You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data.

What method would be most efficient for you to acquire digital evidence from this network?

A. create a compressed copy of the file with DoubleSpace

B. create a sparse data copy of a folder or file

C. make a bit-stream disk-to-image file

D. make a bit-stream disk-to-disk file

Which is a standard procedure to perform during all computer forensics investigations?

A. with the hard drive removed from the suspect PC, check the date and time in the system's CMOS

B. with the hard drive in the suspect PC, check the date and time in the File Allocation Table

C. with the hard drive removed from the suspect PC, check the date and time in the system's RAM

D. with the hard drive in the suspect PC, check the date and time in the system's CMOS

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

A. RestrictAnonymous must be set to "10" for complete security

B. RestrictAnonymous must be set to "3" for complete security

C. RestrictAnonymous must be set to "2" for complete security

D. There is no way to always prevent an anonymous null session from establishing

What is the CIDR from the following screenshot?

A. /24A./24A./24

B. /32 B./32 B./32

C. /16 C./16 C./16

D. /8D./8D./8

Which among the following files provides email header information in the Microsoft Exchange server?

A. gwcheck.db

B. PRIV.EDB

C. PUB.EDB

D. PRIV.STM

Lynne receives the following email:

Dear lynne@gmail.com! We are sorry to inform you that your ID has been temporarily frozen due to

incorrect or missing information saved at 2016/11/10 20:40:24 You have 24 hours to fix this problem or risk

to be closed permanently!

To proceed Please Connect >> My Apple ID

Thank You The link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/

What type of attack is this?

A. Mail Bombing

B. Phishing

C. Email Spamming

D. Email Spoofing

Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the organization's DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry keys will Smith check to find the above information?

A. TypedURLs key

B. MountedDevices key

C. UserAssist Key

D. RunMRU key

Gary, a computer technician, is facing allegations of abusing children online by befriending them and sending them illicit adult images from his office computer. What type of investigation does this case require?

A. Administrative Investigation

B. Criminal Investigation

C. Both Criminal and Administrative Investigation

D. Civil Investigation

Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.

A. Statement of personal or family history

B. Prior statement by witness

C. Statement against interest

D. Statement under belief of impending death

What is the capacity of Recycle bin in a system running on Windows Vista?

A. 2.99GB

B. 3.99GB

C. Unlimited

D. 10% of the partition space