What filter should George use in Ethereal?

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?
A. src port 23 and dst port 23
B. src port 22 and dst port 22
C. udp port 22 and host 172.16.28.1/24
D. net port 22

Answer: B

Which of the following law is related to fraud and related activity in connection with computers?

Depending upon the Jurisdictional areas, different laws apply to different incidents.
Which of the following law is related to fraud and related activity in connection with computers?
A. 18 USC 7029
B. 18 USC 7030
C. 18 USC 7361
D. 18 USC 7371

Answer: B

What would this attack on the company company PBX system be called?

Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files.
What would this attack on the company company PBX system be called?
A. Phreaking
B. Squatting
C. Crunching
D. Pretexting

Answer: A

What will the following command accomplish?

What will the following command accomplish?
dd if=/dev/xxx of=mbr.backup bs=512 count=1
A. Back up the master boot record
B. Restore the master boot record
C. Mount the master boot record on the first partition of the hard drive
D. Restore the first 512 bytes of the first partition of the hard drive

Answer: A

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 server the course of its lifetime?

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 server the course of its lifetime?
A. forensic duplication of hard drive
B. analysis of volatile data
C. comparison of MD5 checksums
D. review of SIDs in the Registry

Answer: D
Explanation:
Not MD5: MD5 checksums are used as integrity checks
User accounts are assigned a unique SID, and the SID are not reused.

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?
A. The system files have been copied by a remote attacker
B. The system administrator has created an incremental backup
C. The system has been compromised using a t0rn rootkit
D. Nothing in particular as these can be operational files

Answer: C

What kind of results did Jim receive from his vulnerability analysis?

Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test. The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable.
What kind of results did Jim receive from his vulnerability analysis?
A. False negatives
B. True negatives
C. True positives
D. False positives

Answer: A

During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible

During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible
A. True
B. False

Answer: A

E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)

E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)
A. user account that was used to send the account
B. attachments sent with the e-mail message
C. unique message identifier
D. contents of the e-mail message
E. date and time the message was sent

Answer: ACDE
Explanation:
If the question was to select 4, then I agree, but if the answer could be less than 4, I’d leave out D C message contents.

Windows identifies which application to open a file with by examining which of the following?

Windows identifies which application to open a file with by examining which of the following?
A. The File extension
B. The file attributes
C. The file Signature at the end of the file
D. The file signature at the beginning of the file

Answer: A