E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)
A. unique message identifier
B. user account that was used to send the account
C. date and time the message was sent
D. attachments sent with the e-mail message
E. contents of the e-mail message
正解:A,B,C,E
質問 2:
You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?
A. the life of the author plus 70 years
B. 70 years
C. copyrights last forever
D. the life of the author
正解:A
質問 3:
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?
A. Sector
B. Metadata
C. MFT
D. Slack Space
正解:D
質問 4:
In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?
A. one who has NTFS 4 or 5 partitions
B. one who uses hard disk writes on IRQ 13 and 21
C. one who uses dynamic swap file capability
D. one who has lots of allocation units per block or cluster
正解:D
質問 5:
Software firewalls work at which layer of the OSI model?
A. Data Link
B. Application
C. Transport
D. Network
正解:A
質問 6:
Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?
A. Intruding into a honeypot is not illegal
B. Enticement
C. Intruding into a DMZ is not illegal
D. Entrapment
正解:D
質問 7:
While working for a prosecutor, What do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense ?
A. Destroy the evidence
B. Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge
C. Present the evidence to the defense attorney
D. Keep the information of file for later review
正解:B
質問 8:
You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?
A. Application-level proxy firewall
B. Statefull firewall
C. Circuit-level proxy firewall
D. Packet filtering firewall
正解:B
村治** -
一からの学習にも試験直前の学習にも使えるEC0-479問題集だと思う。初学者も再挑戦者も効率的に学習を進められます!