ECCouncil Computer Hacking Forensic Investigator
Question No: 151 – (Topic 2)
Sectors in hard disks typically contain how many bytes?
Question No: 152 – (Topic 2)
What is the target host IP in the following command? C:\gt; firewalk -F 80 10.10.150.1 172.16.28.95 -p UDP
This command is using FIN packets, which cannot scan target hosts
Firewalk does not scan target hosts
Question No: 153 – (Topic 2)
Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers. Bill protects the PDF documents with a password and sends them to their intended recipients. Why PDF passwords do not offer maximum protection?
PDF passwords are converted to clear text when sent through E-mail
PDF passwords are not considered safe by Sarbanes-Oxley
When sent through E-mail, PDF passwords are stripped from the document completely
PDF passwords can easily be cracked by software brute force tools
Question No: 154 – (Topic 2)
You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?
Throw the hard disk into the fire
Run the powerful magnets over the hard disk
Format the hard disk multiple times using a low level disk utility
Overwrite the contents of the hard disk with Junk data
Explanation: To be effective with throwing the hard drive into the fire, the fire would have to be hot enough to melt the platters into molten metal, which requires an industrial furnance. This requires special facilities.
Running powerful magnets over the disk, such as degaussing the disk, may destroy the data, but may also be ineffective. In some cases, the degaussing process for tape and disk may render the disk unusable for use again. (of course throwing the drives into a furnance also guarantee that as well).
Formatting the disk multiple times with a low level disk utility is the best way to go, and still beable to re-use the disk for later projects. The keys are “multiple” and “low level”. A low level format is typicall a slow, thorough, format that is a wipe. Multiple – as opposed to once – is recommended. There is a theory on “how many times”, some schools say at least three times. The problem with this answer is that with newer drives, such as ATA and SCSI, low level formats can destroy the volumes as well, and some BIOS may actually ignore the LLF directives.
Overwritting the disk with junk data would perform some form of wipe because the old data is wiped out, but still may be recoverd.
According to some websites:
Physical Methods that will not work to destroy data on a hard drive include:Throwing it in the water (this does not do much)Setting it on fire (the temperature is not going to be high enough at home)Throwing it out of the window. Hard drives can take quite a bit of G force. They are not heavy so the impact of the hard drive on the ground is not likely to destroy the platters.Drive over the hard drive. A car, or even a tank, driving over a hard drive will do nothing, any more than they would driving over a book. Unless the drive is actually flattened, the platters are not going to be destroyed
Question No: 155 – (Topic 2)
The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.
California SB 1386
Question No: 156 – (Topic 2)
If an attacker#39;s computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?
B. The zombie will not send a response
Question No: 157 – (Topic 2)
In the following email header, where did the email first originate from?
Question No: 158 – (Topic 2)
When monitoring for both intrusion and security events between multiple computers, it is essential that the computers#39; clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?
Network Time Protocol
Universal Time Set
Question No: 159 – (Topic 2)
One way to identify the presence of hidden partitions on a suspect hard drive is to:One way to identify the presence of hidden partitions on a suspect? hard drive is to:
Add up the total size of all known partitions and compare it to the total size of the hard drive
Examine the FAT and identify hidden partitions by noting an ?in the artition Type?fieldExamine the FAT and identify hidden partitions by noting an ??in the ?artition Type?field
Examine the LILO and note an ?in the artition Type?fieldExamine the LILO and note an
??in the ?artition Type?field
It is not possible to have hidden partitions on a hard drive
Question No: 160 – (Topic 2)
John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?
Firewalk sets all packets with a TTL of one
Firewalk sets all packets with a TTL of zero
Firewalk cannot pass through Cisco firewalls
Firewalk cannot be detected by network sniffers
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|