Why should you never power on a computer that you need to acquire digital evidence from?

• A.When the computer boots up, the system cache is cleared which could destroy evidence
• B.When the computer boots up, data in the memory buffer is cleared which could destroy evidence
• C.When the computer boots up, files are written to the computer rendering the data nclean
• D.Powering on a computer has no affect when needing to acquire digital evidence from it

Comment: *

Name: *

Email: *

Verification: *

Why would you need to find out the gateway of a device when investigating a wireless attack?

• A.The gateway will be the IP of the proxy server used by the attacker to launch the attack
• B.The gateway will be the IP used to manage the access point
• C.The gateway will be the IP of the attacker computer
• D.The gateway will be the IP used to manage the RADIUS server

Comment: *

Name: *

Email: *

Verification: *

The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful.
(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)
Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169
Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482
Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53
Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 ->
172.16.1.107:21
Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 ->
172.16.1.107:53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 ->
1 72.16.1.101:53
Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111
Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 ->
172.16.1.107:80
Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53
Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by
(uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)
Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080
Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 ->
213.28.22.189:4558
From the options given below choose the one which best interprets the following entry:
Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

• A.An IDS evasion technique
• B.A DNS zone transfer
• C.A buffer overflow attempt
• D.Data being retrieved from 63.226.81.13

Comment: *

Name: *

Email: *

Verification: *

Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?

• A.IDS
• B.Domain Controller
• C.SIEM
• D.Firewall

Comment: *

Name: *

Email: *

Verification: *

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

• A.Denial of service
• B.Physical attack
• C.Digital attack
• D.ARP redirect

Comment: *

Name: *

Email: *

Verification: *