Forensics And Network Intrusion Practice Exam- I
Settings
-
+
Welcome to Forensics and Network Intrusion! This course provides you with the knowledge and skills needed to work in the exciting, high-demand field of digital forensics. In preparation for the highly regarded Computer Hacking Forensic Investigator (CHFI) certification, you will learn about how to detect hacking attacks, how to properly extract and preserve evidence, and how to get the evidence needed for audits aimed at preventing future attacks. Throughout the course, you will find readings, videos, labs, and learning checks. These activities are designed to let you check your retention of the topics presented. It is important to note that the labs and learning checks are not meant to reveal any characteristics of the format or design of the final assessment. Instead, they
- 1.What must an investigator do in order to offer a good report to a court of law and ease the prosecution?
- A.
Prosecute the evidence
- B.
Obfuscate the evidence
- C.
Authorize the evidence
- D.
Preserve the evidence
- 2.Which of the following is NOT a legitimate authorizer of a search warrant?
- A.
Magistrate
- B.
Court of law
- C.
First responder
- D.
Concerned authority
- 3.Which of the following is TRUE regarding computer forensics?
- A.
Computer forensics deals with the monetary cost of finding evidence related to a crime to find the culprits and initiate legal action against them.
- B.
Computer forensics deals with the search for evidence related to a digital crime, but the forensics specialist does not need to be concerned about the legal admissibility of the evidence he or she finds.
- C.
Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them.
- D.
Computer forensics deals only with the process of finding evidence related to a digital crime and does not try to estimate the monetary damages caused by that crime.
- 4.Which of the following is TRUE regarding Enterprise Theory of Investigation (ETI)?
- A.
It adopts an approach toward criminal activity as a criminal act.
- B.
It adopts a holistic approach toward any criminal activity as a criminal operation rather than as a single criminal activity.
- C.
It differs from traditional investigative methods and is less complex and less time- consuming.
- D.
It encourages reactive action on the structure of the criminal enterprise.
- 5.Which of the following is NOT an element of cybercrime?
- A.
Fast-paced speed
- B.
Smaller evidence in size
- C.
Anonymity through masquerading
- D.
Volatile evidence
- 6.Which of the following is TRUE of civil crimes?
- A.
The initial reporting of the evidence is generally informal.
- B.
Law enforcement agencies are responsible for collecting and analyzing evidence.
- C.
The standards of proof need to be very high.
- D.
A formal investigation report is required.
- 7.Which of the following is NOT a consideration during a cybercrime investigation?
- A.
Presentation of admissible evidence
- B.
Value or cost to the victim
- C.
Collection of clues and forensic evidence
- D.
Analysis of digital evidence
- 8.Which of the following should be considered before planning and evaluating the budget for the forensic investigation case?
- A.
Breakdown of costs into daily and annual expenditure
- B.
Current media coverage of high-profile computer crimes
- C.
Past success rate as a measure of value
- D.
Use of outdated, but trusted, technologies
- 9.Which of the following is NOT part of the Computer Forensics Investigation Methodology?
- A.
Secure the evidence.
- B.
Collect the evidence.
- C.
Destroy the evidence.
- D.
Assess the evidence.
- 10.Which of the following is NOT where potential evidence may be located?
- A.
Thumb drive
- B.
Digital camera
- C.
Smart card
- D.
Processor
- 11.Which of the following Federal Rules of Evidence governs proceedings in the courts of the United States?
- A.
Rule 105
- B.
Rule 102
- C.
Rule 103
- D.
Rule 101
- 12.Which of the following Federal Rules of Evidence contains Rulings on Evidence?
- A.
Rule 105
- B.
Rule 101
- C.
Rule 102
- D.
Rule 103
- 13.Which of the following is NOT a digital data storage type?
- A.
Magnetic storage devices
- B.
Optical storage devices
- C.
Flash memory devices
- D.
Quantum storage devices
- 14.Which of the following is NOT a type of flash-based memory?
- A.
Double-level cell (DLC)
- B.
Single-level cell (SLC)
- C.
Multi-level cell (MLC)
- D.
Triple-level cell (TLC)
- 15.Which of the following is unique to SSDs?
- A.
Spindle
- B.
NAND chips
- C.
Read/write heads
- D.
Platters
- 16.Which of the following is NOT used in the calculation of HDD density?
- A.
Area density
- B.
Bit density
- C.
Block density
- D.
Track density
- 17.Which of the following is the correct number of bytes reserved at the beginning of a CD-ROM for booting a computer?
- A.
16,384
- B.
32,768
- C.
512
- D.
256
- 18.Which of the following specifications is used as a standard to define the use of file systems on CD-ROM and DVD media?
- A.
ISO 9431
- B.
ISO 6990
- C.
ISO 1349
- D.
ISO 9660
- 19.Which of the following ISO 9660–compliant portions of a compact disc describes the location of the contiguous root directory similar to the super block of the UNIX file system?
- A.
The primary track sector
- B.
The secondary volume descriptor
- C.
The primary volume descriptor
- D.
The secondary track sector
- 20.Which field type refers to the volume descriptor as a primary?
- A.
Number 3
- B.
Number 1
- C.
Number 2
- D.
Number 0
- 21.Which field type refers to the volume descriptor as a partition descriptor?
- A.
Number 2
- B.
Number 0
- C.
Number 3
- D.
Number 1
- 22.Which field is the standard identifier set to CD001 for a CD-ROM compliant to the ISO 9660 standard?
- A.
Third
- B.
Fourth
- C.
Second
- D.
First
- 23.What partition holds the information regarding the operating system, system area, and other information required for booting?
- A.
Extended partition
- B.
Tertiary partition
- C.
Primary partition
- D.
Secondary partition
- 24.In MS-DOS and earlier versions of Microsoft Windows, which partition must be first and a primary partition?
- A.
(C:)
- B.
(B:)
- C.
(A:)
- D.
(D:)
- 25.Which of the following is a data structure situated at sector 1 in the volume boot record of a hard disk to explain the physical layout of a disk volume?
- A.
Boot Parameter Block (BPB)
- B.
BIOS Parameter Block (BPB)
- C.
Primary Sequential Sector (PSS)
- D.
Primary Reserved Sector (PRS)
- 26.MBR almost always refers to the partition sector of a disk also known as:
- A.
Primary Boot Record (PBR)
- B.
512-byte boot sector
- C.
256-byte boot sector
- D.
First Boot Record (FBR)
- 27.How large is the partition table structure that stores information about the partitions present on the hard disk?
- A.
32-bit
- B.
32-byte
- C.
64-bit
- D.
64-byte
- 28.Which of the following UNIX/Linux commands can be used to help back up and restore the MBR?
- A.
BB
- B.
FDISK
- C.
DD
- D.
CP
- 29.GUIDs are displayed as how many hexadecimal digits with groups separated by hyphens?
- A.
64
- B.
128
- C.
32
- D.
256
- 30.What is a standard partitioning scheme for hard disks and part of the Unified Extensible Firmware Interface (UEFI)?
- A.
UEFI Partition Table (UPT)
- B.
Universal Partition Table (UPT)
- C.
General Partition Table (GPT)
- D.
GUID Partition Table (GPT)
- 31.How many bytes is each logical block in GPT?
- A.
256
- B.
128
- C.
512
- D.
1,024
- 32.What is the last addressable block where negative addressing of the logical blocks starts from the end of the volume in GPT?
- A.
-255
- B.
-1
- C.
0
- D.
255
- 33.Which LBA stores the protective MBR?
- A.
LBA 2
- B.
LBA 3
- C.
LBA 0
- D.
LBA 1
- 34.In the GUID Partition Table, which Logical Block Address contains the Partition Entry Array?
- A.
LBA 2
- B.
LBA 0
- C.
LBA 3
- D.
LBA 1
- 35.Which LBA will be the first usable sector?
- A.
LBA 36
- B.
LBA 33
- C.
LBA 35
- D.
LBA 34
- 36.Which position does the protective MBR occupy in the GPT at Logical Block Address 0?
- A.
Second
- B.
First
- C.
Last
- D.
Third
- 37.Which of the following describes when a user plugs in a computer and starts it from a fully off condition?
- A.
Warm booting
- B.
Soft booting
- C.
Hot booting
- D.
Cold booting
- 38.What is the meaning of the acronym POST?
- A.
Power-on self-test
- B.
Power-off system-test
- C.
Power-on system-test
- D.
Power-off self-test
- 39.Which of the following Windows operating systems powers on and starts up using only the traditional BIOS-MBR method?
- A.
Windows 8
- B.
Windows 9
- C.
Windows XP
- D.
Windows 10
- 40.Which of the following Windows operating systems powers on and starts up using only the traditional BIOS-MBR method?
- A.
Windows 7
- B.
Windows 8
- C.
Windows 9
- D.
Windows 10
- 41.Which Windows operating system powers on and starts up using either the traditional BIOS-MBR method or the newer UEFI-GPT method?
- A.
Windows 10
- B.
Windows 7
- C.
Windows Vista
- D.
Windows XP
- 42.Which of the following is one of the five UEFI boot process phases?
- A.
PAI Phase
- B.
PEI Phase
- C.
BSD Phase
- D.
PIE Phase
- 43.Which of the following is one of the five UEFI boot process phases?
- A.
PAI Phase
- B.
PIE Phase
- C.
BDS Phase
- D.
BSD Phase
- 44.Which item describes the following UEFI boot process phase? (The phase of EFI consisting of initialization code the system executes after powering the system on, manages platform reset events, and sets the system state.)
- A.
BDS (Boot Device Selection) Phase
- B.
PEI (Pre-EFI Initialization) Phase
- C.
DXE (Driver Execution Environment) Phase
- D.
SEC (Security) Phase
- 45.Which item describes the UEFI boot process phase in which the majority of the initialization occurs?
- A.
PEI (Pre-EFI Initialization) Phase
- B.
DXE (Driver Execution Environment) Phase
- C.
BDS (Boot Device Selection) Phase
- D.
RT (Run Time) Phase
- 46.Which item describes the following UEFI boot process phase? (The phase of EFI consisting of clearing the UEFI program from memory, transferring the UEFI program to the OS, and updating the OS calls for the run time service using a small part of the memory.)
- A.
RT (Run Time) Phase
- B.
PEI (Pre-EFI Initialization) Phase
- C.
BDS (Boot Device Selection) Phase
- D.
DXE (Driver Execution Environment) Phase
- 47.Which cmdlet can investigators use in Windows PowerShell to parse GPTs of both types of hard disks, including the ones formatted with either UEFI or MBR?
- A.
Get-GPT
- B.
Get-MBR
- C.
Get-BootSector
- D.
Get-PartitionTable
- 48.Which of the following basic partitioning tools displays details about GPT partition tables in Windows OS?
- A.
DiskPart
- B.
Gparted
- C.
Disk Utility
- D.
Fdisk
- 49.Which of the following basic partitioning tools displays details about GPT partition tables in Linux OS?
- A.
Fdisk
- B.
GNU Parted
- C.
Disk Utility
- D.
DiskPart
- 50.On Macintosh computers, which architecture utilizes EFI to initialize the hardware interfaces after the BootROM performs POST?
- A.
PowerPC
- B.
Intel
- C.
SPARC
- D.
ARM
Back to top