The chief operations officer (COO) has questioned the need for end-user training. Which of the
following is the most effective response?
You want to learn more about a security breach that was recently discovered in a Windows server.
Which organization should you consult?
In a Linux system, which command can be used to view the activities of a user who has logged in
to an account?
Which resource contains settings that you can modify to activate and deactivate network services
in a Windows XP system?
An unauthorized user has overwritten a router’s configuration. After being caught, the user
indicated that he was able to obtain the password by sniffing the router’s network communications.
Which service was exploited?
A compromised system was given to your IT administrator for storage until police can investigate
the system further. Which of the following will police and other legal personnel expect from the IT
administrator in order for this system to be considered valid evidence?
After a system has been compromised, which activity is expected if you plan to analyze the
system for a legal investigation?
A malicious user has deleted essential files from a Web server during a system compromise. The
affected Linux system does not have an undelete utility. A systems expert has been able to
recover this file. What was the systems expert able to find in order to initiate the recovery process?
Which of the following best describes the executive summary in a forensic report?
Which of the following is a common element of a penetration test?