II0-001 Exam Questions

During a message processing, headers will be added to the message at all times except?

All are common email headers except?

In context to email headers, reverse DNS is used to verify

The single most valuable forgery protection in the Received: headers is the information logged by the:

A trick used by forgers is to:

Which of the following is not an internet email protocol?

Which email protocol provides remote filing capabilities?

Which header is not used to determine the source of an email?

Widely known tricks used to forge common headers consist of the following except:

Clues that a "Received:" header has been forged include all but one of the following:

Added "Received:" headers often include bogus information. All of the following items except one, is usually incomplete:

Generally, which header is used to reveal reliable information from forged emails:

Which tool is used to confirm the name or IP address of an Internet host:

In the OSI stack, which layer is associated with TCP transmissions?

The result of an attack Traceback can be characterized by these three parameters, the degree of which determines success:

A SYN attack exploits what aspect of TCP communications?

Which method is NOT regarded as a prevention technique for IP spoofing:

Firewalls are an excellent source of:

What technique of layered security design will allow for both investigation and recovery after an incident?

If a CIFI violates the ISFA code of Ethics, her CIFI certification can be immediately revoked.

The 1st amendment allows hackers to exercise free speech by altering content on websites to express opposing viewpoints.

The term "Browser Artifacts" refer to:

All of the following are methods of auditing except:

In selecting Forensic tools for collecting evidence in the investigation of a crime the standard for authenticating computer records is:

"Interesting data" is:

Social engineer is legal in the United States, Great Britain, Canada, and Australia as long as the social engineer does not:

Free space is unallocated file space within a partition.

Slack space is the space in a file cluster that is not actively used by the file.

It is possible to place IDS in a switched environment effectively with the use of a Spanning Port

Which one of the following is NOT true?

The IISFA will revoke the certification of a CIFI if an ethic violation of a CIFI is reported and confirmed.

The MFT contains records with the following information

The MFT File is a physical file on the disk that:

The MBR is easily identified on a Windows XP system by:

Embedding a serial number or watermark into a data file is known as:

What is the difference between a zombie host and a reflector host?

The major disadvantage to techniques that attempt to mark IP packets as they move

In normal operation, a host receiving packets can determine their source by direct examination of the source address field in the:

One caution an investigator should take when examining the source of a network attack is:

Stream comparison used as a Traceback technique focuses on what two factors?

To perform a successful traceback, the two most prominent problems that need to be solved are locating the source of IP packets and:

The most important network information that should be observed from the logs during a Traceback is the intruder IP address, the victim IP address, the victim port, protocol informa...

A new protocol that is designed to aid in intrusion protection and IP tracebacks is known as:

Tracebacks are difficult to perform in a Distributed Denial of Service attack because:

A Distributed Denial of Service attack has just occurred using reflectors. What are the implications in terms of tracing the attack back?

Auditing that discovers evidence of a crime can't be used as evidence because:

The following are all keyloggers except:

The following are all keyloggers except:

Which of the following is an effective method for completing a disk image quickly?

Keyloggers are impossible to detect.