412-79 Online Practice Questions and Answers

At what layer of the OSI model do routers function on?

A. 3

B. 4

C. 5

D. 1

How many bits is Source Port Number in TCP Header packet?

A. 48

B. 32

C. 64

D. 16

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

A. RestrictAnonymous must be set to "2" for complete security

B. RestrictAnonymous must be set to "3" for complete security

C. There is no way to always prevent an anonymous null session from establishing

D. RestrictAnonymous must be set to "10" for complete security

How many possible sequence number combinations are there in TCP/IP protocol?

A. 320 billion

B. 32 million

C. 4 billion

D. 1 billion

If you come across a sheepdip machine at your client site, what would you infer?

A. Asheepdip coordinates several honeypots

B. Asheepdip computer is another name for a honeypot

C. Asheepdip computer is used only for virus-checking.

D. Asheepdip computer defers a denial of service attack

In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

A. evidence must be handled in the same way regardless of the type of case

B. evidence procedures are not important unless you work for a law enforcement agency

C. evidence in a criminal case must be secured more tightly than in a civil case

D. evidence in a civil case must be secured more tightly than in a criminal case

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

A. a write-blocker

B. a protocol analyzer

C. a firewall

D. a disk editor

Which of the following should a computer forensics lab used for investigations have?

A. isolation

B. restricted access

C. open access

D. an entry log

Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

A. Sector

B. Metadata

C. MFT

D. Slack Space

What should you do when approached by a reporter about a case that you are working on or have worked on?

A. Refer the reporter to the attorney that retained you

B. Say, "no comment"

C. Answer all the reporters questions as completely as possible

D. Answer only the questions that help your case