Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

IISFA II0-001 Exam -

Free II0-001 Sample Questions:

1. Firewalls are an excellent source of:
A. Details of system usage
B. Details of protocal usage
C. Forensic Evidence for malicious attacks
D. Port/service mappings
Answer: C

2. What technique of layered security design will allow for both investigation and recovery after an incident?
A. RI Technology
B. Highly available systems
C. Overlap design approach
D. Honeypot placement
Answer: B

3. If a CIFI violates the ISFA code of Ethics, her CIFI certification can be immediately revoked.
A. True
B. False
Answer: B

4. The 1st ammendment allows hackers to exercise free speech by altering content on websites to express opposing viewpoints.
A. True
B. False
Answer: B

5. The term "Browser Artifacts" refer to:
A. Web browser cache, cookies, favorites, history, autocomplete information
B. Older web browser applications that have little or no security and allow for unchecked use
C. Older web browser applications that can be used as a survelliance tool for investigators due to their lack of security
D. Web browser cookies
Answer: A

6. All of the following are methods of auditing except:
A. Internal audit
B. External audit
C. Thorough audit
D. 3rd party audit
Answer: C

7. In selecting Forensic tools for collecting evidence in the investigation of a crime the standard for authenticating computer records is:
A. The same for authenticating other records. The degree of authentication does not vary simply because a record happens to be (or has been at one point) in electronic form.
B. Much more complex, and requires an expert to be present at each step of the process.
C. To convert the technical terms & definitions into a basic understandable language to be presented as evidence.
D. To ensure the tools are equipped with logging to document the steps of evidence collection.
Answer: C

8. "Interesting data" is:
A. Data relevant to your investigation
B. Pornography
C. Documents, spreadsheets, and databases
D. Schematics or other economic based information
Answer: A

9. Social engineer is legal in the United States, Great Britian, Canada, and Australia as long as the social engineer does not:
A. Attempt to extract corporate secrets
B. Lie
C. Apply the Frye Scenario
D. Live outside those countries
Answer: A

10. Drive geometry refers to
A. The algorythms used to computer a specific location of a particular segment.
B. The functional dimensions of a drive in terms of the number of heads, cylinders, and sectors per track.
C. Physical dimensions of the drive platters.
D. The depth of the pits on optical media or magnetic field charge on magnetic media
Answer: B

11. Which of the following are characteristics of electronic Evidence?
A. Cannot be easily altered
B. Is not time sensitive
C. Should follow proper chain of custody
D. Must be decrypted
Answer: C

12. Embedding a serial number or watermark into a data file is known as:
A. Hashing
B. Steganography
C. Message Digest
D. Imprinting
Answer: B

13. What is the difference between a zombie host and a reflector host?
A. Unlike a zombie, a reflector is a laundering host that fundamentally transforms and/or delays the attacker’s communications before they continue down the attack path. (Zombie technique)
B. Unlike a zombie, a Traceback through the stepping stone host requires determining if two communications streams, viewed at different points in the network, have the same origin and are essentially the same stream. (stepping stone Traceback technique)
C. Unlike a zombie host, the reflector is an uncompromised host that cooperates with the attack in an innocent manner consistent with its normal function.
D. A zombie is a version of a reflector host.
Answer: C

14. The major disadvantage to techniques that attempt to mark IP packets as they move through the internet is:
A. A decrease in network efficiency
B. An increase in the packet load
C. An increase in bandwidth consumption
D. All of the above
Answer: C

15. In normal operation, a host receiving packets can determine their source by direct examination of the source address field in the:
A. The IP packet header
B. Source code
C. Audit logs
D. Intrusion Detection System
Answer: A

16. One caution an investigator should take when examining the source of a network attack is:
A. an occurrence of Social Engineering
B. relaxed physical security
C. the source IP address may have been spoofed
D. a sniffer could be on the network
Answer: C

17. Stream comparison used as a Traceback technique focuses on what two factors?
A. the IP address and victim port
B. the packet contents and audit logs
C. inter-packet timing and the victim port
D. the packet contents and inter-packet timing
Answer: D

18. To perform a successful traceback, the two most prominent problems that need to be solved are locating the source of IP packets and:
A. the timestamp of the event
B. determining the first node of a connection chain
C. the reflector host
D. the victim port
Answer: B

19. The most important network information that should be observed from the logs during a Traceback is the intruder IP address, the victim IP address, the victim port, protocol information and the:
A. source port
B. operating system
C. MAC address
D. timestamp
Answer: D

20. A new protocol that is designed to aid in intrusion protection and IP tracebacks is known as:
A. Intruder Detection and Isolation Protocol (IDIP)
B. Intrusion Detection and Traceback Protocol (IDTP)
C. Facilitating Traceback Protocol (FTP)
D. Intruder Detection and Internet Protocol (IDIP)
Answer: A

21. Tracebacks are difficult to perform in a Distributed Denial of Service attack because:
A. by definition of the attack, the locality of the attacking slaves is dispersed
B. in order to determine accountability, not only the slaves, but the masters, and finally the originating machine must be discovered
C. the attack involves a multitude of attackers that do not necessarily share any attributes in common
D. all of the above
Answer: D

22. A Distributed Denial of Service attack has just occurred using reflectors. What are the implications in terms of tracing the attack back?
A. a successful Traceback to the slave is not possible as by definition, a reflector DDoS attack spoofs the connection between the slave and reflector
B. a successful Traceback is possible as some form of reflector attacks require legitimate (non-spoofed) connections from the slave to the reflector, which would expose the slave to potentially immediate Traceback
C. a successful Traceback to the reflector is possible and an examination of the reflector machine’s logs will point to the attack master
D. reflector machines replace slaves in the attack, further complicating any Traceback effort
Answer: B

23. What IP Traceback technique’s basic idea is to have routers label a subset of transit packets with information about the router labeling router, thus enabling the receiver to reconstruct the path back to the source?
D. Ingress Filtering
Answer: C

24. Which is true regarding tracing Secure Socket Layer (SSL) and Transport Layer Security (TLS) connections?
A. TLS is more difficult to trace due to the encryption of the message source routing
B. The connection source and destination can be traced in both cases because the message header is unencrypted.
C. The connection recipient can be traced in both cases, but the source cannot.
D. An SSL connection can be traced, even with encrypted content, where the TLS connection can not be traced due to header encryption.
Answer: B

25. Web anonymizers:
A. Are intended to allow for a Web surfer to connect to a Web server without revealing their identity (IP address).
B. Can be traced from the Web surfer's proxy or ISP if the anonymizer appends the URL of the distant server to its own URL.
C. Allow a Web surfer to bypass Web blocking software being used by their own Web proxy or ISP.
D. All of the above.
Answer: D

26. Why is it important to have at least a level 2 NTP server running in your environment?
A. In order to provide News Transfer Protocol services
B. So that all logging devices maintain a consistant time
C. You require a level 1 NTP server, not level 2
D. You require a level 2 NNTP server, not NTP server
Answer: B

27. An external audit of your systems provides:
A. Uninterested 3rd party review
B. Separation of duties
C. Due diligence
D. All of the above
Answer: D

28. A Syslog server provides:
A. The ability to create forensic log files from any system using IPSEC standards.
B. The ability to capture logs from multiple systems to a single system.
C. Services to html clients for logging purposes.
D. None of the above.
Answer: B

29. Why is securing the crime scene critical in the earliest portions of the investigation in order to:
A. Assess damage in the triage phase
B. To preserve evidence
C. All of the above
D. None of the above
Answer: B

30. An open relay is a mail server configured to allow:
A. Open system architecture
B. Sending e-mail from untrusted networks
C. Un-authenticated e-mail
D. SMTP daisy chain allowing load sharing across multiple relays
Answer: B

© 2014, All Rights Reserved