Which of the following best describes the initial processing phase used in mobile device forensics?

Which of the following best describes the initial processing phase used in mobile device
forensics?
A. The phone should be powered down and the battery removed to preserve the state of
data on any internal or removable storage utilized by the mobile device
B. The removable data storage cards should be processed first to prevent data alteration
when examining the mobile device
C. The mobile device should be examined first, then removable storage and lastly the
phone without removable storage should be examined again
D. The phone and storage cards should be examined as a complete unit after examining
the removable storage cards separately.
Answer: D

A member of a digital forensics team, Joe arrives at

A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile date first.


Which of the following is the correct order in which Joe should collect the data?
A. CPU cache, paging/swap files, RAM, remote logging data
B. RAM, CPU cache. Remote logging data, paging/swap files
C. Paging/swap files, CPU cache, RAM, remote logging data
D. CPU cache, RAM, paging/swap files, remote logging data
Answer: D

security consultant discovers that an organization

A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk in this situation?
A. An attacker can access and change the printer configuration.
B. SNMP data leaving the printer will not be properly encrypted.
C. An MITM attack can reveal sensitive information.
D. An attacker can easily inject malicious code into the printer firmware.
E. Attackers can use the PCL protocol to bypass the firewall of client computers.
Answer: B

A network administrator at a small office wants to simplify the configuration

A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he
certificate to the employees?
A. WPS
B. 802.1x
C. WPA2-PSK
D. TKIP
Answer: A

Which of the following should the network administrator do to protect

Given the log output:
Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS:
Login Success [user: msmith] [Source: 10.0.12.45]

[localport: 23]

at 00:15:23:431 CET Sun Mar 15 2015
Which of the following should the network administrator do to protect data security?
A. Configure port security for logons
B. Disable telnet and enable SSH
C. Configure an AAA server
D. Disable password and enable RSA authentication
Answer: B

A company is investigating a data compromise where data exfiltration occurred

Question # 3:

A company is investigating a data compromise where data exfiltration occurred. Prior to the
investigation, the supervisor terminates an employee as a result of the suspected data loss.
During the investigation, the supervisor is absent for the interview, and little evidence can
be provided form the role-based authentication system in use by the company.

The situation can be identified for future mitigation as which of the following?

A. Job rotation
B. Log failure
C. Lack of training
D. Insider threat
Answer: B

Given the log output: Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS:

Question # 2:

Given the log output:
Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS:
Login Success [user: msmith] [Source: 10.0.12.45]
[localport: 23] at 00:15:23:431 CET Sun Mar 15 2015
Which of the following should the network administrator do to protect data security?
A. Configure port security for logons
B. Disable telnet and enable SSH
C. Configure an AAA server
D. Disable password and enable RSA authentication
Answer: B

The security administrator has noticed cars parking just outside of the building fence line.

Question No 1:

The security administrator has noticed cars parking just outside of the building fence line.
Which of the following security measures can the administrator use to help protect the
company’s WiFi network against war driving? (Select TWO)
A. Create a honeynet
B. Reduce beacon rate
C. Add false SSIDs
D. Change antenna placement
E. Adjust power level controls
F. Implement a warning banner
Answer: D,E