If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?
A. The system files have been copied by a remote attacker
B. The system administrator has created an incremental backup
C. The system has been compromised using a t0rnrootkit
D. Nothing in particular as these can be operational files
From the following spam mail header, identify the host IP that sent this spam? From [email protected] [email protected] Tue Nov 27 17:27:11 2001 Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001
17:26:36
+0800 (HKT) Message-Id: >[email protected] From: "china hotel web"
To: "Shlam"
Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME- Version: 1.0 X-Priority: 3 X-MSMail- Priority: Normal Reply-To: "china hotel web"
A.
137.189.96.52
B.
8.12.1.0
C.
203.218.39.20
D.
203.218.39.50
You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics laB. How many law-enforcement computer investigators should you request to staff the lab?
A. 8
B. 1
C. 4
D. 2
When obtaining a warrant it is important to:
A. particularlydescribe the place to be searched and particularly describe the items to be seized
B. generallydescribe the place to be searched and particularly describe the items to be seized
C. generallydescribe the place to be searched and generally describe the items to be seized
D. particularlydescribe the place to be searched and generally describe the items to be seized
Sectors in hard disks typically contain how many bytes?
A. 256
B. 512
C. 1024
D. 2048
What does the superblock in Linux define?
A. filesynames
B. diskgeometr
C. location of the firstinode
D. available space
Area density refers to:
A. the amount of data per disk
B. the amount of data per partition
C. the amount of data per square inch
D. the amount of data per platter
Which of the following should a computer forensics lab used for investigations have?
A. isolation
B. restricted access
C. open access
D. an entry log
Corporate investigations are typically easier than public investigations because:
A. the users have standard corporate equipment and software
B. the investigator does not have to get a warrant
C. the investigator has to get a warrant
D. the users can load whatever they want on their machines
Jason is the security administrator of ACMA metal Corporation. One day he notices the company s Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crimes investigations throughout the United States?
A. Internet Fraud Complaint Center
B. Local or national office of the U.S. Secret Service
C. National Infrastructure Protection Center
D. CERT Coordination Center
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.