Essay Help Services

COIT20267 | Quiz 2 Digital Forensic | IT

Home Recent Questions COIT20267 | Quiz 2 Digital Forensic | IT

Question 1

What certification program, sponsored by ISC2, requires knowledge of digital forensics, malware analysis, incident response, e-discovery, and other disciplines related to cyber investigations?

a. Certified Computer Crime Investigator
b. Certified Forensic Computer Examiner
c. Certified Cyber Forensics Professional
d. EnCase Certified Examiner

Question 2
_______ is the utility used by the ProDiscover program for remote access.

a. PDServer
b. VNCServer
c. SubSe7en
d. l0pht

Question 3

Which court case established that it is not necessary for computer programmers to testify in order to authenticate computer-generated records?

a. United States v. Walser
b. United States v. Salgado
c. United States v. Wong
d. United States v. Carey

Question 4

Which open-source acquisition format is capable of producing compressed or uncompressed image files, and uses the .afd extension for segmented image files?

a. Advanced Capture Image
b. Advanced Forensics Disk
c. Advanced Open Capture
d. Advanced Forensic Format

Question 5

Which of the following options is not a subfunction of extraction?

a. logical data copy
b. carving
c. bookmarking
d. decrypting

Question 6


What percentage of consumers utilize Intel and AMD PCs?
a. 70
b. 80
c. 90
d. 60

Question 7

What algorithm is used to decompress Windows files?
a. Shannon-Fano
b. Zopfli
c. Fibonacci
d. Lempel-Ziv

Question 8


A TEMPEST facility is designed to accomplish which of the following goals?

a. Prevent data loss by maintaining consistent backups.
b. Ensure network security from the Internet using comprehensive security software.
c. Shield sensitive computing systems and prevent electronic eavesdropping of computer emissions.
d. Protect the integrity of data.

Question 9

You must abide by the _______ while collecting evidence.

a. Fourth Amendment
b. Federal Rules of Evidence
c. Fifth Amendment
d. state's Rules of Evidence

Question 10

When seizing digital evidence in criminal investigations, whose standards should be followed?

a. U.S. DOJ
b. ITU
c. ISO/IEC
d. IEEE

Question 11


In what mode do most write-blockers run?
a. BIOS mode
b. RW mode
c. Shell mode
d. GUI mode

Question 12


Which RAID type utilizes mirrored striping, providing fast access and redundancy?
a. RAID 5
b. RAID 1
c. RAID 3
d. RAID 10

Question 13

_______ describes the characteristics of a safe storage container.

a. NISPOM
b. SSO 990
c. ISO2960
d. STORSEC

Question 14

The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface.

a. Arch
b. Ubuntu
c. Kali
d. Helix3

Question 15

The _______ command was developed by Nicholas Harbour of the Defense Computer Forensics Laboratory.

a. dcfldd
b. echo
c. dd
d. split

Question 16

Which option below is not a Linux Live CD meant for use as a digital forensics tool?

a. Kali Linux
b. Penguin Sleuth
c. Ubuntu
d. CAINE

Question 17

Reconstructing fragments of files that have been deleted from a suspect drive, is known as ____________ in North America.

a. salvaging
b. sculpting
c. carving
d. scraping

Question 18

To create a new primary partition within the fdisk interactive utility, which letter should be typed?

a. p
b. n
c. c
d. l

Question 19

The _______ switch can be used with the split command to adjust the size of segmented volumes created by the dd command.

a. -p
b. -S
c. -b
d. -s

Question 20

The Linux command _______ can be used to list the current disk devices connected to the computer.

a. show drives
b. ls -l
c. fdisk -l
d. geom

Question 21


_______ is not one of the functions of the investigations triad.

a. Network intrusion detection and incident response
b. Digital investigations
c. Vulnerability/threat assessment and risk management
d. Data recovery

Question 22

The Linux command _____ can be used to write bit-stream data to files.

a. write
b. cat
c. dd
d. dump

Question 23

After the evidence has been presented in a trial by jury, the jury must deliver a(n) _______.

a. allegation
b. verdict
c. exhibit
d. affidavit

Question 24

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?

a. 1 PB
b. 2 GB
c. 512 MB
d. 1 TB

Question 25

In what year was the Computer Fraud and Abuse Act passed?

a. 1976
b. 1996
c. 1986
d. 1980

Question 26

The sale of sensitive or confidential company information to a competitor is known as _______.

a. industrial sabotage
b. industrial collusion
c. industrial espionage
d. industrial betrayal

Question 27


The term _______ describes rooms filled with extremely large disk systems that are typically used by large business data centers.

a. data well
b. server farm
c. storage room
d. storage hub

Question 28


How long are computing components designed to last in a normal business environment?

a. 14 to 26 months
b. 18 to 36 months
c. 12 to 16 months
d. 36 to 90 months

Question 29

Which option below is not a standard systems analysis step?

a. Mitigate or minimize the risks.
b. Share evidence with experts outside of the investigation.
c. Obtain and copy an evidence drive.
d. Determine a preliminary design or approach to the case.

Question 30

The ProDiscover utility makes use of the proprietary _______________ file format.

a. .iso
b. .eve
c. .img
d. .pro

Question 31

What tool below was written for MS-DOS and was commonly used for manual digital investigations?

a. SMART
b. DataLifter
c. Norton DiskEdit
d. ByteBack

Question 32

Which technology below is not a hot-swappable technology?

a. FireWire 1394A
b. SATA
c. USB-3
d. IDE

Question 33

The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network.

a. total awareness system
b. intrusion detection system
c. active defense mechanism
d. intrusion monitoring system

Question 34

Which system below can be used to quickly and accurately match fingerprints in a database?

a. Fingerprint Identification Database (FID)
b. Systemic Fingerprint Database (SFD)
c. Dynamic Fingerprint Matching System (DFMS)
d. Automated Fingerprint Identification System (AFIS)

Question 35

As a general rule, what should be done by forensics experts when a suspect computer is seized in a powered-on state?

a. The power cable should be pulled.
b. The power should be left on.
c. The decision should be left to the Digital Evidence First Responder (DEFR).
d. The system should be shut down gracefully.

Question 36

Which Microsoft OS below is the least intrusive to disks in terms of changing data?
a. Windows 7
b. Windows XP
c. MS-DOS 6.22
d. Windows 95

Question 37

A _______ is not a private sector organization.

a. small to medium business
b. hospital
c. non-government organization
d. large corporation

Question 38

A keyword search is part of the analysis process within what forensic function?
a. reconstruction
b. acquisition
c. reporting
d.extraction

Question 39

The term _______ describes a database containing informational records about crimes that have been committed previously by a criminal.
a. police blogger
b. police blotter
c. police ledger
d. police recorder

Question 40

What should you do while copying data on a suspect's computer that is still live?
a. Open files to view contents.
b. Conduct a Google search of unknown extensions using the computer.
c. Make notes regarding everything you do.
d. Check Facebook for additional suspects.

Question 41


A chain-of-evidence form, which is used to document what has and has not been done with the original evidence and forensic copies of the evidence, is also known as a(n) _______.
a. evidence tracking form
b. single-evidence form
c. multi-evidence form
d. evidence custody form

Question 42

_______ are a special category of private sector businesses, due to their ability to investigate computer abuse committed by employees only, but not customers.
a. News networks
b. ISPs
c. Law firms
d. Hospitals

Question 43

Which operating system listed below is not a distribution of the Linux OS?
a. Minix
b. Slackware
c. Fedora
d. Debian

Question 44


What does FRE stand for?
a. Federal Regulations for Evidence
b. Federal Rules of Evidence
c. Federal Rules for Equipment
d. Federal Rights for Everyone

Question 45

After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant.
a. Digital Evidence Specialist
b. Digital Evidence Scene Investigator
c. Digital Evidence Recorder
d. Digital Evidence First Responder

Question 46

The _______ is not one of the three stages of a typical criminal case.
a. complaint
b. investigation
c. prosecution
d. civil suit

Question 47

In order to qualify for the Certified Computer Crime Investigator, Basic Level certification, candidates must provide documentation of at least _______ cases in which they participated.
a. 20
b. 10
c. 15
d. 5

Question 48


What option below is an example of a platform specific encryption tool?
a. TrueCrypt
b. GnuPG
c. BitLocker
d. Pretty Good Privacy (PGP)

Question 49


What program serves as the GUI front end for accessing Sleuth Kit's tools?
a. KDE
b. Autopsy
c. DetectiveGUI
d. SMART

Question 50

Which option below is not a recommendation for securing storage containers?
a. Evidence containers should remain locked when they aren't under direct supervision.
b. Rooms with evidence containers should have a secured wireless network.
c. The container should be located in a restricted area.
d. Only authorized access should be allowed, and it should be kept to a minimum.

Similar Posts

Order Now

Latest Reviews

Facebook

Payments And Security