The authentication process is done by exchanging a set
of messages between a pair of entities, usually called as an _________________ protocol. Authentication DSA Risk Acceptable risk Approval
2. The computer forensic investigator must maintain
___________whenever a case is being investigated. Personal judgement perspective objectivity subjectivity
3. A __________ is simply a program, or hardware device,
that protects the resources of a private network from users on other networks. Honeypot IDS Firewall Bastion Host
4. __________ mainly involve government agencies that
are responsible for criminal investigations and prosecution. Private investigations Public investigations Confidential investigations Corporate investigations
5. HPFS is acronym for___________
High Performance File System High Pilferage File System High Performance File Storage High Percentile File Storage 6. The most damaging of the denial of service attacks can be a _______________ attacks, where an attacker uses zombie software distributed over several machines Zombie Bot Discrete denial of service Distributed denial of service
7. ___________ contain events generated by system
component and deals with driver failures and hardware issues. Security Log System Log Event Log Application Log
8. ____________should begin with the identification of
audience and objective of the particular report Report writing Case Classification Cross examination Report writing Case investigation
9. ________ is a procedure by which a router changes
data in packets to modify the network addresses Packet filter Proxy NAT Firewall
10. ___________ is a computer that is completely
vulnerable to attacks. Application Server Firewall Server Bastion host Rogue Server 11. _______________ refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of attack prior to launching an attack. Sniffing Footprinting Scanning Reconnaissance
12. ______ is defined as the protection of networks and their
services from unauthorized modification, destruction, or disclosure. Physical security Network security Ethical Hacking Buffer Overflow
13. __________ is the act of obtaining unauthorized access
to a network by manipulating authorized users in to revealing their passwords and access information Scanning Social Engineering Sniffing Reverse Engineering
14. Cyber Crime is divided into the two T's
Time and Task of the crime Time and Target of the crime Tools and Target of the crime Time and Tools of the crime
15. __________ is the technique attackers use to gain
access to a network, sending messages to a computer with an IP address indicating that the message is coming from a trusted host. IP Spoofing Cloning MAC Flooding Phishing
16. E-mail crime can be categorized in two ways: one
committed by sending mails and other _______ categorized by crime ISP involved supported by e-mails sender’s location
17. The ___________ is a unique identifier that is used to
establish, and maintain, wireless connectivity and acts as a single shared password between access points and clients. SSID SSDI DSDL SSLD
19. Choose the most appropriate definition for Cybercrime.
Cybercrime is defined as… Any act where the computer hardware is damaged by the software Any act violating human rights using a computer or its software Any illegal act that involves a computer, its systems, or its applications. Any malfunctioning of software or denial of access to the Internet
20. _______ is a malicious program that replicates it self
until it fills all of the storage space on a drive or network Trojan Worm Bot Virus
21. In a ____________________, the IDS examine activity
on each individual computer or host. Denial of Service Spamming Phishing Keylogging
22. ______________firewalls concentrates on individual
packets and analyzes their header information and which way they are directed to Role based packet filter based Host based Network based
23. The ___________ is a unique identifier that is used to
establish, and maintain, wireless connectivity and acts as a single shared password between access points and clients. DSDL SSLD SSDI SSID
24. ___________ contain events generated by system
component and deals with driver failures and hardware issues. Application Log Security Log System Log Event Log
25. When there is sufficient power the computer looks for
the ______for the start of the BIOS boot program. BIOS Setup BIOS RAM BIOS POST BIOS ROM
26. Investigators must document digital evidence by creating
an _________________ Evidence Diary Evidence form Evidence Recovery Form Album of evidence
27. __________ has been defined as an assault on system
security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. Exploit Threat Vulnerability Attack
Evidence is stationary on the network and multiple locations are involved There cannot be multiple investigators across multiple systems Evidence is captured in the whole only with the use of a network forensic tool Evidence is found across multiple systems and is volatile
29. The BIOS program is usually in the _______memory
location MMMM0m DDDD0d EEEE0e FFFF0h
30. ________ is a program and/or device that monitors data
traveling over a network. Strobe Scanner Spammer Sniffer
31. A ___________is any circumstance or event that has
the potential to cause harm to a system or network Disaster Threat Vulnerability Attack
32. A ___________ is a private network of computers that
uses the public Internet to connect some nodes. FINNet UseNet Routing Table VPN
33. __________ is a means for ensuring private, secure
communication between hosts over an insecure medium using tunneling. SSH IPSEC SSL VPN
34. ____________should begin with the identification of
audience and objective of the particular report Report writing Cross examination Report writing Case Classification Case investigation
35. ______________ refers to a kind of electronic civil
disobedience in which activists take direct action by breaking into, or protesting, government or corporate computer systems Attackvism Hacktivism Activism Defensiveness
36. ______________ refers to the pre-attack phase when
the attacker scans the network with specific information gathered during reconnaissance. Sniffing Scanning Spoofing Parsing
37. Any ____________involves three phases – preparation,
38. ___________ is a defined way to breach the security of
an IT system through vulnerability. Hotfix Scanning Exploit Sniffing 39. ____________ is a proxy server that doesn't have special caching abilities of a caching HTTP proxy server. Protocol Analyzer SOCKS Transparent Proxy Anonymizer
40. Proxy based firewalls concentrate on the
_____________ rather than just the packets Network Layer Physical Layer Application Layer Transport Layer
41. ____________ of the e-mail message has key role to
play in e-mail tracing as it contains the unique IP address of the server that sent the message. Signature Header Option Key
42. ______________are those that violate the confidentiality
without affecting the state of the system. Scan attacks Subversive attacks Passive attacks Active attacks
43. E-mail crime can be categorized in two ways: one
committed by sending mails and other _______ categorized by crime supported by e-mails sender’s location ISP involved 44. ____________ defines the way in which messages are transmitted over the Internet. POP SMTP SNMP HTTP
45. __________ mainly involve government agencies
that are responsible for criminal investigations and prosecution. Private investigations Public investigations Corporate investigations Confidential investigations
46. The objective of ______________ is to authenticate
based on username, password, smart cards, tokens or PINs. network authentication host authentication user authentication resource authentication
47. _________ is a program that appears to be legitimate
but is designed to have destructive effects. Virus Bot Trojan Worm
48. IPSec aids two encryption modes:
Twist and Tunnel Transport and Tunnel Transfer and Transport Telegraphic and Tunnel
49. __________ is a system integrity check tool.
Limewire MSBS Sysinternals Tripwire
50. An ________can be an event or set of events that
threatens the security in computing systems and networks in any organization. Outbreak Event log Alert Incident
51. The basic function of ___________is transmission of
data over the communication channel. data link layer physical layer transmission layer data layer
A __________ is simply a program, or hardware
52. device, that protects the resources of a private network from users on other networks. Firewall Honeypot IDS Bastion Host
53. ____________ is used to describe those hackers who
use their computer skills with malicious intent for illegal purposes or nefarious activities Grey Hats Black Hats Red Hats White Hats 54. An ____________ gathers and analyzes information from various areas within a computer, or network, in order to identify possible violations of security policy, including unauthorized access, as well as misuse. intrusion detection system outbound packet filter alert rule extensible firewall
55. A ____________ indicates successful access gained by
the user and __________ stands for the unsuccessful attempt made to gain the access. Success event, failure event Failure event, failed event Success event, unsuccessful event Failure event, success event
56. ______ is a standard for encrypting and digitally signing
electronic mail that contains attachments and for offering secure data transmissions. Secure MIME SSH SSL HTTPS
57. __________ is the art and science of hiding information
by embedding messages within other, seemingly harmless messages. Encryption Steganography Compression Concurrency 58. _____________ monitors system files to determine whether an intruder has changed the system files. System Change Implementers System Change Checkers System Indicative Verifiers System Integrity Verifiers
60. A _____________ is an application program that is used
to identify an unknown or forgotten password to a computer or network resource. Password cropper Password cracker Password hasher Password hacker
61. Logs can help in event reconstruction as they
are_______ Transient Targeted Time bound Time stamped
62. _____________ detects and drops packets that
overload the server Packet Dropper Stateful packet filtering Stateless packet filtering Protocol based filtering
63. Computer crimes pose certain challenges to solving the
crime. These include: Speed at which crime is committed, disclosure, volatility of evidence Speed at which crime is detected, anonymity, evidence recovery Speed at which crime is committed, disclosure, evidence recovery Speed at which crime is committed, anonymity, volatility of evidence
64. The __________ is a semi-trusted network zone that
separates the untrusted Internet from the company's trusted internal network. Demarcated Zone Demilitarized Zone Destabilized Zone Detoxified Zone
65. ___________ is an incident process in which a person
or software program acting on behalf of any other person takes some action and then denies them to do it later. Non Committal Non Disclosure Retraction Repudiation 66. The __________________ characterizes the organization's idea of an apt computer, usage of the network and measures to deal with the network incidents. network policy disaster recovery policy acceptable use policy security policy
67. ________________ can be said to be a security
violation that results from a threat action. Rating Ranking Disclosure Exposure
68. ______ is an online utility that helps an investigator/user
to search for copyright records AXIS AXED LOCUS LOCIS
69. _____________ layer deals with the mechanical,
electrical, procedural interfaces and the physical transmission medium. Physical Transmission Transport Network
70. ___________ is a computer program that is designed to
replicate itself by copying itself into the other programs stored in a computer Trojan Bot Virus Worm
71. _________ determines what type of resources can be
accessed per user basis. Encryption Authentication Authorization Identification
72. _____________ is an incident in which a system does
not behave as it was expected to. Subversion Supervision Submersion Subdivision
73. Which options should be turned on in a wireless network
to make it more secure? SSH and SSL SSID and WRP SSID and WEP IPSEC and SSL
74. ___________ is also known as misuse detection and
tries to identify events that misuse a system. Rule trigger system Anomaly detection Snort rule Signature recognition 75. WEP stands for ____________ Wireless Encryption Protocol Wireless Encryption Privacy Wired Equivalent Privacy Wired Equivalent Protocol
Common digital signature algorithms that are used include
______ MSA and RSA ASA and DSA MSA and ASA RSA and DSA
_________ is a program that handles external servers on
behalf of internal servers. SOCKS Proxy Firewall NAT
An ______________is a person who can investigate on a
particular case, evaluate all findings, and educate the jury about his findings. Court Reporter Jury Member Crime Reporter Expert witness Running a program that remotely finds ports opened and closed on remote systems, represents one of the most common types of __________attacks. Reverse Mapping Re-engineering Rendezvous Reconnaissance
___________is a file system designed specifically for the
OS/2 operating system to improve upon the limitations of the FAT file system. HSPF HPFS FSOS OSPF
During the power on self-test various tests are performed
including: Video card test UGA test Webcam test Napster test
In a ____________________, the IDS examine activity on
each individual computer or host. Hardware based Network based Host based Software based