- (Exam Topic 2)
What does the 63.78.199.4(161) denotes in a Cisco router log?
Mar 14 22:57:53.425 EST: %SEC-6-IPACCESSLOGP: list internet-inbound denied udp 66.56.16.77(1029) -> 63.78.199.4(161), 1 packet

1. A. Destination IP address
2. B. Source IP address
3. C. Login IP address
4. D. None of the above

Correct Answer: A

- (Exam Topic 1)
Which is a standard procedure to perform during all computer forensics investigations?

1. A. with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
2. B. with the hard drive in the suspect PC, check the date and time in the File Allocation Table
3. C. with the hard drive removed from the suspect PC, check the date and time in the system's RAM
4. D. with the hard drive in the suspect PC, check the date and time in the system's CMOS

Correct Answer: A

- (Exam Topic 2)
Where does Encase search to recover NTFS files and folders?

1. A. MBR
2. B. MFT
3. C. Slack space
4. D. HAL

Correct Answer: B

- (Exam Topic 1)
The objective of this act was to protect consumers’ personal financial information held by financial institutions and their service providers.

1. A. Gramm-Leach-Bliley Act
2. B. Sarbanes-Oxley 2002
3. C. California SB 1386
4. D. HIPAA

Correct Answer: A

- (Exam Topic 3)
What does the bytes 0x0B-0x53 represent in the boot sector of NTFS volume on Windows 2000?

1. A. Jump instruction and the OEM ID
2. B. BIOS Parameter Block (BPB) and the OEM ID
3. C. BIOS Parameter Block (BPB) and the extended BPB
4. D. Bootstrap code and the end of the sector marker

Correct Answer: C