Are you reading for the CHFI certification test? The trivia quiz below is on forensics, and network intrusion is perfect for helping you review just how conversant you are with the topic. Think you can handle it? How about you give it a try and get to see just how much you might remember in the process. All the best!
Expediting the process of obtaining a warrant may lead to a delay in prosecution of a perpetrator.
Delay in obtaining a warrant may lead to the destruction of evidence and hamper the investigation process.
Expediting the process of obtaining a warrant may lead to the timely prosecution of a perpetrator.
Delay in obtaining a warrant may lead to the preservation of evidence and expedite the investigation process.
Interpret, document, and present the evidence to be admissible during prosecution.
Track and prosecute the perpetrators in a court of law.
Mitigate vulnerabilities to prevent further loss of intellectual property, finances, and reputation during an attack.
Identify, gather, and preserve the evidence of a cybercrime.
Rate this question:
An organization’s ability to make optimal use of digital evidence in a limited period and with minimal investigation costs.
The establishment of specific incident response procedures and designated trained personnel to prevent a breach.
Having no impact on prospects of successful legal action.
Replacing the need to meet all regulatory requirements.
Rate this question:
The claimant is responsible for the collection and analysis of the evidence.
Investigators attempt to demonstrate information to the opposite party to support the claims and induce settlement.
The searching of the devices is based on mutual understanding and provides a wider time frame to hide the evidence.
Investigators, with a warrant, have the authority to forcibly seize the computing devices.
Rate this question:
Lab exteriors should have no windows.
Room size should be compact with standard HVAC equipment.
Lightweight construction materials need to be used.
Computer systems should be visible from every angle.
Rate this question:
Additional equipment such as notepads, printers, etc. should be stored elsewhere.
Physical computer examinations should take place in a separate workspace.
Examiner station has an area of about 50–63 square feet.
Multiple examiners should share workspace for efficiency.
Rate this question:
Testify as an expert defendant.
Data acquisition
Data analysis
Testify as an expert witness.
Rate this question:
Printer spool
Cookies
Log files
Address book
Rate this question:
Swap file
Spreadsheet
Steganography
Bookmarks
Rate this question:
When original evidence is in possession of the originator
When original evidence is destroyed due to fire and flood
When original evidence is in possession of a third party
When original evidence is destroyed in the normal course of business
Rate this question:
Rule 103
Rule 102
Rule 105
Rule 101
Rate this question:
Rule 103
Rule 102
Rule 105
Rule 101
Rate this question:
Access time
Seek time
RPM speed
Transfer time
Rate this question:
Non-volatile memory
Faster data access
Higher reliability
Less power usage
Rate this question:
512
1,000
2,000
256
Rate this question:
NTFS
EFX3
EXT2
FAT32
Volume descriptor
POSIX attribute
Track header
Boot sector
Rate this question:
Romeo and MDF
ISO 9660
ISO 13490
Joliet and UDF
Rate this question:
Number 2
Number 3
Number 0
Number 1
Rate this question:
Number 0
Number 2
Number 3
Number 1
Rate this question:
Number 2
Number 1
Number 255
Number 3
Rate this question:
CIFS
NTFS
CDFS
VMFS
Rate this question:
Extended partition
Primary partition
Secondary partition
Tertiary partition
Rate this question:
Win Edit
Disk Edit
WinHex
Hex Workshop
Rate this question:
Primary Boot Record (PBR)
First Boot Record (FBR)
Secondary Boot Record (SBR)
Master Boot Record (MBR)
Rate this question:
CD/DIR
IP/IFCONFIG
RARP/ARP
FDISK/MBR
Rate this question:
Master Boot Process
Master BIOS Code
Master Boot Code
Master BIOS Process
Rate this question:
Sequentially Unique Identifier (SQUID)
Secondary Potential Identifier (SPUD)
Globally Unique Identifier (GUID)
Galaxy Unique Identifier (GUID)
Rate this question:
UEMR
UEFI (Unified Extensible Firmware Interface)
UEFO
UHFI
Rate this question:
32
64
256
128
Rate this question:
512
128
1,024
256
Rate this question:
Logical Block Addressing (LBA)
Unified Extensible Firmware Interface (UEFI)
Globally Unique Identifier (GUID)
Cylinder-Head-Sector (CHS)
Rate this question:
LBA 2
LBA 3
LBA 0
LBA 1
Rate this question:
16,384
65,536
32,768
8,192
Rate this question:
GPT allows users to partition disks larger than 2 terabytes.
GPT partition and boot data is more secure than MBR, as MBR stores data in multiple locations across the disk.
GPT allows users to partition disks larger than 40 gigabytes.
MBR partition and boot data is more secure than GPT, as GPT stores data in multiple locations across the disk.
Rate this question:
0xFF
0x01
0x00
0xEE
Rate this question:
Hot booting
Cold booting
Warm booting
Hard booting
Rate this question:
Ntoskrnl.exe
CoreServices
Boot.efi
Inittab
Rate this question:
Windows Vista
Windows 9
Windows 8
Windows 10
Rate this question:
Windows XP
Windows Vista
Windows 7
Windows 8
Rate this question:
PIE Phase
BSD Phase
SEC Phase
PAI Phase
Rate this question:
BSD Phase
DXE Phase
PAI Phase
PIE Phase
Rate this question:
RT Phase
PIE Phase
PAI Phase
BSD Phase
Rate this question:
PEI (Pre-EFI Initialization) Phase
BDS (Boot Device Selection) Phase
RT (Run Time) Phase
DXE (Driver Execution Environment) Phase
Rate this question:
PEI (Pre-EFI Initialization) Phase
BDS (Boot Device Selection) Phase
RT (Run Time) Phase
DXE (Driver Execution Environment) Phase
Rate this question:
Get-BootSector
Get-GPT
Get-PartitionTable
Get-MBR
Rate this question:
Get-GPT
Get-PartitionTable
Get-MBR
Get-BootSector
Rate this question:
Gparted
DiskPart
Disk Utility
Fdisk
Rate this question:
Quiz Review Timeline (Updated): Mar 22, 2023 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
Wait!
Here's an interesting quiz for you.