Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security. The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?

A. Change the default community string names

B. Block all internal MAC address from using SNMP

C. Block access to UDP port 171

D. Block access to TCP port 171

What are the security risks of running a "repair" installation for Windows XP?

A. There are no security risks when running the "repair" installation for Windows XP

B. Pressing Shift+F1 gives the user administrative rights

C. Pressing Ctrl+F10 gives the user administrative rights

D. Pressing Shift+F10 gives the user administrative rights

You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

A. Metamorphic

B. Oligomorhic

C. Polymorphic

D. Transmorphic

What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

A. Service account passwords in plain text

B. Cached password hashes for the past 20 users

C. IAS account names and passwords

D. Local store PKI Kerberos certificates

You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?

A. create a compressed copy of the file with DoubleSpace

B. create a sparse data copy of a folder or file

C. make a bit-stream disk-to-image file

D. make a bit-stream disk-to-disk file

What does the acronym POST mean as it relates to a PC?

A. Primary Operations Short Test

B. Power On Self Test

C. Pre Operational Situation Test

D. Primary Operating System Test

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekenD. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

A. EFS uses a 128- bit key that can t be cracked, so you will not be able to recover the information

B. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information

C. The EFS Revoked Key Agent can be used on the Computer to recover the information

D. When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.

To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software ?

A. Computer Forensics Tools and Validation Committee (CFTVC)

B. Association of Computer Forensics Software Manufactures (ACFSM)

C. National Institute of Standards and Technology (NIST)

D. Society for Valid Forensics Tools and Testing (SVFTT)

If you discover a criminal act while investigating a corporate policy abuse, it becomes a public- sector investigation and should be referred to law enforcement?

A. true

B. false

You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printer out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the ______________ in order to track the emails back to the suspect.

A. Routing Table

B. Firewall log

C. Configuration files

D. Email Header