- Email support@dumps4free.com
Topic 1: Exam Pool A
You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?
A.
Stringsearch
B.
grep
C.
dir
D.
vim
grep
When you are running a vulnerability scan on a network and the IDS cuts off your
connection, what type of IDS is being used?
A.
Passive IDS
B.
Active IDS
C.
Progressive IDS
D.
NIPS
Active IDS
Study the log given below and answer the following question:
Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169
Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482
Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53
Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 ->
172.16.1.107:21
Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 ->
172.16.1.107:53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 ->
172.16.1.101:53
Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111
Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 ->
172.16.1.107:80
Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53
Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by
(uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by
simple(uid=506)
Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080
Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 ->
213.28.22.189:4558
Precautionary measures to prevent this attack would include writing firewall rules. Of these
firewall rules, which among the following would be appropriate?
A.
Disallow UDP53 in from outside to DNS server
B.
Allow UDP53 in from DNS server to outside
C.
Disallow TCP53 in from secondaries or ISP server to DNS server
D.
Block all UDP traffic
Disallow UDP53 in from outside to DNS server
When reviewing web logs, you see an entry for resource not found in the HTTP status code filed. What is the actual error code that you would see in the log for resource not found?
A.
202
B.
404
C.
505
404
The ____________________ refers to handing over the results of private investigations to
the authorities because of indications of criminal activity.
A.
Locard Exchange Principle
B.
Clark Standard
C.
Kelly Policy
D.
Silver-Platter Doctrine
Silver-Platter Doctrine
| Page 2 out of 120 Pages |
| Previous |