You are working as a computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact local law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subject computer. You inform the officer that you will not be able to comply with thatnetwork sniffer on your network and monitor all traffic to the subject? computer. You inform the officer that you will not be able to comply with that request because doing so would:

• A.Write information to the subject hard driveWrite information to the subject? hard drive
• B.Make you an agent of law enforcement
• C.Violate your contract
• D.Cause network congestion

Comment: *

Name: *

Email: *

Verification: *

Jack Smith is a forensics investigator who works for Mason Computer Investigation
Services. He is investigating a computer that was infected by Ramen Virus.

He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

• A.Those connections are in listening mode
• B.Those connections are established
• C.Those connections are in timed out/waiting mode
• D.Those connections are in closed/waiting mode

Comment: *

Name: *

Email: *

Verification: *

A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

• A.They called in the FBI without correlating with the fingerprint data
• B.They attempted to implicate personnel without proof
• C.They examined the actual evidence on an unrelated system
• D.They tampered with evidence by using it

Comment: *

Name: *

Email: *

Verification: *

What stage of the incident handling process involves reporting events?

• A.Follow-up
• B.Recovery
• C.Identification
• D.Containment

Comment: *

Name: *

Email: *

Verification: *

The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in
Linux. Identify the Apache error log from the following logs.

• A.127.0.0.1 - frank [10/Oct/2000:13:55:36-0700] "GET /apache_pb.grf HTTP/1.0" 200
  2326
• B.http://victim.com/scripts/..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af./..%c0%af./..
  %c0%af./..%c0%af./../winnt/system32/cmd.exe?/c+di
  r+c:\wintt\system32\Logfiles\W3SVC1
• C.[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test
• D.127.0.0.1 --[10/Apr/2007:10:39:11 +0300] ] [error] "GET /apache_pb.gif HTTP/1.0' 200
  2326

Comment: *

Name: *

Email: *

Verification: *