Which of the following statements are true about snort? Each correct answer represents a complete solution. Choose all that apply.

A. It develops a new signature to find vulnerabilities.

B. It detects and alerts a computer user when it finds threats such as buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, well-known backdoors and system vulnerabilities, and DDoS clients.

C. It encrypts the log file using the 256 bit AES encryption scheme algorithm.

D. It is used as a passive trap to record the presence of traffic that should not be found on a network, such as NFS or Napster connections.

Which of the following methods is used by forensic investigators to acquire an image over the network in a secure manner?

A. Linux Live CD

B. DOS boot disk

C. Secure Authentication for EnCase (SAFE)

D. EnCase with a hardware write blocker

Adam works as a professional Computer Hacking Forensic Investigator, a project has been assigned to him to investigate and examine files present on suspect's computer. Adam uses a tool with the help of which he can examine recovered deleted files, fragmented files, and other corrupted data. He can also examine the data, which was captured from the network, and access the physical RAM, and any processes running in virtual memory with the help of this tool. Which of the following tools is Adam using?

A. Vedit

B. WinHex

C. HxD

D. Evidor

What are the benefits of creating a new view using role-based CLI?

A. Scalability

B. Operational efficiency

C. Security

D. Availability

Adam works as a professional Computer Hacking Forensic Investigator. He has been called by the FBI to examine data of the hard disk, which is seized from the house of a suspected terrorist. Adam decided to acquire an image of the suspected hard drive. He uses a forensic hardware tool, which is capable of capturing data from IDE, Serial ATA, SCSI devices, and flash cards. This tool can also produce MD5 and CRC32 hash while capturing the data. Which of the following tools is Adam using?

A. ImageMASSter Solo-3

B. ImageMASSter 4002i

C. FireWire DriveDock

D. Wipe MASSter

Which of the following would allow you to automatically close connections or restart a server or service when a DoS attack is detected?

A. Active IDS

B. Signature-based IDS

C. Passive IDS

D. Network-based IDS

Which of the following firewalls operates at three layers- Layer3, Layer4, and Layer5?

A. Circuit-level firewall

B. Application layer firewall

C. Dynamic packet-filtering firewall

D. Proxy firewall

John works as a Security Administrator for NetPerfect Inc. The company uses Windows-based systems. A project has been assigned to John to track malicious hackers and to strengthen the company's security system. John configures a computer system to trick malicious hackers into thinking that it is the company's main server, which in fact is a decoy system to track hackers. Which system is John using to track the malicious hackers?

A. Honeypot

B. Honeytokens

C. Intrusion Detection System (IDS)

D. Bastion host

What is the maximum size of an IP datagram for Ethernet?

A. 4500 bytes

B. 1024 bytes

C. 1200 bytes

D. 1500 bytes

Which of the following files records all driver installations after the system has booted?

A. setupapi.com

B. recdriver.log

C. drivinst.log

D. setupapi.log