You work as a penetration tester for Hammond Security Consultants. You are currently
working on a contract for the state government of California. Your next step is to initiate a
DoS attack on their network. Why would you want to initiate a DoS attack on a system you
are testing?

A.

Show outdated equipment so it can be replaced

B.

List weak points on their network

C.

Use attack as a launching point to penetrate deeper into the network

D.

Demonstrate that no system can be protected against DoS attacks

You are running through a series of tests on your network to check for any security
vulnerabilities.
After normal working hours, you initiate a DoS attack against your external firewall. The
firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection
from an external IP into your internal network. The connection is successful even though
you have FTP blocked at the external firewall. What has happened?

A.

The firewall failed-bypass

B.

The firewall failed-closed

C.

The firewall ACL has been purged

D.

The firewall failed-open

When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

A.

Recycle Bin

B.

MSDOS.sys

C.

BIOS

D.

Case files

What will the following command produce on a website login page? SELECT email,
passwd, login_id, full_name FROM members WHERE email =
'someone@somehwere.com'; DROP TABLE members; -'

A.

Deletes the entire members table

B.

Inserts the Error! Reference source not found.email address into the members table

C.

Retrieves the password for the first user in the members table

D.

This command will not produce anything since the syntax is incorrect

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

A.

Use a system that has a dynamic addressing on the network

B.

Use a system that is not directly interacting with the router

C.

Use it on a system in an external DMZ in front of the firewall

D.

It doesn't matter as all replies are faked

In what way do the procedures for dealing with evidence in a criminal case differ from the
procedures for dealing with evidence in a civil case?

A.

evidence must be handled in the same way regardless of the type of case

B.

evidence procedures are not important unless you work for a law enforcement agency

C.

evidence in a criminal case must be secured more tightly than in a civil case

D.

evidence in a civil case must be secured more tightly than in a criminal case

When conducting computer forensic analysis, you must guard against ______________ So
that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.

A.

Hard Drive Failure

B.

Scope Creep

C.

Unauthorized expenses

D.

Overzealous marke

____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

A.

Network Forensics

B.

Computer Forensics

C.

Incident Response

D.

Event Reaction

What is the following command trying to accomplish?

A.

Verify that UDP port 445 is open for the 192.168.0.0 network

B.

Verify that TCP port 445 is open for the 192.168.0.0 network

C.

Verify that NETBIOS is running for the 192.168.0.0 network

D.

Verify that UDP port 445 is closed for the 192.168.0.0 network

During the course of an investigation, you locate evidence that may prove the innocence of
the suspect of the investigation. You must maintain an unbiased opinion and be objective in
your entire fact finding process. Therefore, you report this evidence. This type of evidence
is known as:

A.

Inculpatory evidence

B.

Mandatory evidence

C.

Exculpatory evidence

D.

Terrible evidence

You are a security analyst performing a penetration tests for a company in the Midwest.  After some initial reconnaissance, you discover the IP addresses of some Cisco routers
used by the company. You type in the following URL that includes the IP address of one of
the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router.
What have you discovered?

A.

HTTP Configuration Arbitrary Administrative Access Vulnerability

B.

HTML Configuration Arbitrary Administrative Access Vulnerability

C.

Cisco IOS Arbitrary Administrative Access Online Vulnerability

D.

URL Obfuscation Arbitrary Administrative Access Vulnerability

Michael works for Kimball Construction Company as senior security analyst. As part of
yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael
conducts XMAS scan and most of the ports scanned do not give a response. In what state
are these ports?

A.

Closed

B.

Open

C.

Stealth

D.

Filtered