TCP/IP 1.

services use acknowledgment responses to establish a connection between sending and

receiving computers. *a. True b. False 2. Every network Ethernet card has an address, typically assigned
at the factory, called an IP address. a. True *b. False 3. A device that operates in the hardware layer
deals with the physical aspects of a network. *a. True b. False 4. 209.215.182.7 is a valid IP address. *a.
True b. False 5. ARP is a protocol that is used to identify MAC addresses. *a. True b. False 6. Netstat
provides a summary of IP addresses connected to a server. *a. True b. False 7. IP header is part of the
transportation layer. a. True *b. False 8. HTTP protocols use Port 85. a. True *b. False 9. If FTP services
are not working, it may mean that Port 25 is disabled or shut off. a. True *b. False 10. Checksums are
calculated from the data in a datagram. *a. True b. False 11. Social security numbers can be purchased
on the Internet. *a. True b. False 12. The audit practice rules for forensic audits are currently being
developed by the AICPA. a. True *b. False 13. A nonmalicious but unauthorized entry into a computer
network is most likely to be carried out by a: a. Cracker. *b. Hacker. c. Forensic accountant. d. Law
enforcement. e. None of the above. 14. For forensic accountants, it is important to understand the
Internet's protocols so that they: a. Can write code to collect courtroom evidence. b. Can hire a
professional to handle the problem. c. Understand electronic courtroom procedures. *d. Understand
the nature of a cyber attack. e. All of the above. 15. If your client's website is breached, the best policy is
to: a. Make sure no one finds out about the attack. *b. Document the evidence about the attack. c. Call
in law enforcement authorities as soon as possible. d. Call in a tiger team. e. None of the above. 16.
Datagrams are: a. Unchanged as they move across the Internet. b. Another term used to describe e-mail
messages. *c. Packets of message verification data. d. Packets of data. e. None of the above. 17. Which
is the highest layer in the OSI Model used in TCP/IP? a. Data link layer. b. Transportation layer. c.
Network layer. *d. Application layer. e. None of the above. 18. Message integrity in the OSI Model used
in TCP/IP is performed by the: a. Data link layer. *b. Transportation layer. c. Network layer. d.
Application layer. e. None of the above. 19. What protocol uses "send and forget" messages over the
Internet? a. FTC. b. TCP/IP. *c. UDP. d. SMTP. e. None of the above. 20. SMTP uses which of the
following ports? a. 23. *b. 25. c. 80. d. 1024. e. None of the above. 21. The number of ports on a web
server are: a. Indefinite number. b. 1,024. c. 32,768. *d. 65,536. e. None of the above. 22. If the data
received by a web server is not the data that was expected which of the following flags is sent (keyed)?
a. HLEN. b. FIN. *c. RST. d. ACK. e. None of the above. 23. The IP address is composed of a(n): a. 8-bit
address. b. 1-bit address. *c. 32-bit address. d. 64-bit address. e. None of the above. 24. Time to Live
(TTL) in the IP header: a. Determines how long a source and destination server should continue to try to
establish a connection. b. Determines whether the last packet in a message has arrived. c. There is no
TTL field in a TCP/IP header. *d. Determines how long a packet will continue to travel over the Internet.
e. None of the above. 25. A network computer's MAC address is found in the: *a. ARP table. b. URL
address. c. Domain name system. d. Traceroute. e. None of the above. 26. A HTTP response code of
"200" means the: a. Web page was incompletely transferred. *b. Web page was successfully received. c.
The wrong web page was received. d. The web page was successfully sent. e. None of the above. 27.
TCPDUMP is a: a. Traceroute program. b. Virus program. *c. Sniffer. d. Trojan horse. e. None of the
above. 28. E-mail logs are best found in: a. FTP servers. b. HTTP servers. *c. SMTP servers. d. TCP
servers. e. None of the above. 29. The time information found in an e-mail header is based on: a. Eastern
Standard Time. *b. Greenwich Mean Time. c. International Time Standard. d. Internet Mean Time. e.
None of the above. 30. To trace an IP address back to its source address, which of the following tools
would be best to use? a. Remail. *b. Traceroute. c. Ping. d. ARIN. e. None of the above. 31. To determine
if a port on a web server is alive and connected to the Internet, which of the following tools would be
best to use? a. Whois. b. Traceroute. *c. Ping. d. ARIN. e. None of the above. 32. Which of the following
search engines is a metacrawler? *a. Dogpile. b. Google. c. Lycos. d. Yahoo. e. All of the above. 33. The
purpose of remailers is to: a. Send back e-mail to a sender so that the sender knows it did not go to the
recipient. b. Let the sender know e-mail was received by the receipent. c. Send spam. *d. Send
anonymous None e-mail. e. of the above. 34. The best method to search for a downloadable FTP file
located on an Argentinean-based hacker group is to use: a. Google. *b. Tile-net. c. XGoogle. d. L-soft. e.
None of the above. 35. Currently, which of the following would be the most difficult to identify through
an Internet search? a. An individual social security number. b. The path of a packet over the Internet. c.
The birth date for a person. *d. The individual who sent an e-mail message through two remailers. 36.
The most pertinent federal law for prosecuting computer fraud is: a. Electronic Protection Privacy Act. b.
Computer Fraud and Abuse Act. *c. Title 18 USC 1030. d. Patriot Act. 37. One way to hide my e-mail
address is to: a. Use a message. b. Use a c. Use a *d. Both different PC than normally used to send my e-
mail proxy server for sending e-mail. remailer. b and c. 38. Which of the following sites can be searched
by a search engine? a. FTP sites. b. Listserv sites. c. IRC sites. *d. All of the above. ' 39. What is the port
number for SMTP protocol? *a. 25 b. 23 c. 70 d. 80 40. Route control occurs in which OSI layer? a.
Application Layer. b. Session Layer. *c. Network Layer. d. Transportation Layer. 41. The protocol in which
of the following systems is mainly used for downloading files? a. IP *b. FTP c. Telnet d. Netstat 42. ICMP
is best described as service: a. For datagrams. b. To identify and translate MAC addresses. *c. Used for
error control messages between machines. d. To control routing between hosts. 43. Ninety-fivea
decimal valueconverted to a hexadecimal value equals: a. 95 *b. 5F c. 137F d. 59 44. What is the
purpose of the domain name system? a. To assign IP addresses. *b. To ensure each host has a unique
name. c. To be certain that browsers work correctly with IP addresses. d. To ensure that traceroute
works. 45. Which utility would be used for obtaining all IP address connections to a server during a chat
session? a. ARP b. FTP *c. Netstat d. Traceroute 46. To display MAC addresses in an XP OS, type the
following command. a. Netstat b. ARP *c. Ipconfig d. Ping MAC 47. To display the path a packet takes as
it goes over the Internet, type the following command. a. Netstat b. Ping c. Finger *d. Tracert 48. Which
of the following is most likely a MAC address? a. 155.67.819.432 *b. 00F34768E411 c. F56I89754E006G
d. ffffffffff 49. Which of the following is an advantage of the traditional OSI model? *a. It enables
interoperability among diverse systems. b. It allows connections to operate faster. c. It prevents
attackers from getting into the system. d. It is a simple system. 50. In the OSI model, the data link layer
controls: *a. Transfers of datagrams between nodes. b. Routing, switching, and flow over a network. c.
Network addressing. d. Time-to-live on a datagram. 51. What address is used by machines transferring
data across the Internet? a. Node address. *b. IP address. c. MAC address. d. Domain name. 52. How are
datagrams deleted from the Internet? a. When their electrical charge is gone, they are deleted. *b.
When their time-to-live field is at zero. c. When their originating IP address calls them back. d. When
they reach the end of the Internet. 53. Sequence and acknowledgment numbers can range up to: a. An
unlimited number. *b. 4,294,967,295. c. Numbers combined with letters to make any combination
possible. d. The highest prime number possible. 54. Which of the following is not part of the TCP
header? a. Source port. b. Destination port. *c. Time-to-live field. d. Checksum. 55. Which of the
following is not part of the IP header? a. Source IP address. b. Time-to-live field. *c. SYN flag. d. TOS. 56.
How many packets are exchanged in the initial handshaking exchange in setting up a connection? a. 1 b.
2 *c. 3 d. 4 57. In order to determine whether there is a good connection with an IP address at another
location, which is the best utility to use? a. Finger *b. Ping c. Traceroute d. Google 58. Which port does
HTTP use? *a. 80 b. 25 c. 21 d. 1024 59. Which of the following techniques are being used by the
financial auditors in their annual audit? *a. Confirmation of receivables. b. Analyzing executives email
messages for indications of fraud. c. Organization cultural assessments to measure fraud risk. d. All of
the above. 60. Which of the following practices or procedures are more likely to apply a continuous
review of the clients activities? a. Financial audit. *b. Forensic audit. c. Fraud investigation. d. None of
the above. 61. Which of the following practices or procedures are more likely to use real-time data for
decision making? a. Financial audit. *b. Forensic audit. c. Fraud investigation. d. None of the above. 62.
Which of the following practices or procedures are more likely to use historical data in their analysis of
business events? a. Financial audit. b. Forensic audit. c. Fraud investigation. *d. Both a and c.