1.

The authentication process is done by exchanging a set

of messages between a pair of entities, usually called as
an _________________ protocol.
Authentication
DSA Risk
Acceptable risk
Approval

2. The computer forensic investigator must maintain

___________whenever a case is being investigated.
Personal judgement
perspective
objectivity
subjectivity

3. A __________ is simply a program, or hardware device,

that protects the resources of a private network from
users on other networks.
Honeypot
IDS
Firewall
Bastion Host

4. __________ mainly involve government agencies that

are responsible for criminal investigations and
prosecution.
Private investigations
Public investigations
Confidential investigations
Corporate investigations

5. HPFS is acronym for___________

High Performance File System
High Pilferage File System
High Performance File Storage
High Percentile File Storage
6. The most damaging of the denial of service attacks can
be a _______________ attacks, where an attacker uses
zombie software distributed over several machines
Zombie
Bot
Discrete denial of service
Distributed denial of service

7. ___________ contain events generated by system

component and deals with driver failures and hardware
issues.
Security Log
System Log
Event Log
Application Log

8. ____________should begin with the identification of

audience and objective of the particular report Report
writing
Case Classification
Cross examination
Report writing
Case investigation

9. ________ is a procedure by which a router changes

data in packets to modify the network addresses
Packet filter
Proxy
NAT
Firewall

10. ___________ is a computer that is completely

vulnerable to attacks.
Application Server
Firewall Server
Bastion host
Rogue Server
11. _______________ refers to the preparatory phase
where an attacker seeks to gather as much information
as possible about a target of attack prior to launching an
attack.
Sniffing
Footprinting
Scanning
Reconnaissance

12. ______ is defined as the protection of networks and their

services from unauthorized modification, destruction, or
disclosure.
Physical security
Network security
Ethical Hacking
Buffer Overflow

13. __________ is the act of obtaining unauthorized access

to a network by manipulating authorized users in to
revealing their passwords and access information
Scanning
Social Engineering
Sniffing
Reverse Engineering

14. Cyber Crime is divided into the two T's

Time and Task of the crime
Time and Target of the crime
Tools and Target of the crime
Time and Tools of the crime

15. __________ is the technique attackers use to gain

access to a network, sending messages to a computer
with an IP address indicating that the message is
coming from a trusted host.
IP Spoofing
Cloning
MAC Flooding
Phishing

16. E-mail crime can be categorized in two ways: one

committed by sending mails and other _______
categorized by crime
ISP involved
supported by e-mails
sender’s location

17. The ___________ is a unique identifier that is used to

establish, and maintain, wireless connectivity and acts
as a single shared password between access points and
clients.
SSID
SSDI
DSDL
SSLD

18. WEP stands for ____________

Wireless Encryption Privacy
Wired Equivalent Privacy
Wired Equivalent Protocol
Wireless Encryption Protocol

19. Choose the most appropriate definition for Cybercrime.

Cybercrime is defined as…
Any act where the computer hardware is damaged by the
software
Any act violating human rights using a computer or its software
Any illegal act that involves a computer, its systems, or its
applications.
Any malfunctioning of software or denial of access to the Internet

20. _______ is a malicious program that replicates it self

until it fills all of the storage space on a drive or network
Trojan
Worm
Bot
Virus

21. In a ____________________, the IDS examine activity

on each individual computer or host.
Denial of Service
Spamming
Phishing
Keylogging

22. ______________firewalls concentrates on individual

packets and analyzes their header information and
which way they are directed to
Role based
packet filter based
Host based
Network based

23. The ___________ is a unique identifier that is used to

establish, and maintain, wireless connectivity and acts
as a single shared password between access points and
clients.
DSDL
SSLD
SSDI
SSID

24. ___________ contain events generated by system

component and deals with driver failures and hardware
issues.
Application Log
Security Log
System Log
Event Log

25. When there is sufficient power the computer looks for

the ______for the start of the BIOS boot program.
 BIOS Setup
BIOS RAM
BIOS POST
BIOS ROM

26. Investigators must document digital evidence by creating

an _________________
Evidence Diary
Evidence form
Evidence Recovery Form
Album of evidence

27. __________ has been defined as an assault on system

security that derives from an intelligent threat, i.e., an
intelligent act that is a deliberate attempt (especially in
the sense of a method or technique) to evade security
services and violate the security policy of a system.
Exploit
Threat
Vulnerability
Attack

28. Network forensics poses greater challenges as:

Evidence is stationary on the network and multiple locations are
involved
There cannot be multiple investigators across multiple systems
Evidence is captured in the whole only with the use of a
network forensic tool
Evidence is found across multiple systems and is volatile

29. The BIOS program is usually in the _______memory

location
MMMM0m
DDDD0d
EEEE0e
FFFF0h

30. ________ is a program and/or device that monitors data

traveling over a network.
Strobe
Scanner
Spammer
Sniffer

31. A ___________is any circumstance or event that has

the potential to cause harm to a system or network
Disaster
Threat
Vulnerability
Attack

32. A ___________ is a private network of computers that

uses the public Internet to connect some nodes.
FINNet
UseNet
Routing Table
VPN

33. __________ is a means for ensuring private, secure

communication between hosts over an insecure medium
using tunneling.
SSH
IPSEC
SSL
VPN

34. ____________should begin with the identification of

audience and objective of the particular report Report
writing
Cross examination
Report writing
Case Classification
Case investigation

35. ______________ refers to a kind of electronic civil

disobedience in which activists take direct action by
breaking into, or protesting, government or corporate
computer systems
Attackvism
Hacktivism
Activism
Defensiveness

36. ______________ refers to the pre-attack phase when

the attacker scans the network with specific information
gathered during reconnaissance.
Sniffing
Scanning
Spoofing
Parsing

37. Any ____________involves three phases – preparation,

conduct and conclusion.
Security testing
Security finding
Security reporting
Security probing

38. ___________ is a defined way to breach the security of

an IT system through vulnerability.
Hotfix
Scanning
Exploit
Sniffing
39. ____________ is a proxy server that doesn't have
special caching abilities of a caching HTTP proxy server.
Protocol Analyzer
SOCKS
Transparent Proxy
Anonymizer

40. Proxy based firewalls concentrate on the

_____________ rather than just the packets
Network Layer
Physical Layer
Application Layer
Transport Layer

41. ____________ of the e-mail message has key role to

play in e-mail tracing as it contains the unique IP
address of the server that sent the message.
Signature
Header
Option
Key

42. ______________are those that violate the confidentiality

without affecting the state of the system.
Scan attacks
Subversive attacks
Passive attacks
Active attacks

43. E-mail crime can be categorized in two ways: one

committed by sending mails and other _______
categorized by crime
supported by e-mails
sender’s location
ISP involved
44. ____________ defines the way in which messages are
transmitted over the Internet.
POP
SMTP
SNMP
HTTP

45. __________ mainly involve government agencies

that are responsible for criminal investigations and
prosecution.
Private investigations
Public investigations
Corporate investigations
Confidential investigations

46. The objective of ______________ is to authenticate

based on username, password, smart cards, tokens or
PINs.
network authentication
host authentication
user authentication
resource authentication

47. _________ is a program that appears to be legitimate

but is designed to have destructive effects.
Virus
Bot
Trojan
Worm

48. IPSec aids two encryption modes:

Twist and Tunnel
Transport and Tunnel
Transfer and Transport
Telegraphic and Tunnel

49. __________ is a system integrity check tool.

 Limewire
MSBS
Sysinternals
Tripwire

50. An ________can be an event or set of events that

threatens the security in computing systems and
networks in any organization.
Outbreak
Event log
Alert
Incident

51. The basic function of ___________is transmission of

data over the communication channel.
data link layer
physical layer
transmission layer
data layer

A __________ is simply a program, or hardware

52.
device, that protects the resources of a private
network from users on other networks.
Firewall
Honeypot
IDS
Bastion Host

53. ____________ is used to describe those hackers who

use their computer skills with malicious intent for illegal
purposes or nefarious activities
Grey Hats
Black Hats
Red Hats
White Hats
54. An ____________ gathers and analyzes information
from various areas within a computer, or network, in
order to identify possible violations of security policy,
including unauthorized access, as well as misuse.
intrusion detection system
outbound packet filter
alert rule
extensible firewall

55. A ____________ indicates successful access gained by

the user and __________ stands for the unsuccessful
attempt made to gain the access.
Success event, failure event
Failure event, failed event
Success event, unsuccessful event
Failure event, success event

56. ______ is a standard for encrypting and digitally signing

electronic mail that contains attachments and for offering
secure data transmissions.
Secure MIME
SSH
SSL
HTTPS

57. __________ is the art and science of hiding information

by embedding messages within other, seemingly
harmless messages.
Encryption
Steganography
Compression
Concurrency
58. _____________ monitors system files to determine
whether an intruder has changed the system files.
System Change Implementers
System Change Checkers
System Indicative Verifiers
System Integrity Verifiers

59. RADIUS, TACAS, IKE are _________

Secure Methodologies
Security Products
Secure Protocols
Secure Technologies

60. A _____________ is an application program that is used

to identify an unknown or forgotten password to a
computer or network resource.
Password cropper
Password cracker
Password hasher
Password hacker

61. Logs can help in event reconstruction as they

are_______
Transient
Targeted
Time bound
Time stamped

62. _____________ detects and drops packets that

overload the server
Packet Dropper
Stateful packet filtering
Stateless packet filtering
Protocol based filtering

63. Computer crimes pose certain challenges to solving the

crime. These include:
Speed at which crime is committed, disclosure, volatility of
evidence
Speed at which crime is detected, anonymity, evidence recovery
Speed at which crime is committed, disclosure, evidence
recovery
Speed at which crime is committed, anonymity, volatility of
evidence

64. The __________ is a semi-trusted network zone that

separates the untrusted Internet from the company's
trusted internal network.
Demarcated Zone
Demilitarized Zone
Destabilized Zone
Detoxified Zone

65. ___________ is an incident process in which a person

or software program acting on behalf of any other
person takes some action and then denies them to do it
later.
Non Committal
Non Disclosure
Retraction
Repudiation
66. The __________________ characterizes the
organization's idea of an apt computer, usage of the
network and measures to deal with the network
incidents.
network policy
disaster recovery policy
acceptable use policy
security policy

67. ________________ can be said to be a security

violation that results from a threat action.
Rating
Ranking
Disclosure
Exposure

68. ______ is an online utility that helps an investigator/user

to search for copyright records
AXIS
AXED
LOCUS
LOCIS

69. _____________ layer deals with the mechanical,

electrical, procedural interfaces and the physical
transmission medium.
Physical
Transmission
Transport
Network

70. ___________ is a computer program that is designed to

replicate itself by copying itself into the other programs
stored in a computer
Trojan
Bot
Virus
Worm

71. _________ determines what type of resources can be

accessed per user basis.
Encryption
Authentication
Authorization
Identification

72. _____________ is an incident in which a system does

not behave as it was expected to.
Subversion
Supervision
Submersion
Subdivision

73. Which options should be turned on in a wireless network

to make it more secure?
SSH and SSL
SSID and WRP
SSID and WEP
IPSEC and SSL

74. ___________ is also known as misuse detection and

tries to identify events that misuse a system.
Rule trigger system
Anomaly detection
Snort rule
Signature recognition
 75. WEP stands for ____________
Wireless Encryption Protocol
Wireless Encryption Privacy
Wired Equivalent Privacy
Wired Equivalent Protocol

Common digital signature algorithms that are used include

______
MSA and RSA
ASA and DSA
MSA and ASA
RSA and DSA

_________ is a program that handles external servers on

behalf of internal servers.
SOCKS
Proxy
Firewall
NAT

An ______________is a person who can investigate on a

particular case, evaluate all findings, and educate the jury
about his findings.
Court Reporter
Jury Member
Crime Reporter
Expert witness
Running a program that remotely finds ports opened and
closed on remote systems, represents one of the most
common types of __________attacks.
Reverse Mapping
Re-engineering
Rendezvous
Reconnaissance

___________is a file system designed specifically for the

OS/2 operating system to improve upon the limitations of the
FAT file system.
HSPF
HPFS
FSOS
OSPF

During the power on self-test various tests are performed

including:
Video card test
UGA test
Webcam test
Napster test

In a ____________________, the IDS examine activity on

each individual computer or host.
Hardware based
Network based
Host based
Software based