quiz questions
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| Which of the following roles may involve computer forensics? | show 🗑
|
||||
| show | In-depth computer knowledge and The ability to logically dissect a computer system or network
🗑
|
||||
| show | true
🗑
|
||||
| These are specifications for a secure environment, including items such as physical security requirements, network security planning details, a detailed list of approved software, and human resources policies on employee hiring and dismissal | show 🗑
|
||||
| show | Gramm-Leach-Bliley (GLB) Act
🗑
|
||||
| show | Insurance companies
🗑
|
||||
| Prosecuting attorneys should have training on electronic discovery and digital data, and how to properly present computer evidence in a court of law. | show 🗑
|
||||
| Many states have laws that require businesses to protect sensitive personal and financial data, and to report data breaches. | show 🗑
|
||||
| show | flase
🗑
|
||||
| show | nonvolatile
🗑
|
||||
| Mobile devices generally use flash memory instead of a hard drive for storage to keep them as light and small as possible. | show 🗑
|
||||
| What device tends to offer the highest data capacity? | show 🗑
|
||||
| show | keylogger
🗑
|
||||
| Which of the following is a wireless interface standard? | show 🗑
|
||||
| The most common Microsoft systems a computer forensic investigator will encounter today are Windows XP, Windows Vista, and Windows 7. | show 🗑
|
||||
| show | Mac OS X and Linux
🗑
|
||||
| This is the process of tracking users and their actions on a network and its component systems. | show 🗑
|
||||
| show | true
🗑
|
||||
| A computer forensic examiner is qualified to do all of the following except which one? | show 🗑
|
||||
| show | Real
🗑
|
||||
| A handwritten note is an example of which types of evidence? (Choose all that apply.) | show 🗑
|
||||
| Whenever you introduce documentary evidence, you must introduce an original document, not a copy. This is called the ________ rule. | show 🗑
|
||||
| show | Subpoena
🗑
|
||||
| show | false
🗑
|
||||
| Taking photos of real evidence is part of the chain of custody. | show 🗑
|
||||
| You are completing a chain of custody for seizing a hard drive. Which of the following steps is out of order? | show 🗑
|
||||
| show | unchanged
🗑
|
||||
| show | false
🗑
|
||||
| Which of the following is not a technique for ensuring the admissibility of evidence in court? | show 🗑
|
||||
| show | site survey
🗑
|
||||
| Removable or external media generally contain intentionally archived and/or transient files. | show 🗑
|
||||
| show | Documentary
🗑
|
||||
| What is the main goal of evidence preservation? | show 🗑
|
||||
| Shutting a system down prevents entries from being written to activity log files and preserves the state of the evidence. | show 🗑
|
||||
| You left the PDA powered on in its charger while stored. While testifying as an expert witness in court, you are asked if the data in the PDA has changed. You should truthfully answer "Yes." | show 🗑
|
||||
| You need to perform a drive integrity check. You use a forensic tool to calculate a hash value. Which of the following might you end up with? (Choose all that apply.) | show 🗑
|
||||
| You must often find specific keywords or phrases that appear in large numbers of files. Which tool should you use? | show 🗑
|
||||
| When organizing a presentation that will take the audience on a tour of an evidence trail, always take a chronological approach. | show 🗑
|
||||
| show | checksum
🗑
|
||||
| show | imaging
🗑
|
||||
| Because of the nature of non-volatile data, it should always be collected first to minimize corruption or loss. | show 🗑
|
||||
| show | Fewer failures, Faster access times
🗑
|
||||
| show | traceroute, tracert
🗑
|
||||
| A ___________ backup (also known as a mirror image or evidence grade backup) is used to create an exact replica of a storage device. | show 🗑
|
||||
| show | True
🗑
|
||||
| show | Text message history, Deleted text messages, Phonebook and Call history
🗑
|
||||
| show | System date and time from the BIOS, Drive parameters and boot order and System serial numbers
🗑
|
||||
| Which of the following tools creates a VMware virtual machine from a physical disk or raw disk image? | show 🗑
|
||||
| show | true
🗑
|
||||
| WinHex is a Windows-based universal ___________ editor and disk management utility | show 🗑
|
||||
| show | Norton Ghost
🗑
|
||||
| You can compress and split drive images for efficient storage. | show 🗑
|
||||
| Which of the following tools runs only on Windows and allows you to capture a disk image over a network without being physically connected to a suspect computer? | show 🗑
|
||||
| Which open source toolkit provides collections of tools, such as file system tools, volume system tools, image file tools, disk tools, and other tools? | show 🗑
|
||||
| Which of the following tools run in Linux? (Choose all that apply.) | show 🗑
|
||||
| show | False
🗑
|
||||
| show | false
🗑
|
||||
| show | EnCase
🗑
|
||||
| show | IDS
🗑
|
||||
| Web browsers cache web pages that the user visited recently. This cached data is referred to as a temporary Internet file, and it is stored in a folder on the user’s hard drive. | show 🗑
|
||||
| show | true
🗑
|
||||
| A ________________ systematically tries every conceivable combination until a password is found, or until all possible combinations have been exhausted | show 🗑
|
||||
| ______________ is a technique that uses a filter to analyze both the header and the contents of a datagram, usually referred to as the packet payload. | show 🗑
|
||||
| Metadata is a data component that describes other data. In other words, it’s data about data. | show 🗑
|
||||
| A criminal can conceal data in hidden disk partitions. | show 🗑
|
||||
| show | Credential Manager
🗑
|
||||
| In Linux, which directory holds the security logs? | show 🗑
|
||||
| Suspects can hide data in which of the following locations? | show 🗑
|
||||
| show | Decrypt
🗑
|
||||
| show | Nonrepudiation
🗑
|
||||
| show | Private key algorithm
🗑
|
||||
| show | False
🗑
|
||||
| A _________ algorithm uses one key to encrypt plaintext and another key to decrypt ciphertext. | show 🗑
|
||||
| A key that is 4 bits in length can represent how many different key values? Hint: 2^4 | show 🗑
|
||||
| show | Chosen Plaintext Attack, Chosen Plaintext, Plaintext Attack, Plaintext
🗑
|
||||
| Of the following symmetric encryption algorithms, which one latest and strongest standard adopted by the U.S. government, with key sizes of 128, 192, or 256 bits? | show 🗑
|
||||
| BONUS: who designed the Blowfish cipher? | show 🗑
|
||||
| Social engineering can be an effective method of obtaining a password. | show 🗑
|
||||
| show | Digital data of probative value
🗑
|
||||
| show | All of the above
🗑
|
||||
| show | The account was used to log into the system
🗑
|
||||
| show | Locard’s Exchange Principle
🗑
|
||||
| Which of the following issues is NOT one that a forensic examiner faces when dealing with Windows-based media? | show 🗑
|
||||
| Forensically acceptable alternatives to using a Windows Evidence Acquisition Boot Disk include all but which of the following? | show 🗑
|
||||
| The standard Windows environment supports all of the following file systems EXCEPT | show 🗑
|
||||
| Before evidentiary media is “acquired,” forensic examiners often ________ the media to make sure it contains data relevant to the investigation. | show 🗑
|
||||
| show | Logically or Physically
🗑
|
||||
| show | Safeback
🗑
|
||||
| You find the following deleted file on a floppy disk. How many clusters does this file occupy? Name .Ext ID Size Date Time Cluster 76 A R S H D V _REENF~1 DOC Erased 19968 5-08-03 2:34 pm 275 A ---- | show 🗑
|
||||
| show | Associate system events with specific user accounts
🗑
|
||||
| The Windows NT Event log Appevent.evt: | show 🗑
|
||||
| Unlike the standard DOS/Windows environments, the UNIX environment has the capability of _______________, thereby preventing the contents of evidentiary media from being changed. | show 🗑
|
||||
| show | Test the tool under controlled conditions
🗑
|
||||
| _______, which is part of the standard Linux distribution, can be used to make a bitstream copy of evidentiary media to either image files or sterile media. | show 🗑
|
||||
| show | Forensic examination tools
🗑
|
||||
| show | FireFox
🗑
|
||||
| grep is a standard Linux tool that searches a specified file or region for a specified string. | show 🗑
|
||||
| show | False
🗑
|
||||
| Most data-carving tools operate on the assumption that the operating system generally tries to save data in contiguous sectors. | show 🗑
|
||||
| UNIX log files (or those of any operating system, for that matter) can provide a great deal of useful information to the examiner. | show 🗑
|
||||
| show | false
🗑
|
||||
| show | true
🗑
|
||||
| The most common approach to salvaging deleted data on Macintosh systems is to | show 🗑
|
||||
| show | .Trash folder
🗑
|
||||
| show | com.apple.TextEdit.plist
🗑
|
||||
| The default browser used on Mac OS X is: | show 🗑
|
||||
| show | E-mail attachments that have been opened
🗑
|
||||
| show | False
🗑
|
||||
| Examination of a Mac computer must be done manually – no automated tools exist. | show 🗑
|
||||
| Macintosh disks can only be examined on a Macintosh system. | show 🗑
|
||||
| By default, when Mac OS X boots up, it will attempt to mount an evidence disk. | show 🗑
|
||||
| Which of the following is NOT one of the methods mobile devices use to communicate? | show 🗑
|
||||
| show | Connected networks can enable offenders to delete data remotely.
🗑
|
||||
| show | An investigator must make a calculated decision to either prevent or allow the device to receive new data over wireless networks.
🗑
|
||||
| show | RF-shielded pouch
🗑
|
||||
| show | Mobile device batteries have a limited charge life span, and the device will need a charger to maintain the battery until the device can be processed.
🗑
|
||||
| Which of the following is NOT one of the currently available methods for extracting data from mobile devices? | show 🗑
|
||||
| Forensic examiners should be aware that a mobile device with a blank or broken display: | show 🗑
|
||||
| The IEEE standard that specifies a standardized interface for testing integrated circuits, interconnections between components, and a means of observing and modifying circuit activity during a component’s operation is: | show 🗑
|
||||
| Since mobile devices consist of a CPU, memory, storage, and software, the same as traditional computers, they are processed in exactly the same way. | show 🗑
|
||||
| One drawback of mobile device examination is that when a user deletes data on a mobile device that data is never recoverable. | show 🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
1001783742