NO.427 After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

NO.428 BMP (Bitmap) is a standard file format for computers running the Windows operating system.
BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains a header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?

NO.429 When you carve an image, recovering the image depends on which of the following skills?

NO.430 A file requires 10 KB space to be saved on a hard disk partition. An entire cluster of 32 KB has been allocated for this file. The remaining, unused space of 22 KB on this cluster will be Identified as______.

NO.431 A packet is sent to a router that does not have the packet destination address in its route table, how will the packet get to its proper destination?

NO.432 It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

NO.433 Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as
1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?

NO.434 You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

NO.435 To check for POP3 traffic using Ethereal, what port should an investigator search by?

NO.436 Lynne receives the following email:
Dear [email protected]! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11/10 20:40:24 You have 24 hours to fix this problem or risk to be closed permanently! To proceed Please Connect >> My Apple ID Thank You The link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/ What type of attack is this?

NO.437 What type of file is represented by a colon (:) with a name following it in the Master File Table (MFT) of an NTFS disk?

NO.438 Computer security logs contain information about the events occurring within an organization’s systems and networks. Which of the following security logs contains Logs of network and host- based security software?

NO.439 You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use?

NO.440 A(n) _____________________ is one that’s performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

NO.441 Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system.
Network forensics can reveal: (Select three answers)

NO.442 A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?

NO.443 Which of the following file in Novel GroupWise stores information about user accounts?

NO.444 Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

NO.445 Where are files temporarily written in Unix when printing?

NO.446 You are assisting in the investigation of a possible Web Server hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a pornographic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?