New Year Goodies - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: av5rz84q

Exact2Pass Menu

Question # 4

Which of the following commands shows you all of the network services running on Windows-based servers?

A.

Netstart

B.

Net Session

C.

Net use

D.

Net config

Full Access
Question # 5

Which of the following stages in a Linux boot process involve initialization of the system’s hardware?

A.

BIOS Stage

B.

Bootloader Stage

C.

BootROM Stage

D.

Kernel Stage

Full Access
Question # 6

Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

A.

Rule-Based Approach

B.

Automated Field Correlation

C.

Field-Based Approach

D.

Graph-Based Approach

Full Access
Question # 7

Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

A.

HIPAA

B.

GLBA

C.

SOX

D.

FISMA

Full Access
Question # 8

When investigating a wireless attack, what information can be obtained from the DHCP logs?

A.

The operating system of the attacker and victim computers

B.

IP traffic between the attacker and the victim

C.

MAC address of the attacker

D.

If any computers on the network are running in promiscuous mode

Full Access
Question # 9

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?

A.

Justification

B.

Authentication

C.

Reiteration

D.

Certification

Full Access
Question # 10

Before performing a logical or physical search of a drive in Encase, what must be added to the program?

A.

File signatures

B.

Keywords

C.

Hash sets

D.

Bookmarks

Full Access
Question # 11

Madison is on trial for allegedly breaking into her university’s internal network. The police raided her dorm room and seized all of her computer equipment. Madison’s lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison’s lawyer trying to prove the police violated?

A.

The 4th Amendment

B.

The 1st Amendment

C.

The 10th Amendment

D.

The 5th Amendment

Full Access
Question # 12

Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that disappeared upon execution. Now, he wants to examine the MIME stream content. Which of the following files is he going to examine?

A.

PRIV.STM

B.

gwcheck.db

C.

PRIV.EDB

D.

PUB.EDB

Full Access
Question # 13

What is the smallest physical storage unit on a hard drive?

A.

Track

B.

Cluster

C.

Sector

D.

Platter

Full Access
Question # 14

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

A.

RestrictAnonymous must be set to "10" for complete security

B.

RestrictAnonymous must be set to "3" for complete security

C.

RestrictAnonymous must be set to "2" for complete security

D.

There is no way to always prevent an anonymous null session from establishing

Full Access
Question # 15

Where is the default location for Apache access logs on a Linux computer?

A.

usr/local/apache/logs/access_log

B.

bin/local/home/apache/logs/access_log

C.

usr/logs/access_log

D.

logs/usr/apache/access_log

Full Access
Question # 16

In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

A.

Security Administrator

B.

Network Administrator

C.

Director of Information Technology

D.

Director of Administration

Full Access
Question # 17

Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?

A.

Written Formal Report

B.

Verbal Formal Report

C.

Verbal Informal Report

D.

Written Informal Report

Full Access
Question # 18

Steven has been given the task of designing a computer forensics lab for the company he works for. He has found documentation on all aspects of how to design a lab except the number of exits needed. How many exits should Steven include in his design for the computer forensics lab?

A.

Three

B.

One

C.

Two

D.

Four

Full Access
Question # 19

Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

A.

18 USC §1029

B.

18 USC §1030

C.

18 USC §1361

D.

18 USC §1371

Full Access
Question # 20

What is the CIDR from the following screenshot?

A.

/24A./24A./24

B.

/32 B./32 B./32

C.

/16 C./16 C./16

D.

/8D./8D./8

Full Access
Question # 21

Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

A.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

B.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProfileList

C.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegList

D.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Regedit

Full Access
Question # 22

Which of the following is an iOS Jailbreaking tool?

A.

Kingo Android ROOT

B.

Towelroot

C.

One Click Root

D.

Redsn0w

Full Access
Question # 23

The investigator wants to examine changes made to the system’s registry by the suspect program. Which of the following tool can help the investigator?

A.

TRIPWIRE

B.

RAM Capturer

C.

Regshot

D.

What’s Running

Full Access
Question # 24

Who is responsible for the following tasks?

A.

Non-forensics staff

B.

Lawyers

C.

System administrators

D.

Local managers or other non-forensic staff

Full Access
Question # 25

What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?

A.

Cracks every password in 10 minutes

B.

Distribute processing over 16 or fewer computers

C.

Support for Encrypted File System

D.

Support for MD5 hash verification

Full Access
Question # 26

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

A.

Net sessions

B.

Net config

C.

Net share

D.

Net use

Full Access
Question # 27

A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this?

A.

He should search in C:\Windows\System32\RECYCLED folder

B.

The Recycle Bin does not exist on the hard drive

C.

The files are hidden and he must use switch to view them

D.

Only FAT system contains RECYCLED folder and not NTFS

Full Access
Question # 28

Which program is the bootloader when Windows XP starts up?

A.

KERNEL.EXE

B.

NTLDR

C.

LOADER

D.

LILO

Full Access
Question # 29

Which MySQL log file contains information on server start and stop?

A.

Slow query log file

B.

General query log file

C.

Binary log

D.

Error log file

Full Access
Question # 30

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

A.

C:\Program Files\Exchsrvr\servername.log

B.

D:\Exchsrvr\Message Tracking\servername.log

C.

C:\Exchsrvr\Message Tracking\servername.log

D.

C:\Program Files\Microsoft Exchange\srvr\servername.log

Full Access
Question # 31

What malware analysis operation can the investigator perform using the jv16 tool?

A.

Files and Folder Monitor

B.

Installation Monitor

C.

Network Traffic Monitoring/Analysis

D.

Registry Analysis/Monitoring

Full Access
Question # 32

Which of the following commands shows you the username and IP address used to access the system via a remote login session and the type of client from which they are accessing the system?

A.

Net config

B.

Net sessions

C.

Net share

D.

Net stat

Full Access
Question # 33

Brian needs to acquire data from RAID storage. Which of the following acquisition methods is recommended to retrieve only the data relevant to the investigation?

A.

Static Acquisition

B.

Sparse or Logical Acquisition

C.

Bit-stream disk-to-disk Acquisition

D.

Bit-by-bit Acquisition

Full Access
Question # 34

What is the name of the first reserved sector in File allocation table?

A.

Volume Boot Record

B.

Partition Boot Sector

C.

Master Boot Record

D.

BIOS Parameter Block

Full Access
Question # 35

Which of the following is NOT an anti-forensics technique?

A.

Data Deduplication

B.

Steganography

C.

Encryption

D.

Password Protection

Full Access
Question # 36

Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?

A.

Isolating the host device

B.

Installing malware analysis tools

C.

Using network simulation tools

D.

Enabling shared folders

Full Access
Question # 37

During an investigation, Noel found the following SIM card from the suspect's mobile. What does the code 89 44 represent?

A.

Issuer Identifier Number and TAC

B.

Industry Identifier and Country code

C.

Individual Account Identification Number and Country Code

D.

TAC and Industry Identifier

Full Access
Question # 38

Buffer overflow vulnerabilities, of web applications, occurs when the application fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the _________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.

A.

Adjacent buffer locations

B.

Adjacent string locations

C.

Adjacent bit blocks

D.

Adjacent memory locations

Full Access
Question # 39

Which of the following does Microsoft Exchange E-mail Server use for collaboration of various e-mail applications?

A.

Simple Mail Transfer Protocol (SMTP)

B.

Messaging Application Programming Interface (MAPI)

C.

Internet Message Access Protocol (IMAP)

D.

Post Office Protocol version 3 (POP3)

Full Access
Question # 40

Checkpoint Firewall logs can be viewed through a Check Point Log viewer that uses icons and colors in the log table to represent different security events and their severity. What does the icon in the checkpoint logs represent?

A.

The firewall rejected a connection

B.

A virus was detected in an email

C.

The firewall dropped a connection

D.

An email was marked as potential spam

Full Access
Question # 41

Robert is a regional manager working in a reputed organization. One day, he suspected malware attack after unwanted programs started to popup after logging into his computer. The network administrator was called upon to trace out any intrusion on the computer and he/she finds that suspicious activity has taken place within Autostart locations. In this situation, which of the following tools is used by the network administrator to detect any intrusion on a system?

A.

Hex Editor

B.

Internet Evidence Finder

C.

Process Monitor

D.

Report Viewer

Full Access
Question # 42

Which of the following components within the android architecture stack take care of displaying windows owned by different applications?

A.

Media Framework

B.

Surface Manager

C.

Resource Manager

D.

Application Framework

Full Access
Question # 43

For what purpose do the investigators use tools like iPhoneBrowser, iFunBox, OpenSSHSSH, and iMazing?

A.

Bypassing iPhone passcode

B.

Debugging iPhone

C.

Rooting iPhone

D.

Copying contents of iPhone

Full Access
Question # 44

What is the purpose of using Obfuscator in malware?

A.

Execute malicious code in the system

B.

Avoid encryption while passing through a VPN

C.

Avoid detection by security mechanisms

D.

Propagate malware to other connected devices

Full Access
Question # 45

A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees don’t like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

A.

tcp.port = 23

B.

tcp.port == 21

C.

tcp.port == 21 || tcp.port == 22

D.

tcp.port != 21

Full Access
Question # 46

What technique is used by JPEGs for compression?

A.

TIFF-8

B.

ZIP

C.

DCT

D.

TCD

Full Access
Question # 47

Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

A.

Expert Witness

B.

Evidence Examiner

C.

Forensic Examiner

D.

Defense Witness

Full Access
Question # 48

What is the framework used for application development for iOS-based mobile devices?

A.

Cocoa Touch

B.

Dalvik

C.

Zygote

D.

AirPlay

Full Access
Question # 49

Where should the investigator look for the Edge browser’s browsing records, including history, cache, and cookies?

A.

ESE Database

B.

Virtual Memory

C.

Sparse files

D.

Slack Space

Full Access
Question # 50

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?

A.

Both pharming and phishing attacks are purely technical and are not considered forms of social engineering

B.

In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name

C.

In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name

D.

Both pharming and phishing attacks are identical

Full Access
Question # 51

Which of these Windows utility help you to repair logical file system errors?

A.

Resource Monitor

B.

Disk cleanup

C.

Disk defragmenter

D.

CHKDSK

Full Access
Question # 52

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

A.

DevScan

B.

Devcon

C.

fsutil

D.

Reg.exe

Full Access
Question # 53

A section of your forensics lab houses several electrical and electronic equipment. Which type of fire extinguisher you must install in this area to contain any fire incident?

A.

Class B

B.

Class D

C.

Class C

D.

Class A

Full Access
Question # 54

Which of the following tools is not a data acquisition hardware tool?

A.

UltraKit

B.

Atola Insight Forensic

C.

F-Response Imager

D.

Triage-Responder

Full Access
Question # 55

Which of the following statements is incorrect when preserving digital evidence?

A.

Verify if the monitor is in on, off, or in sleep mode

B.

Turn on the computer and extract Windows event viewer log files

C.

Remove the plug from the power router or modem

D.

Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals

Full Access
Question # 56

Which of the following is NOT an anti-forensics technique?

A.

Data Deduplication

B.

Password Protection

C.

Encryption

D.

Steganography

Full Access
Question # 57

Which of the following is a responsibility of the first responder?

A.

Determine the severity of the incident

B.

Collect as much information about the incident as possible

C.

Share the collected information to determine the root cause

D.

Document the findings

Full Access
Question # 58

Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?

A.

Model.log

B.

Model.txt

C.

Model.ldf

D.

Model.lgf

Full Access
Question # 59

Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?

A.

A text file deleted from C drive in sixth sequential order

B.

A text file deleted from C drive in fifth sequential order

C.

A text file copied from D drive to C drive in fifth sequential order

D.

A text file copied from C drive to D drive in fifth sequential order

Full Access
Question # 60

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

A.

Robust copy

B.

Incremental backup copy

C.

Bit-stream copy

D.

Full backup copy

Full Access
Question # 61

When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

A.

Recycle Bin

B.

MSDOS.sys

C.

BIOS

D.

Case files

Full Access
Question # 62

When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

A.

Universal Time Set

B.

Network Time Protocol

C.

SyncTime Service

D.

Time-Sync Protocol

Full Access
Question # 63

An "idle" system is also referred to as what?

A.

PC not connected to the Internet

B.

Zombie

C.

PC not being used

D.

Bot

Full Access
Question # 64

Which part of the Windows Registry contains the user's password file?

A.

HKEY_LOCAL_MACHINE

B.

HKEY_CURRENT_CONFIGURATION

C.

HKEY_USER

D.

HKEY_CURRENT_USER

Full Access
Question # 65

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

A.

The system files have been copied by a remote attacker

B.

The system administrator has created an incremental backup

C.

The system has been compromised using a t0rnrootkit

D.

Nothing in particular as these can be operational files

Full Access
Question # 66

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine that drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments.

What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

A.

Bit-stream Copy

B.

Robust Copy

C.

Full backup Copy

D.

Incremental Backup Copy

Full Access
Question # 67

What does ICMP Type 3/Code 13 mean?

A.

Host Unreachable

B.

Administratively Blocked

C.

Port Unreachable

D.

Protocol Unreachable

Full Access
Question # 68

Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and zombies? What type of Penetration Testing is Larry planning to carry out?

A.

Router Penetration Testing

B.

DoS Penetration Testing

C.

Firewall Penetration Testing

D.

Internal Penetration Testing

Full Access
Question # 69

In Microsoft file structures, sectors are grouped together to form:

A.

Clusters

B.

Drives

C.

Bitstreams

D.

Partitions

Full Access
Question # 70

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

A.

the attorney-work-product rule

B.

Good manners

C.

Trade secrets

D.

ISO 17799

Full Access
Question # 71

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

A.

a write-blocker

B.

a protocol analyzer

C.

a firewall

D.

a disk editor

Full Access
Question # 72

What does the acronym POST mean as it relates to a PC?

A.

Primary Operations Short Test

B.

PowerOn Self Test

C.

Pre Operational Situation Test

D.

Primary Operating System Test

Full Access
Question # 73

Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security.

Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

A.

Border Gateway Protocol

B.

Cisco Discovery Protocol

C.

Broadcast System Protocol

D.

Simple Network Management Protocol

Full Access
Question # 74

Why is it a good idea to perform a penetration test from the inside?

A.

It is never a good idea to perform a penetration test from the inside

B.

Because 70% of attacks are from inside the organization

C.

To attack a network from a hacker's perspective

D.

It is easier to hack from the inside

Full Access
Question # 75

Kyle is performing the final testing of an application he developed for the accounting department.

His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

#include #include int main(int argc, char

*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; }

strcpy(buffer, argv[1]); return 0; }

A.

Buffer overflow

B.

SQL injection

C.

Format string bug

D.

Kernal injection

Full Access
Question # 76

The objective of this act was to protect consumers’ personal financial information held by financial institutions and their service providers.

A.

Gramm-Leach-Bliley Act

B.

Sarbanes-Oxley 2002

C.

California SB 1386

D.

HIPAA

Full Access
Question # 77

In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the data.

A.

Network Forensics

B.

Data Recovery

C.

Disaster Recovery

D.

Computer Forensics

Full Access
Question # 78

John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

A.

Hillary network username and password hash

B.

The SID of Hillary network account

C.

The SAM file from Hillary computer

D.

The network shares that Hillary has permissions

Full Access
Question # 79

When reviewing web logs, you see an entry for resource not found in the HTTP status code filed.

What is the actual error code that you would see in the log for resource not found?

A.

202

B.

404

C.

505

D.

909

Full Access
Question # 80

When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

A.

Title 18, Section 1030

B.

Title 18, Section 2703(d)

C.

Title 18, Section Chapter 90

D.

Title 18, Section 2703(f)

Full Access
Question # 81

The use of warning banners helps a company avoid litigation by overcoming an employee assumed __________________________. When connecting to the company's intranet, network or Virtual Private Network(VPN) and will allow the company's investigators to monitor, search and retrieve information stored within the network.

A.

Right to work

B.

Right of free speech

C.

Right to Internet Access

D.

Right of Privacy

Full Access
Question # 82

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces. What could have prevented this information from being stolen from the laptops?

A.

EFS Encryption

B.

DFS Encryption

C.

IPS Encryption

D.

SDW Encryption

Full Access
Question # 83

George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?

A.

Nessus is too loud

B.

Nessus cannot perform wireless testing

C.

Nessus is not a network scanner

D.

There are no ways of performing a "stealthy" wireless scan

Full Access
Question # 84

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

A.

Guest

B.

Root

C.

You cannot determine what privilege runs the daemon service

D.

Something other than root

Full Access
Question # 85

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls? (Choose two.)

A.

162

B.

161

C.

163

D.

160

Full Access
Question # 86

Item 2If you come across a sheepdip machine at your client site, what would you infer?

A.

A sheepdip coordinates several honeypots

B.

A sheepdip computer is another name for a honeypot

C.

A sheepdip computer is used only for virus-checking.

D.

A sheepdip computer defers a denial of service attack

Full Access
Question # 87

At what layer of the OSI model do routers function on?

A.

4

B.

3

C.

1

D.

5

Full Access
Question # 88

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.

Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

A.

All forms should be placed in an approved secure container because they are now primary evidence in the case.

B.

The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.

C.

The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.

D.

All forms should be placed in the report file because they are now primary evidence in the case.

Full Access
Question # 89

What will the following command produce on a website login page? SELECT email, passwd, login_id, full_name FROM members WHERE email = 'someone@somehwere.com'; DROP TABLE members; --'

A.

Deletes the entire members table

B.

Inserts the Error! Reference source not found.email address into the members table

C.

Retrieves the password for the first user in the members table

D.

This command will not produce anything since the syntax is incorrect

Full Access
Question # 90

When obtaining a warrant, it is important to:

A.

particularlydescribe the place to be searched and particularly describe the items to be seized

B.

generallydescribe the place to be searched and particularly describe the items to be seized

C.

generallydescribe the place to be searched and generally describe the items to be seized

D.

particularlydescribe the place to be searched and generally describe the items to be seized

Full Access