Question 6 of 88

Which of the following attacks would use ".." notation as part of a web request to access restricted files and directories, and possibly execute code on the web server?

Answer

Suggested Answer

The suggested answer is A.

Question 7 of 88

At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ > dir / s / a dhsra d:\ > a:\ IRCD.txt

Answer

Suggested Answer

The suggested answer is C.

This command will create a text file on the collection media (in this case you would probably be using a USB flash drive) named IRCD.txt that should contain a recursive directory listing of all files on the desk.
Question 8 of 88

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?

Answer

Suggested Answer

The suggested answer is A.

Question 9 of 88

Why would the pass action be used in a Snort configuration file?

Answer

Suggested Answer

The suggested answer is A.

The pass action is defined because it is sometimes easier to specify the class of data to ignore rather than the data you want to see. This can cut down the number of false positives and help keep down the size of log data.
False positives occur because rules failed and indicated a threat that is really not one. They should be minimized whenever possible.
The pass action causes the packet to be ignored, not passed on further. It is an active command, not a placeholder.
Question 10 of 88

On which layer of the OSI Reference Model does the FWSnort utility function?

Answer

Suggested Answer

The suggested answer is C.

The FWSnort utility functions as a transport layer inline IPS.
Community Votes2 votes
EMost voted
100%