412-79 Online Practice Questions and Answers

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

A. Guest

B. You cannot determine what privilege runs the daemon service

C. Root

D. Something other than root

You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive.org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal:

What have you found?

A. Trojan.downloader

B. Blind bug

C. Web bug

D. CGI code

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

A. Ping trace

B. Tracert

C. Smurf scan

D. ICMP ping sweep

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

A. NIPS

B. Passive IDS

C. Progressive IDS

D. Active IDS

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

A. Enable tunneling feature on the switch

B. Trick the switch into thinking it already has a session with Terri's computer

C. Crash the switch with a DoS attack since switches cannot send ACK bits

D. Poison the switch's MAC address table by flooding it with ACK bits

What will the following command produce on a website login page?What will the following command produce on a website? login page?

SELECT email, passwd, login_id, full_name FROM members WHERE email = '[email protected]'; DROP TABLE members; --'

A. This command will not produce anything since the syntax is incorrect

B. Inserts the Error! Reference source not found. email address into the members table

C. Retrieves the password for the first user in the members table

D. Deletes the entire members table

This organization maintains a database of hash signatures for known software:

A. International Standards Organization

B. Institute of Electrical and Electronics Engineers

C. National Software Reference Library

D. American National standards Institute

Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

A. A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5 checksum

B. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file

C. A simple DOS copy will not include deleted files, file slack and other information

D. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

A state department site was recently attacked and all the servers had their disks eraseD. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have

the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally eraseD. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects

including three summer interns.

Where did the incident team go wrong?

A. They examined the actual evidence on an unrelated system

B. They attempted to implicate personnel without proof

C. They tampered with evidence by using it

D. They called in the FBI without correlating with the fingerprint data

You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firms employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will.

What do you do?

A. Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned

B. Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment

C. Inform the owner that conducting an investigation without a policy is a violation of the employees expectation of privacy

D. Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies