What is the First Step required in preparing a computer for forensics investigation?
A. Do not turn the computer off or on, run any programs, or attempt to access data on a computer
B. Secure any relevant media
C. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
D. Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination
Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system
Network forensics can reveal: (Select three answers)
A. Source of security incidents' and network attacks
B. Path of the attack
C. Intrusion techniques used by attackers
D. Hardware configuration of the attacker's system
What is a bit-stream copy?
A. Bit-Stream Copy is a bit-by-bit copy of the original storage medium and exact copy of the original disk
B. A bit-stream image is the file that contains the NTFS files and folders of all the data on a disk or partition
C. A bit-stream image is the file that contains the FAT32 files and folders of all the data on a disk or partition
D. Creating a bit-stream image transfers only non-deleted files from the original disk to the image disk
MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network
A. 16-bit address
B. 24-bit address
C. 32-bit address
D. 48-bit address
Which table is used to convert huge word lists (i .e. dictionary files and brute-force lists) into password hashes?
A. Rainbow tables
B. Hash tables
C. Master file tables
D. Database tables
Data acquisition system is a combination of tools or processes used to gather, analyze and record Information about some phenomenon. Different data acquisition system are used depends on the location, speed, cost. etc. Serial communication data acquisition system is used when the actual location of the data is at some distance from the computer. Which of the following communication standard is used in serial communication data acquisition system?
A. RS422
B. RS423
C. RS232
D. RS231
Log management includes all the processes and techniques used to collect, aggregate, and analyze computer-generated log messages. It consists of the hardware, software, network and media used to generate, transmit, store, analyze, and dispose of log data.
A. True
B. False
LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.
A. Sequential number
B. Index number
C. Operating system number
D. Sector number
What is the "Best Evidence Rule"?
A. It states that the court only allows the original evidence of a document, photograph, or recording at the trial rather than a copy
B. It contains system time, logged-on user(s), open files, network information, process information, process-to-port mapping, process memory, clipboard contents, service/driver information, and command history
C. It contains hidden files, slack space, swap file, index.dat files, unallocated clusters, unused partitions, hidden partitions, registry settings, and event logs
D. It contains information such as open network connection, user logout, programs that reside in memory, and cache data
Dumpster Diving refers to:
A. Searching for sensitive information in the user's trash bins and printer trash bins, and searching the user's desk for sticky notes
B. Looking at either the user's keyboard or screen while he/she is logging in
C. Convincing people to reveal the confidential information
D. Creating a set of dictionary words and names, and trying all the possible combinations to crack the password
A mobile operating system manages communication between the mobile device and other compatible devices like computers, televisions, or printers.
Which mobile operating system architecture is represented here?
A. webOS System Architecture
B. Symbian OS Architecture
C. Android OS Architecture
D. Windows Phone 7 Architecture
What is the goal of forensic science?
A. To determine the evidential value of the crime scene and related evidence
B. Mitigate the effects of the information security breach
C. Save the good will of the investigating organization
D. It is a disciple to deal with the legal processes
What document does the screenshot represent?
A. Chain of custody form
B. Search warrant form
C. Evidence collection form
D. Expert witness form
Digital evidence validation involves using a hashing algorithm utility to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a disk drive or file. Which of the following hash algorithms produces a message digest that is 128 bits long?
A. CRC-32
B. MD5
C. SHA-1
D. SHA-512
An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthorized access, as well as misuse. Which of the following intrusion detection systems audit events that occur on a specific host?
A. Network-based intrusion detection
B. Host-based intrusion detection
C. Log file monitoring
D. File integrity checking