Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IT0203 - FA1
Modules 1-2
| Question | Answer |
|---|---|
| Which of the following is NOT an example of user-created files? Group of answer choices Audio files Images and graphics Spreadsheets Log files | Log files |
| What is the main use of the chain of custody in computer forensics? Group of answer choices Encrypting evidence for safekeeping Preventing data alteration during analysis Providing data backup Ensuring evidence is admissible in court | Ensuring evidence is admissible in court |
| Which of the following is an example of non-volatile data? Group of answer choices Temporary files in clipboard Files stored on a hard drive Data stored in RAM Open network connections | Files stored on a hard drive |
| What is the difference between volatile and non-volatile data? Group of answer choices There is no difference Volatile data is stored in hard drives, while non-volatile is stored in RAM Volatile data is encrypted, while non-volatile is not Volatile data i | Volatile data is temporary, while non-volatile data is permanent |
| Digital evidence can be located in which of the following devices? Group of answer choices Printers Mobile phones All of the above Network servers | All of the above |
| Which of the following is a type of cybercrime? Group of answer choices Denial-of-service attack All of the above Cyber defamation Identity theft | All of the above |
| What is an internal cyberattack? Group of answer choices Exploitation of a system vulnerability by hackers, A denial-of-service attack from an external source, An attack carried out by an insider with authorized access, Phishing emails sent to employees | An attack carried out by an insider with authorized access |
| Digital evidence must meet which criterion to be admissible in court? Group of answer choices Be understandable, authentic, and complete Be publicly available Be compressed for easier handling Be encrypted for securit | Be understandable, authentic, and complete |
| What is the purpose of ACPO Principle 4? Group of answer choices To maintain the chain of custody To verify the authenticity of evidence To designate responsibility to the case officer To ensure evidence is clearly understood | To designate responsibility to the case officer |
| According to Locard's Exchange Principle, what happens when a crime is committed? Group of answer choices All traces of the activity are permanently erased, All digital evidence is automatically stored on the cloud, No physical evidence is left behind, So | Some exchange of evidence occurs between the criminal and the environment |
| Which principle states that all processes applied to evidence must be documented? Group of answer choices Understandable evidence Chain of custody ACPO Principle 3 Locard's Exchange Principle | ACPO Principle 3 |
| Why is forensic readiness important for organizations? Group of answer choices To identify vulnerabilities in their system To recover data more quickly after a system crash To improve public relations To minimize investigation costs and disruptions | To minimize investigation costs and disruptions |
| Which of the following is NOT a type of digital evidence? Group of answer choices Physical devices Encrypted files RAM data Slack space | Physical devices |
| Which of the following is an example of volatile data? Group of answer choices System time and open files Files stored on a hard drive Hidden partitions Network logs | System time and open files |
| What does the best evidence rule state? Group of answer choices Evidence must be kept in physical form All evidence must be encrypted Only copies of digital files can be submitted in court The original evidence must be submitted when possible | The original evidence must be submitted when possible |
| The post-investigation phase is responsible for: Group of answer choices Summarizing findings into a detailed report Building tools for malware testing Verifying evidence integrity Training forensic investigators | Summarizing findings into a detailed report |
| What is the purpose of the pre-investigation phase? Group of answer choices To plan and prepare for the forensic investigation To compile a legal report To acquire evidence from a suspect’s device To analyze and document findings | To plan and prepare for the forensic investigation |
| Which of the following is NOT a requirement for a forensic investigation report? Group of answer choices Accuracy and clarity Adherence to local laws Inclusion of all organizational data Supporting evidence for conclusions | Inclusion of all organizational data |
| What is the importance of understanding hardware and software requirements in a forensic lab? It guarantees no legal disputes arise, It ensures compatibility and efficiency during investigations, It simplifies operations by reducing costs, It eliminates | It ensures compatibility and efficiency during investigations |
| What is a critical factor when organizing gathered evidence for a report? Group of answer choices Redacting unnecessary details The location of the incident Categorizing information for clarity Anonymizing all data sources | Categorizing information for clarity |
| What is the first phase of the Forensic Investigation Process? Group of answer choices Post-investigation Investigation Pre-investigation Evidence analysis | Pre-investigation |
| Search and seizure require investigators to: Group of answer choices Securely handle all electronic devices Create investigative software Prioritize data encryption Analyze incident logs immediately | Securely handle all electronic devices |
| When testifying as an expert witness, a forensic investigator should: Present findings accurately and impartially Offer subjective opinions Provide alternate interpretations of the evidence Summarize the legal aspects of the case | Present findings accurately and impartially |
| Which of the following is an essential consideration when building an investigation team? Group of answer choices Budget allocation Marketing strategies Specialized roles and responsibilities Networking capabilities | Specialized roles and responsibilities |
| Evidence acquired during an investigation must: Group of answer choices Verifying evidence integrity Be encrypted before presentation in court Remain unchanged to ensure integrity Be altered for clarity | Remain unchanged to ensure integrity |
| The forensic investigation report should include all of the following EXCEPT: Group of answer choices, Evidence supporting the findings, Recommendations for legal proceedings, Opinions of the investigation team, A detailed description of each investigati | Opinions of the investigation team |
| In the forensic investigation methodology, which of the following steps comes after the identification of evidence? Group of answer choices Documentation of findings Final reporting Data analysis Evidence acquisition | Evidence acquisition |
| Which document must be created during the investigation phase to ensure accuracy? Group of answer choices Crime scene sketch Operating manual Legal affidavit Incident timeline | Incident timeline |
| What is a primary role of a computer forensics lab? Group of answer choices Prepare reports for employees Recover deleted data Preserve and analyze digital evidence Analyze malware | Preserve and analyze digital evidence |
| Proper evidence preservation ensures: Group of answer choices Evidence is admissible in court Evidence is excluded from legal cases All data is permanently encrypted Only deleted data is recovered | Evidence is admissible in court |
| Which rule ensures digital evidence is clear and understandable to the jury? Group of answer choices Understandable evidence Admissible evidence Authentic evidence Reliable evidence | Understandable evidence |
| Which law outlines the admissibility of evidence in US courts? Group of answer choices Federal Rules of Evidence Locard's Evidence Rules Cybersecurity Law Digital Forensics Act | Federal Rules of Evidence |
| Which of the following is an objective of computer forensics? Group of answer choices Performing penetration tests on IT systems Detecting vulnerabilities in software development Replacing damaged IT systems Preserving evidence for prosecution | Preserving evidence for prosecution |
| What does forensic evidence need to be considered "authentic"? Group of answer choices It must be verified by all parties It must be encrypted It must be supported by the original source details It must be compressed into a secure format | It must be supported by the original source details |
| What is the role of a forensic investigator? Group of answer choices To identify, collect, and analyze evidence To train employees on data compliance To optimize IT systems for efficiency To design secure network architectures | To identify, collect, and analyze evidence |
| What is steganography? Group of answer choices Encrypting data for secure storage Deleting files permanently from a device Hiding information within other files or images Encrypting files for transmission | Hiding information within other files or images |
| What is the primary objective of forensic readiness? Group of answer choices To reduce investigation time and costs To minimize network traffic To prevent cybercrime To ensure employee training | To reduce investigation time and costs |
| What is the primary goal of computer forensics? Group of answer choices To optimize network speed To monitor user activity To develop cybersecurity strategies To detect and analyze digital evidence for legal use | To detect and analyze digital evidence for legal use |
| What is the role of metadata in digital evidence? Group of answer choices Tracks file creation and modification details Encrypts files for secure transmission Hides sensitive information Prevents tampering of files | Tracks file creation and modification details |
| What is the main goal of the investigation phase? Group of answer choices To train new employees To acquire, analyze, and document evidence To perform security audits To create malware samples for testing | To acquire, analyze, and document evidence |
| What is the main focus of the post-investigation phase? Group of answer choices Reporting findings to law enforcement Evidence decryption Identifying cybersecurity risks Analyzing remaining threats | Reporting findings to law enforcement |
| During the pre-investigation phase, setting up a forensic lab ensures: Group of answer choices Compliance with laws and regulations All of the above Efficient analysis of evidence Evidence preservation | All of the above |
| What is the purpose of an investigation report? Group of answer choices, To summarize findings and conclusions for legal proceedings, To provide a summary for law enforcement, To serve as an operations manual for employees, To encrypt evidence for safe s | To summarize findings and conclusions for legal proceedings |
| Why is documenting the crime scene critical? Group of answer choices, It helps investigators verify their findings, It creates a detailed record for analysis and presentation, It provides evidence for defense attorneys, It ensures forensic labs meet inte | It creates a detailed record for analysis and presentation |
| The investigator’s role in court includes: Group of answer choices Providing legal interpretations Analyzing cybersecurity risks Presenting evidence and findings objectively Suggesting penalties for the defendant | Presenting evidence and findings objectively |
| Evidence acquisition involves: Group of answer choices Developing malware analysis reports Encrypting data for secure storage Capturing and cloning digital evidence from devices Analyzing suspicious email attachments | Capturing and cloning digital evidence from devices |
| According to the text, computer forensics is a subset of which field? Group of answer choices Ethical Hacking Digital Forensics Information Technology Cybersecurity | Digital Forensics |
| What is the main benefit of forensic readiness? Group of answer choices Reduces investigation disruption Optimizes system performance Eliminates all cyber threats Prevents data breaches entirely | Reduces investigation disruption |
| What is a common source of digital evidence? Group of answer choices Network logs All of the above Hidden partitions System logs | All of the above |
| Which of the following cybercrimes involves modifying data during transmission? Group of answer choices Espionage Data manipulation Phishing Cyber defamation | Data manipulation |
| Evidence gathering should occur during which phase? Group of answer choices Post-investigation Investigation Pre-investigation Analysis | Investigation |
| Chain of custody refers to: Group of answer choices Deleting irrelevant evidence A timeline of legal compliance during an investigation The process of securing evidence against tampering Transferring data securely between devices | The process of securing evidence against tampering |
| Which step ensures that evidence remains unaltered during acquisition? Group of answer choices Documentation Evidence preservation Chain of custody Malware analysis | Evidence preservation |
| Data analysis during the investigation phase focuses on: Group of answer choices Documenting user activities Interpreting evidence to determine its relevance Rewriting damaged logs Preparing malware for testing | Interpreting evidence to determine its relevance |
| What is a key responsibility of a forensic investigator regarding evidence? Group of answer choices Developing secure systems Encrypting evidence for safekeeping Altering evidence for better clarity Maintaining the chain of custody | Maintaining the chain of custody |
| What is the purpose of hashing during the investigation phase? Group of answer choices To recover deleted system logs To compare evidence between cases To verify the integrity of digital evidence To decrypt secure data files | To verify the integrity of digital evidence |
| A forensic lab must follow which set of guidelines for evidence handling? Group of answer choices Organizational privacy policies Local industry compliance standards Evidence integrity principles General data protection regulations | Evidence integrity principles |
| What is the first step in the computer forensics process? Group of answer choices Case documentation Data analysis Legal compliance review Evidence acquisition | Evidence acquisition |
| What is the most important quality of a forensic investigation report? Group of answer choices, It must be concise, clear, and legally admissible, It should be technical and comprehensive, It must outline potential cybersecurity improvements, It must inc | It must be concise, clear, and legally admissible |
| Search and seizure require forensic investigators to: Group of answer choices Execute search warrants and collect evidence Train users in data management practices Create backups of company data Analyze only cloud-based systems | Execute search warrants and collect evidence |
Created by:
pangalankoiezrawr