Forensics And Network Intrusion Practice Exam- I

50 Questions | Total Attempts: 683

SettingsSettingsSettings
Please wait...
Forensics And Network Intrusion Practice Exam- I

Welcome to Forensics and Network Intrusion! This course provides you with the knowledge and skills needed to work in the exciting, high-demand field of digital forensics. In preparation for the highly regarded Computer Hacking Forensic Investigator (CHFI) certification, you will learn about how to detect hacking attacks, how to properly extract and preserve evidence, and how to get the evidence needed for audits aimed at preventing future attacks. Throughout the course, you will find readings, videos, labs, and learning checks. These activities are designed to let you check your retention of the topics presented. It is important to note that the labs and learning checks are not meant to reveal any characteristics of the format or design of the final assessment. Instead, they


Questions and Answers
  • 1. 
    What must an investigator do in order to offer a good report to a court of law and ease the prosecution?
    • A. 

      Prosecute the evidence

    • B. 

      Obfuscate the evidence

    • C. 

      Authorize the evidence

    • D. 

      Preserve the evidence

  • 2. 
    Which of the following is NOT a legitimate authorizer of a search warrant?
    • A. 

      Magistrate

    • B. 

      Court of law

    • C. 

      First responder

    • D. 

      Concerned authority

  • 3. 
    Which of the following is TRUE regarding computer forensics?
    • A. 

      Computer forensics deals with the monetary cost of finding evidence related to a crime to find the culprits and initiate legal action against them.

    • B. 

      Computer forensics deals with the search for evidence related to a digital crime, but the forensics specialist does not need to be concerned about the legal admissibility of the evidence he or she finds.

    • C. 

      Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them.

    • D. 

      Computer forensics deals only with the process of finding evidence related to a digital crime and does not try to estimate the monetary damages caused by that crime.

  • 4. 
    Which of the following is TRUE regarding Enterprise Theory of Investigation (ETI)?
    • A. 

      It adopts an approach toward criminal activity as a criminal act.

    • B. 

      It adopts a holistic approach toward any criminal activity as a criminal operation rather than as a single criminal activity.

    • C. 

      It differs from traditional investigative methods and is less complex and less time- consuming.

    • D. 

      It encourages reactive action on the structure of the criminal enterprise.

  • 5. 
    Which of the following is NOT an element of cybercrime?
    • A. 

      Fast-paced speed

    • B. 

      Smaller evidence in size

    • C. 

      Anonymity through masquerading

    • D. 

      Volatile evidence

  • 6. 
    Which of the following is TRUE of civil crimes?
    • A. 

      The initial reporting of the evidence is generally informal.

    • B. 

      Law enforcement agencies are responsible for collecting and analyzing evidence.

    • C. 

      The standards of proof need to be very high.

    • D. 

      A formal investigation report is required.

  • 7. 
    Which of the following is NOT a consideration during a cybercrime investigation?
    • A. 

      Presentation of admissible evidence

    • B. 

      Value or cost to the victim

    • C. 

      Collection of clues and forensic evidence

    • D. 

      Analysis of digital evidence

  • 8. 
    Which of the following should be considered before planning and evaluating the budget for the forensic investigation case?
    • A. 

      Breakdown of costs into daily and annual expenditure

    • B. 

      Current media coverage of high-profile computer crimes

    • C. 

      Past success rate as a measure of value

    • D. 

      Use of outdated, but trusted, technologies

  • 9. 
    Which of the following is NOT part of the Computer Forensics Investigation Methodology?
    • A. 

      Secure the evidence.

    • B. 

      Collect the evidence.

    • C. 

      Destroy the evidence.

    • D. 

      Assess the evidence.

  • 10. 
    Which of the following is NOT where potential evidence may be located?
    • A. 

      Thumb drive

    • B. 

      Digital camera

    • C. 

      Smart card

    • D. 

      Processor

  • 11. 
    Which of the following Federal Rules of Evidence governs proceedings in the courts of the United States?
    • A. 

      Rule 105

    • B. 

      Rule 102

    • C. 

      Rule 103

    • D. 

      Rule 101

  • 12. 
    Which of the following Federal Rules of Evidence contains Rulings on Evidence?
    • A. 

      Rule 105

    • B. 

      Rule 101

    • C. 

      Rule 102

    • D. 

      Rule 103

  • 13. 
    Which of the following is NOT a digital data storage type?
    • A. 

      Magnetic storage devices

    • B. 

      Optical storage devices

    • C. 

      Flash memory devices

    • D. 

      Quantum storage devices

  • 14. 
    Which of the following is NOT a type of flash-based memory?
    • A. 

      Double-level cell (DLC)

    • B. 

      Single-level cell (SLC)

    • C. 

      Multi-level cell (MLC)

    • D. 

      Triple-level cell (TLC)

  • 15. 
    Which of the following is unique to SSDs?
    • A. 

      Spindle

    • B. 

      NAND chips

    • C. 

      Read/write heads

    • D. 

      Platters

  • 16. 
    Which of the following is NOT used in the calculation of HDD density?
    • A. 

      Area density

    • B. 

      Bit density

    • C. 

      Block density

    • D. 

      Track density

  • 17. 
    Which of the following is the correct number of bytes reserved at the beginning of a CD-ROM for booting a computer?
    • A. 

      16,384

    • B. 

      32,768

    • C. 

      512

    • D. 

      256

  • 18. 
    Which of the following specifications is used as a standard to define the use of file systems on CD-ROM and DVD media?
    • A. 

      ISO 9431

    • B. 

      ISO 6990

    • C. 

      ISO 1349

    • D. 

      ISO 9660

  • 19. 
    Which of the following ISO 9660–compliant portions of a compact disc describes the location of the contiguous root directory similar to the super block of the UNIX file system?
    • A. 

      The primary track sector

    • B. 

      The secondary volume descriptor

    • C. 

      The primary volume descriptor

    • D. 

      The secondary track sector

  • 20. 
    Which field type refers to the volume descriptor as a primary?
    • A. 

      Number 3

    • B. 

      Number 1

    • C. 

      Number 2

    • D. 

      Number 0

  • 21. 
    Which field type refers to the volume descriptor as a partition descriptor?
    • A. 

      Number 2

    • B. 

      Number 0

    • C. 

      Number 3

    • D. 

      Number 1

  • 22. 
    Which field is the standard identifier set to CD001 for a CD-ROM compliant to the ISO 9660 standard?
    • A. 

      Third

    • B. 

      Fourth

    • C. 

      Second

    • D. 

      First

  • 23. 
    What partition holds the information regarding the operating system, system area, and other information required for booting?
    • A. 

      Extended partition

    • B. 

      Tertiary partition

    • C. 

      Primary partition

    • D. 

      Secondary partition

  • 24. 
    In MS-DOS and earlier versions of Microsoft Windows, which partition must be first and a primary partition?
    • A. 

      (C:)

    • B. 

      (B:)

    • C. 

      (A:)

    • D. 

      (D:)

  • 25. 
    Which of the following is a data structure situated at sector 1 in the volume boot record of a hard disk to explain the physical layout of a disk volume?
    • A. 

      Boot Parameter Block (BPB)

    • B. 

      BIOS Parameter Block (BPB)

    • C. 

      Primary Sequential Sector (PSS)

    • D. 

      Primary Reserved Sector (PRS)