not found. email address into the members table
C. Retrieves the password for the first user in the members table
D. Deletes the entire members table
What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?
A. Encryption of agent communications will conceal the presence of the agents
B. Alerts are sent to the monitor when a potential intrusion is detected
C. An intruder could intercept and delete data or alerts and the intrusion can go undetected
D. The monitor will know if counterfeit messages are being generated because they will not be encrypted
The MD5 program is used to:
A. wipe magnetic media before recycling it
B. make directories on a evidence disk
C. view graphics files on an evidence drive
D. verify that a disk is not altered when you examine it
In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?
A. one who has NTFS 4 or 5 partitions
B. one who uses dynamic swap file capability
C. one who uses hard disk writes on IRQ 13 and 21
D. one who has lots of allocation units per block or cluster
When you carve an image, recovering the image depends on which of the following skills?
A. Recognizing the pattern of the header content
B. Recovering the image from a tape backup
C. Recognizing the pattern of a corrupt file
D. Recovering the image from the tape backup
Windows identifies which application to open a file with by examining which of the following?
A. The File extension
B. The file attributes
C. The file Signature at the end of the file
D. The file signature at the beginning of the file
As a CHFI professional, which of the following is the most important to your professional reputation?
A. Your Certifications
B. The correct, successful management of each and every case
C. The free that you charge
D. The friendship of local law enforcement officers
Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?
A. A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5 checksum
B. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file
C. A simple DOS copy will not include deleted files, file slack and other information
D. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector