Page 833 - StudyBook.pdf
P. 833
Self Test Appendix • Appendix 817
A. ESD
B. Biometrics
C. Chip creep
D. Poor air quality
Answer C. Chip creep. Heat will make objects expand, while cold will make these same objects
contract.When this expansion and contraction occurs in motherboards and other circuit
boards, chip creep can occur.As the circuit boards expand and contract, it causes the computer
chips on these boards to move until they begin to lose contact with the sockets they’re in.
When the chips lose contact, they’re unable to send and receive signals, resulting in hardware
failure.
Answer A is incorrect, because ESD is commonly attributed to humidity problems, not prob-
lems with temperature.Answer B is incorrect, because the temperature fluctuations would not
be the result of an access control issue involving biometrics.Answer D is incorrect, because,
although the air is going from hot to cold, it does not indicate that it would affect the quality
of the air itself.
6. A server has been compromised by a hacker who used it to send spam messages to thousands of
people on the Internet.A member of the IT staff noticed the problem while monitoring net-
work and server performance over the weekend, and has noticed that several windows are open
on the server’s monitor. He also notices that a program he is unfamiliar with is running on the
computer. He has called you for instructions as to what he should do next.Which of the fol-
lowing will you tell him to do immediately?
A. Shut down the server to prevent the hacker from using the server further
B. Reboot the server to disconnect the hacker from the machine and using the server fur-
ther
C. Document what appears on the screen
D. Call the police
Answer C.When an incident is discovered, the scene should be secured, and any information
on the screen should be documented. If the machine lost power before it can be examined, any
information on the screen will be lost. By documenting (and if possible photographing) what is
on the screen, this information will be preserved until the computer can be properly examined.
Answers A and B are incorrect, because shutting down the server would destroy volatile infor-
mation in memory, and could escalate the problem if a virus or other malicious software were
installed on the server that activates on reboot.When an incident is first discovered, the com-
puter should not be touched and any technologies involved in the incident should be left as
they were until someone trained in computer forensics arrives.Answer D is incorrect, because
it hasn’t been determined what the incident entails.While it is known that spam has been sent
through the server, it is not known whether a crime has been committed requiring police
involvement.
www.syngress.com
