CHFI Certification Test: Forensics And Network Intrusion! Trivia Quiz

50 Questions | Total Attempts: 196

SettingsSettingsSettings
CHFI Certification Test: Forensics And Network Intrusion! Trivia Quiz

Are you reading for the CHFI certification test? The trivia quiz below is on forensics, and network intrusion is perfect for helping you review just how conversant you are with the topic. Think you can handle it? How about you give it a try and get to see just how much you might remember in the process. All the best!


Questions and Answers
  • 1. 
    What is the role of an expert witness?
    • A. 

      To support the defense

    • B. 

      To educate the public and court

    • C. 

      To evaluate the court’s decisions

    • D. 

      To testify against the plaintiff 

  • 2. 
    Under which of the following circumstances has a court of law allowed investigators to perform searches without a warrant?
    • A. 

      Expediting the process of obtaining a warrant may lead to a delay in prosecution of a perpetrator.

    • B. 

      Delay in obtaining a warrant may lead to the destruction of evidence and hamper the investigation process.

    • C. 

      Expediting the process of obtaining a warrant may lead to the timely prosecution of a perpetrator.

    • D. 

      Delay in obtaining a warrant may lead to the preservation of evidence and expedite the investigation process.

  • 3. 
    Which of the following is NOT an objective of computer forensics?
    • A. 

      Interpret, document, and present the evidence to be admissible during prosecution.

    • B. 

      Track and prosecute the perpetrators in a court of law.

    • C. 

      Mitigate vulnerabilities to prevent further loss of intellectual property, finances, and reputation during an attack.

    • D. 

      Identify, gather, and preserve the evidence of a cybercrime.

  • 4. 
    Forensic readiness refers to:
    • A. 

      An organization’s ability to make optimal use of digital evidence in a limited period and with minimal investigation costs.

    • B. 

      The establishment of specific incident response procedures and designated trained personnel to prevent a breach.

    • C. 

      Having no impact on prospects of successful legal action.

    • D. 

      Replacing the need to meet all regulatory requirements.

  • 5. 
    Which of the following is TRUE of cybercrimes?
    • A. 

      The claimant is responsible for the collection and analysis of the evidence.

    • B. 

      Investigators attempt to demonstrate information to the opposite party to support the claims and induce settlement.

    • C. 

      The searching of the devices is based on mutual understanding and provides a wider time frame to hide the evidence.

    • D. 

      Investigators, with a warrant, have the authority to forcibly seize the computing devices.

  • 6. 
    Which of the following should be physical location and structural design considerations for forensics labs?
    • A. 

      Lab exteriors should have no windows.

    • B. 

      Room size should be compact with standard HVAC equipment.

    • C. 

      Lightweight construction materials need to be used.

    • D. 

      Computer systems should be visible from every angle.

  • 7. 
    Which of the following should be work area considerations for forensic labs?
    • A. 

      Additional equipment such as notepads, printers, etc. should be stored elsewhere.

    • B. 

      Physical computer examinations should take place in a separate workspace.

    • C. 

      Examiner station has an area of about 50–63 square feet.

    • D. 

      Multiple examiners should share workspace for efficiency.

  • 8. 
    Which of the following is NOT part of the Computer Forensics Investigation Methodology?
    • A. 

      Testify as an expert defendant.

    • B. 

      Data acquisition

    • C. 

      Data analysis

    • D. 

      Testify as an expert witness.

  • 9. 
    Which of the following is a user-created source of potential evidence?
    • A. 

      Printer spool

    • B. 

      Cookies

    • C. 

      Log files

    • D. 

      Address book

  • 10. 
    Which of the following is a computer-created source of potential evidence?
    • A. 

      Swap file

    • B. 

      Spreadsheet

    • C. 

      Steganography

    • D. 

      Bookmarks

  • 11. 
    Under which of the following conditions will duplicate evidence NOT suffice?
    • A. 

      When original evidence is in possession of the originator

    • B. 

      When original evidence is destroyed due to fire and flood

    • C. 

      When original evidence is in possession of a third party

    • D. 

      When original evidence is destroyed in the normal course of business

  • 12. 
    Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the proceedings justly determined?
    • A. 

      Rule 103

    • B. 

      Rule 102

    • C. 

      Rule 105

    • D. 

      Rule 101

  • 13. 
    Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its proper scope and instruct the jury accordingly?
    • A. 

      Rule 103

    • B. 

      Rule 102

    • C. 

      Rule 105

    • D. 

      Rule 101

  • 14. 
    Which of the following is a consideration of HDDs but not SSDs?
    • A. 

      Access time

    • B. 

      Seek time

    • C. 

      RPM speed

    • D. 

      Transfer time

  • 15. 
    Which of the following is NOT an advantage of SSDs over HDDs?
    • A. 

      Non-volatile memory

    • B. 

      Faster data access

    • C. 

      Higher reliability

    • D. 

      Less power usage

  • 16. 
    How many tracks are typically contained on a platter of a 3.5″ HDD?
    • A. 

      512

    • B. 

      1,000

    • C. 

      2,000

    • D. 

      256

  • 17. 
    Which of the following is NOT a common computer file system?
    • A. 

      NTFS

    • B. 

      EFX3

    • C. 

      EXT2

    • D. 

      FAT32

  • 18. 
    Which of the following items is used to describe the characteristics of the file system information present on a given CD-ROM?
    • A. 

      Volume descriptor

    • B. 

      POSIX attribute

    • C. 

      Track header

    • D. 

      Boot sector

  • 19. 
    Which of the following file systems are used for adding more descriptors to a CD-ROM’s file system sequence?
    • A. 

      Romeo and MDF

    • B. 

      ISO 9660

    • C. 

      ISO 13490

    • D. 

      Joliet and UDF

  • 20. 
    Which field type in a volume descriptor refers to a boot record?
    • A. 

      Number 2

    • B. 

      Number 3

    • C. 

      Number 0

    • D. 

      Number 1

  • 21. 
    Which field type refers to the volume descriptor as a supplementary?
    • A. 

      Number 0

    • B. 

      Number 2

    • C. 

      Number 3

    • D. 

      Number 1

  • 22. 
    Which field type refers to the volume descriptor as a set terminator?
    • A. 

      Number 2

    • B. 

      Number 1

    • C. 

      Number 255

    • D. 

      Number 3

  • 23. 
    Which file system for Linux transfers all tracks and boot images on a CD as normal files?
    • A. 

      CIFS

    • B. 

      NTFS

    • C. 

      CDFS

    • D. 

      VMFS

  • 24. 
    Which logical drive holds the information regarding the data and files that are stored in the disk?
    • A. 

      Extended partition

    • B. 

      Primary partition

    • C. 

      Secondary partition

    • D. 

      Tertiary partition

  • 25. 
    Which of the following is NOT a disk editor tool to help view file headers and important information about a file?
    • A. 

      Win Edit

    • B. 

      Disk Edit

    • C. 

      WinHex

    • D. 

      Hex Workshop

Back to Top Back to top