|
i need dumps, please send me.
|
Question 1. When an investigator contacts by telephone the domain administrator or controller listed by a whois lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records? A. Title 18, Section 1030 B. Title 18, Section 2703(d) C. Title 18, Section Chapter 90 D. Title 18, Section 2703(f) Answer: D Question 2. Item 2If you come across a sheepdip machine at your client site, what would you infer? A. Asheepdip coordinates several honeypots B. Asheepdip computer is another name for a honeypot C. Asheepdip computer is used only for virus-checking. D. Asheepdip computer defers a denial of service attack Answer: C Question 3. In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court? A. rules of evidence B. law of probability C. chain of custody D. policy of separation Answer: C Question 4. How many characters long is the fixed-length MD5 algorithm checksum of a critical system file? A. 128 B. 64 C. 32 D. 16 Answer: C Question 5. CORRECT TEXT To calculate the number of bytes on a disk, the formula is: CHS** Answer: number of circles x number of halves x number of sides x 512 bytes per sector Answer: number of cylinders x number of halves x number of shims x 512 bytes per sector Answer: number of cells x number of heads x number of sides x 512 bytes per sector Answer: number of cylinders x number of halves x number of shims x 512 bytes per sector Answer: Pending Question 6. You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors? A. 0:1000, 150 B. 0:1709, 150 C. 1:1709, 150 D. 0:1709-1858 Answer: B Question 7. A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84 Len: 64 01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................ 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................ 00 00 00 11 00 00 00 00 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773 UDP TTL: 43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104 Len: 1084 47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 A. The attacker has conducted a network sweep on port 111 B. The attacker has scanned and exploited the system using Buffer Overflow C. The attacker has used a Trojan on port 32773 D. The attacker has installed a backdoor Answer: A Question 8. The newer Macintosh Operating System is based on: A. OS/2 B. BSD Unix C. Linux D. Microsoft Windows Answer: B Question 9. Before you are called to testify as an expert, what must an attorney do first? A. engage in damage control B. prove that the tools you used to conduct your examination are perfect C. read your curriculum vitae to the jury D. qualify you as an expert witness Answer: D Question 10. You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network? A. create a compressed copy of the file with DoubleSpace B. create a sparse data copy of a folder or file C. make a bit-stream disk-to-image file D. make a bit-stream disk-to-disk file Answer: C
|
Question 1.
A ScreenOS firewall has the correct interfaces addressed and active. A policy is written allowing interzone FTP traffic from a directly connected client. But the traffic does not cross the firewall from the client to the server.
What is the most likely problem with the firewall?
A. The ScreenOS firewall has no physical connection to the FTP server.
B. The ALG option on the ScreenOS firewall has not been enabled for FTP traffic.
C. The ScreenOS firewall does not have a route defined to the FTP servers' subnet.
D. The ScreenOS firewall does not have a route defined to the FTP clients subnet.
Answer: C
Question 2.
In the exhibit:
Why is the packet dropped?
A. interface down
B. route not configured
C. policy not configured
D. denied by policy 1005
Answer: C
Question 3.
Which three options allow proper configuration of NAT-dst? (Choose three.)
A. the default address book entry of "any" in the internal zone
B. the default address book entry of "any" in the external zone
C. a secondary address on one of the interfaces in the internal zone
D. an address book entry for the address to be translated in the internal zone
E. a static route to the appropriate subnet using a private interface as the outbound interface
Answer: C, D, E
Question 4.
Which two statements are true in regards to a ScreenOS firewall in transparent mode? (Choose two.)
A. VPNs can terminate to the VLAN1 interface IP address.
B. Static routes must be configured if multiple virtual routers are going to be used.
C. It can be installed in a network without the requirement to reconfigure IP addressing schemes.
D. You must use the console port to manage the device as you cannot manage the device using
an Ethernet port.
Answer: A, C
Question 5.
What are three major concerns when sending private data over a public medium? (Choose three.)
A. integrity
B. authority
C. capacity
D. confidentiality
E. authentication
Answer: A, D, E
Question 6.
By default, from which hardware component is the startup copy of the ScreenOS loaded?
A. NVRAM
B. TFTP server
C. internal flash
D. PCMCIA card
Answer: C
Question 7.
Which three must a policy contain? (Choose three.)
A. action
B. service
C. address
D. application
E. policy name
Answer: A, B, C
Question 8.
What is the default mode for an interface in the trust zone?
A. NAT
B. route
C. Layer 2
D. Layer 3
E. transparent
Answer: A
Question 9.
Which command is used to verify IKE Phase 1 is complete?
A. get sa active
B. get ike active
C. get ike cookie
D. get flow active
Answer: C
Question 10.
When managing a ScreenOS device using the WebUI and performing an image upgrade, from which hardware component will the ScreenOS image be loaded?
A. TFTP server
B. PC local disk
C. internal flash
D. Compact Flash Card
Answer: B
|
Question 1.
You want to configure Network Connect to allow users to connect through a tunnel, connect to hosts on the same subnet as their local adapter, and shut down any attempt to extend the network boundaries.
How do you proceed?
A. Enable split tunneling.
B. Disable split tunneling.
C. Enable split tunneling with route change monitor.
D. Allow access to local subnet with route change monitor.
Answer: D
Question 2.
Which three authentication servers are included with a baseline license? (Choose three.)
A. NIS
B. ACE
C. SAML
D. LDAP
E. SiteMinder
Answer: A, B, D
Question 3.
You create a set of role mapping rules. You select "Merge settings for all assigned roles." The second role mapping rule has the "Stop processing rules when this rule matches" option selected.
A user logs in that matches the first three rules. What happens?
A. This is not a valid combination. The system displays an error message and does not update
the configuration.
B. The merge settings override the stop processing option. The user matches all three roles and
merging follows the standard merging criteria.
C. The Stop rule prevents any more rule matching after checking the second rule. The merge
option only merges the roles of the first two rules following the IVE's built-in permissive
merging rules.
D. The Stop rule prevents any more rule matching after checking the second rule. The user now
just matches the second rule. The merge option is overridden and the user is given only the
privileges defined by the second role.
Answer: C
Question 4.
When using the J-SAM, where on a client machine would you look to verify that the loopback addresses are assigned correctly?
A. HOSTS file
B. ARP cache
C. LMHOSTS file
D. local route table
Answer: A
Question 5.
What is Cache Cleaner used for?
A. to prevent users from signing in from insecure machines
B. to remove content downloaded during the IVE session
C. to remove Web content cached by the IVE on behalf of the user
D. to determine which files should be cached between remote access sessions
Answer: B
Question 6.
Which role-based session option would an administrator configure to allow a user to connect from different source IP addresses within the same user session?
A. roaming session
B. persistent session
C. persistent password caching
D. browser request follow-through
Answer: A
Question 7.
Which two Web Resource Policy features provide you with the capability to configure the IVE to work with corporate Proxy Servers? (Choose two.)
A. Web Proxy Policies
B. Web Proxy Servers
C. Web Cache Policies
D. Web Passthrough Proxy
Answer: A, B
Question 8.
Which two statements about SSL VPNs are true? (Choose two.)
A. SSL VPNs provide better security than IPSEC.
B. SSL VPNs provide a dedicated, point to point connection.
C. SSL VPNs provide high performance for individual connections.
D. SSL VPNs use well-known technologies for secure individual connections.
Answer: C, D
Question 9.
You are using RADIUS as your authorization server. Other than username, which two attributes are available for creating role mapping rules? (Choose two.)
A. Certificate
B. User Attribute
C. RSA Attributes
D. Group Membership
Answer: A, B
Question 10.
Where is the IVE typically deployed in the network?
A. behind the Internet firewall
B. internally with all clients directly cabled to the IVE
C. both interfaces on the outside of the Internet firewall
D. parallel to the Internet firewall with one interface on the outside and one on the inside
Answer: A
|
New Collection: thanks to itcertkeys
|
Please post the latest dumps thanks buddy
|
Latest dump needed plz help thanks
|
I am new here please Help thanks buddy
|
Help me with Dumps Plzzz thanks buddy
|
Nice collection with answers visit itcertkeys.com great collection site for all thanks buddy
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.