IP Address Of A Remote Computer Trivia Quiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Catherine Halcomb
Catherine Halcomb
Community Contributor
Quizzes Created: 1443 | Total Attempts: 6,686,485
| Attempts: 215
SettingsSettings
Please wait...
  • 1/316 Questions

    The forensic investigator uses this command to see what sessions are open.

    • Net session 
    • Net open
    • Net run
    • Net sessioning
    • Option 5
Please wait...
About This Quiz

Explore the IP address of a remote computer through this trivia quiz, focusing on digital forensics. Assess your knowledge on server email headers, UTC, anti-forensic techniques, and system integrity commands. Ideal for learners interested in cybersecurity and forensic investigation.

IP Address Of A Remote Computer Trivia Quiz - Quiz

Quiz Preview

  • 2. 

    The investigator is looking to detect something after the incident has ended.

    • Real-time analysis

    • Post-trial analysis

    • Post-mortem analysis

    • After-action anaylsis

    Correct Answer
    A. Post-mortem analysis
    Explanation
    (Chapter 7): Investigators perform post-mortem analysis after an incident has already occurred. Real-Time analysis is used while an incident is taking place, so there can be an immediate response. Post-trial and After-action are not mentioned in the ECC text.

    Rate this question:

  • 3. 

    This displays all commands stored in memory.

    • Memory key command

    • Doskey history

    • -l display

    • Regedit

    Correct Answer
    A. Doskey history
    Explanation
    (Chapter 6): The doskey history displays all commands stored in memory. Regedit is used to edit the System Registry. The memory key command and -l display are made up.

    Rate this question:

  • 4. 

    The $l file contains all of the following EXCEPT:

    • The original file size

    • The date the file was sent to the recycle bin

    • The length of the files as 344 bytes long

    • The original file path

    Correct Answer
    A. The length of the files as 344 bytes long
    Explanation
    (Chapter 5): The $I file is 544 bytes long. In Windows 7 and Vista, when a file is deleted, it is renamed $R, followed by random characters, then the file extension. At the same time, a $I file is created that contains the same random characters and the same file extension.

    Rate this question:

  • 5. 

    The attorney that calls the witness to the stand is asking the questions

    • Cross-examination

    • Direct examination

    • Deposition

    • Expert testimony

    Correct Answer
    A. Direct examination
    Explanation
    (Chapter 14): Direct examination occurs, when the attorney that calls the witness to the stand is asking the questions. Cross-Examination is when the attorney that did not call the witness to the stand is asking the questions. Deposition is not a form of asking questions of a witness. Expert testimony involves direct and cross examination, but is not the definition described in the question.

    Rate this question:

  • 6. 

    Tanisha wants to recover files with their original file name.  She should use which of the following tools to accomplish this (choose the best answer)?

    • Data rescue 4

    • Stellar phoenix

    • Total recall

    • Quick recovery

    Correct Answer
    A. Stellar phoenix
    Explanation
    (Chapter 5): Stellar Phoenix recovers file with their original file name and supports RAW recovery on lost volumes. Total Recall is used for RAID. Data Rescue 4 recovers files form accidently re-formatted drives. Quick Recovery can recover encrypted files.

    Rate this question:

  • 7. 

    This tool can be used to display details about GPT partition tables in Mac OS.

    • Diskdigger

    • Recover my files

    • Windows super disk recovery

    • Disk utility

    Correct Answer
    A. Disk utility
    Explanation
    (Chapter 3): Disk Utility displays details about GPT partition tables in Mac OS. Recover My Files is used for file recovery, not GPT partition table data. DiskDigger offers file recovery and also offers thumbnail previews. Windows Super Disk Recovery is made up and the question asks about Mac OS, so this answer is incorrect.

    Rate this question:

  • 8. 

    Simple, sequential, flat files of a data set is called:

    • Blank format

    • Raw format

    • MBR format

    • First data format

    Correct Answer
    A. Raw format
    Explanation
    (Chapter 4): Raw format creates simple, sequential, flat files of a data set. The other formats stated are made up. MBR stands for Master Boot record, but it is not a flat file data set.

    Rate this question:

  • 9. 

    In this stage of the Linux boot process, information is retrieved from the CMOS chip.

    • Kernel

    • Bec

    • Bios

    • Bootloader

    Correct Answer
    A. Bios
    Explanation
    (chapter 3): In the BIOS stage, the BIOS retrieves information stored in the CMOS chip and performs a POST test. There is not a BEC stage. In the Bootloader stage, the kernel is loaded. In the Kernel stage, the Kernel mounts the actual root file system.

    Rate this question:

  • 10. 

    This approach monitors a computer and user's behavior for anomalies.

    • Bayesian coorelation

    • Access-control based

    • Role-based

    • Route-correlation

    Correct Answer
    A. Role-based
    Explanation
    (Chapter 7): A role-based approach monitors computer and user behavior for anomalies. route correlation extracts the attack route information to single out other attack data. Bayesian Correlation uses statistics and probability to predict the next steps of an attack. Access-control based is not a real option for event correlation and is incorrect.

    Rate this question:

  • 11. 

    Johnny has been with the DEA for 17 years.  He shows up on the scene and notices the suspect's computer is turned on.  After securing the scene, Johnny should:

    • Turn the computer off and unplug the power cords

    • Leave the computer on and document the scene

    • Turn the computer off and document the scene

    • Pull the power cord and place the computer in an anti-static box

    Correct Answer
    A. Leave the computer on and document the scene
    Explanation
    (Chapter 2): An investigator should not turn off a suspect's computer. The current state of the device should be documented. EC-Council hammers this hard in its official material. If a device is on leave it on. Turning off the device can destroy volatile evidence, which is why the other answers are wrong.

    Rate this question:

  • 12. 

    The zz in exhibit numbering stands for:

    • The investigator's initials

    • The data of the evidence collection

    • The date of evidence seizure

    • The sequence number for parts of the same exhibit

    Correct Answer
    A. The sequence number for parts of the same exhibit
    Explanation
    (Chapter 2): The "zz" refers to the sequence number for parts of the same exhibit. The investigator's initials are shown with aaa and dd/mm/yy is the date of evidence seizure/collection.

    Rate this question:

  • 13. 

    The Master Boot Record (MBR) starts at this sector.

    • Sector 8

    • Sector 1

    • Sector 0

    • Sector 32

    Correct Answer
    A. Sector 0
    Explanation
    (Chapter 3): The MBR refers to a hard disk's first sector, also called sector zero. This specifies the location of an operating system for the system to load into the main storage. Sector 1 is incorrect, since it is not the first sector of a hard disk and the other answers are made up.

    Rate this question:

  • 14. 

    Shamika is the VP of Technology at XYZ, Inc.  She suspects that her newest employee, David, may be using his work computer to look at child pornography.  What type of investigation(s) should be started?

    • Civil

    • Criminal and civil

    • Administrative and civil

    • Criminal and administrative

    Correct Answer
    A. Criminal and administrative
    Explanation
    (Chapter 1): David is using his work computer inappropriately, which would mean and Administrative investigation should be undertaken. David is also looking at child pornography, which is a crime and requires a criminal investigation.

    Rate this question:

  • 15. 

    An internal investigation, undertaken by an organization,  to determine if employees are following rules and/or policies is called.

    • Criminal

    • Frye

    • Administrative

    • Civil

    Correct Answer
    A. Administrative
    Explanation
    (Chapter 1): Administrative investigations involve an internal investigation, where the organization attempts to discover if employees are following rules/policies. Frye is the standard for scientific testimony. Criminal investigations are undertaken by law enforcement and Civil investigations are usually the result of some kind of IP theft or other non-employee related matter (though they can involve employees). The best answer here is Administrative.

    Rate this question:

  • 16. 

    This type of analysis is ongoing and returns simultaneously, so that attacks can be responded to immediately. 

    • Postmortem analysis

    • Real-Time analysis

    • Deceased analysis

    • Disk Removal analysis

    Correct Answer
    A. Real-Time analysis
    Explanation
    (Chapter 7): Real-Time analysis is correct. Postmortem analysis occurs after the incident has taken place. The other two answers are made up and are incorrect.

    Rate this question:

  • 17. 

    UTC stands for which of the following:

    • Universal Computing Time

    • Universal Computer Time

    • Coordinated Universal Time

    • Computer Universal Time

    Correct Answer
    A. Coordinated Universal Time
    Explanation
    (Chapter 6): UTC stands for Coordinated Universal Time. The other answer choices are made up.

    Rate this question:

  • 18. 

    Misuse of a work computer generally can lead to this type of investigation.

    • Civil

    • Administrative

    • Criminal

    • Criminal and Civil

    Correct Answer
    A. Administrative
    Explanation
    (Chapter 1): An employee misusing a work computer (i.e.- checking Facebook when it is against company policy) generally leads to an Administrative investigation. It could also lead to Civil and Criminal investigations, but the best answer, according to the ECC text, is Administrative.

    Rate this question:

  • 19. 

    This law subsection covers child pornography.

    • 1030

    • 123

    • 2252A

    • 476

    Correct Answer
    A. 2252A
    Explanation
    (Chapter 12): 18 USC §2252A covers child pornography. 1030 covers fraud and abuse using computers. 123 is made up as is 476.

    Rate this question:

  • 20. 

    This type of warrant is used to get records from service providers.

    • Super Warrant

    • Felony Warrant

    • Electronic storage device warrant

    • Service provider search warrant

    Correct Answer
    A. Service provider search warrant
    Explanation
    (Chapter 2): The service provider search warrant allows the investigator to obtain records from the service provider, including things like billing records and subscriber information. Electronic storage device warrant is used for the actual hardware. Felony and Super warrants do not apply to service providers, with Super warrant being made up.

    Rate this question:

  • 21. 

    This type of attack is a combination of both a brute force attack and dictionary attack.

    • Hybrid

    • Syllable

    • Rule-based

    • Dictionary

    Correct Answer
    A. Syllable
    Explanation
    (Chapter 5): A syllable attack is a combination of the brute force and dictionary attacks. The hybrid attack is based on the dictionary and brute force attacks. Rule-based is based on knowing something, like a birthday. Dictionary would not be a combination of itself and a brute force attack.

    Rate this question:

  • 22. 

    An investigator needs to jailbreak an iOS phone.

    • Yellow_Root

    • RedSn0w

    • Winter_Time 3000

    • King_Root

    Correct Answer
    A. RedSn0w
    Explanation
    (Chapter 13): RedSn0w is used to root iOS devices. One trick for your exam is anything with "root" in the name is usually for Android. That being said, the other answers in the question are made up.

    Rate this question:

  • 23. 

    This file system uses journaling.

    • HXS

    • FAT

    • UFS

    • NTFS

    Correct Answer
    A. NTFS
    Explanation
    (Chapter 3): NTFS (New Technology File System) uses journaling. FAT and UFS (Unix File System) do not offer this. HXS is made up and is incorrect.

    Rate this question:

  • 24. 

    The attorney that called the witness to the stand is asking the questions, this would be called:

    • Cross examination

    • Direct examination

    • Contempt of court

    • E Pluribus Unum

    Correct Answer
    A. Direct examination
    Explanation
    (Chapter 14): This would be considered direct examination. Cross-Examination is when the witness is questioned by the attorney that DID NOT call them to the stand. The other answers are made up.

    Rate this question:

  • 25. 

    This is the person initiating a lawsuit.

    • Defendant

    • Plaintiff

    • Judge

    • Respondent

    Correct Answer
    A. Plaintiff
    Explanation
    (Chapter 1): Plaintiff is correct. The defendant, as the name implies, is defended themselves from the lawsuit. They are also called the respondent. A judge could be a plaintiff in a lawsuit, but would not be known as the judge in the lawsuit, but rather as the plaintiff.

    Rate this question:

  • 26. 

    In a deposition, the following is true:

    • A judge is present 

    • A jury may be present

    • Both attorneys are present

    • Opposing counsel is not allowed to ask questions

    Correct Answer
    A. Both attorneys are present
    Explanation
    (Chapter 14): A deposition differs from a trial in that both attorneys are present.

    Rate this question:

  • 27. 

    This is used to perform a Quick Analysis of a crash dump file.

    • RegEdit

    • DumpChk

    • MBR

    • NBC 3000

    Correct Answer
    A. DumpChk
    Explanation
    (Chapter 6): DumpChk is correct. RegEdit is the registry editor. MBR is the Master Boot Record and this is not a tool. NBC 3000 is made up.

    Rate this question:

  • 28. 

    These are bootloaders for Linux.

    • LILO and STITCH

    • GRUB and HUBB

    • LILI and GRUB

    • LILO and GRUB

    Correct Answer
    A. LILO and GRUB
    Explanation
    (Chapter 3): Linux Loader (LILO) and Grand Unified Bootloader (GRUB) are correct. The other answers do not contain both of the bootloaders and are therefore incorrect.

    Rate this question:

  • 29. 

    Object Linking and Embedding is not used by:

    • Word

    • Excel

    • Office products

    • PDF

    Correct Answer
    A. PDF
    Explanation
    (Chapter 3): OLE (Object Linking and Embedding) is not used in PDF, but is used in Microsoft Office applications, specifically Word and Excel.

    Rate this question:

  • 30. 

    How can you find scheduled and unscheduled tasks on the local host?

    • Net local.host

    • Schtasks.exe

    • Find schtasks.exe

    • Use schtasks.exe

    Correct Answer
    A. Schtasks.exe
    Explanation
    (Chapter 8): schtasks.exe allows you to find scheduled and unscheduled tasks on the local host. The other commands are using made up syntax.

    Rate this question:

  • 31. 

    This Federal statute covers child pornography

    • 18 USC 2252A

    • 18 USC 2252B

    • Texas Penal Code 2281

    • 18 USC 20000AB

    Correct Answer
    A. 18 USC 2252A
    Explanation
    (Chapter 12): 18 USC §2252A covers child pornography. §2252B covers misleading domains. The Texas Penal Code answer and §20000AB are made up answers and are incorrect.

    Rate this question:

  • 32. 

    This person provides legal advice about the investigation and any potential legal issues in the forensic investigation process.

    • Photographer

    • Investigator

    • Attorney

    • Incident responder

    Correct Answer
    A. Attorney
    Explanation
    (Chapter 2): An attorney or legal adviser provides legal advice about the investigation and any potential legal issues. A photographer is helping to document evidence, the investigator is performing the actual investigation, and the Incident Responder is responding to the incident itself. With the statement of "legal advice," your focus should be on attorney.

    Rate this question:

  • 33. 

    GIF has how many bits per pixel

    • 16

    • 24

    • 8

    • 32

    Correct Answer
    A. 8
    Explanation
    (Chapter 3): GIF has 8 bits per pixel and 256 colors per frame.

    Rate this question:

  • 34. 

    In FAT, the first letter of the deleted file name is replaced with:

    • X5h

    • E5h

    • Esh

    • Exy

    Correct Answer
    A. E5h
    Explanation
    (Chapter 5): In FAT, the OS replaces the first letter of the deleted file name with E5H. The other answer choices are all made up and are incorrect.

    Rate this question:

  • 35. 

    Tasha is looking for the UEFI phase that involves clearing UEFI from memory.

    • Dxe

    • Sec

    • Rt

    • Bsd

    Correct Answer
    A. Rt
    Explanation
    (Chapter 3): The runtime (RT) phase is where UEFI is cleared from memory. The SEC (security) phase is where code is initialized. BSD is not a UEFI phase, but BDS is, so this answer is incorrect. DXE (Driver Execution Environment) contains HOBL and does not involve clearing the UEFI from memory.

    Rate this question:

  • 36. 

    A computer forensics lab should have windows all around the perimeter.

    • True

    • False

    • Option 3

    • Option 4

    Correct Answer
    A. False
    Explanation
    (Chapter 2): A CFL should not have any windows around the perimeter. Lab work areas should also contain 50-63 square feet per workstation. This is found in Chapter 2 of the official EC-Council material.

    Rate this question:

  • 37. 

    This rule governs proceedings in the courts of the United States.

    • Rule 101

    • Rule 103

    • Rule 493

    • Rule 622

    Correct Answer
    A. Rule 101
    Explanation
    (Chapter 1): Rule 101 governs proceedings in the courts of the United States. Rule 103 covers the Rulings on Evidence. Rule 493 and Rule 622 are just made up answers and are incorrect.

    Rate this question:

  • 38. 

    UTC stands for:

    • Universal Coordinate Tasks

    • Coordinated Universal Time

    • Coordinated User Time

    • Universal Computer Time

    Correct Answer
    A. Coordinated Universal Time
    Explanation
    (Chapter 6): UTC stands for Coordinated Universal Time. The other choices are made up answers.

    Rate this question:

  • 39. 

    This does not use OLE.

    • Word

    • Excel

    • PDF

    • MS Office

    Correct Answer
    A. PDF
    Explanation
    (Chapter 3): OLE (Object Linking and Embedding) is not used in PDF, but is used in Microsoft Office applications, specifically Word and Excel.

    Rate this question:

  • 40. 

    You can detect Trojans with which of the following?

    • Tripwire

    • Capsa

    • Belkasoft RAM Cap

    • Regshot

    Correct Answer
    A. Capsa
    Explanation
    (Chapter 11): Capsa can be used to detect Trojans. Tripwire is for file integrity, Belkasoft RAM Capturer is self-explanatory, and Regshot monitors registry changes.

    Rate this question:

  • 41. 

    This is an IDS:

    • Kismet

    • Snort

    • Accountix Pro

    • Nikto 1000

    Correct Answer
    A. Snort
    Explanation
    (Chapter 8): Snort is a popular IDS. Kismet is for wireless sniffing. Accountix Pro and Nikto 1000 are made up and are incorrect.

    Rate this question:

  • 42. 

    Google Drive Configuration files are stored at this path:

    • C:\Google\Drive\User\Default

    • C:\Google Drive\<user default>

    • C:\Users\<username>\AppData\Local\Google\Drive\user_default

    • C:\Users\AppData\Local\Google Drive\user

    Correct Answer
    A. C:\Users\<username>\AppData\Local\Google\Drive\user_default
    Explanation
    Chapter 10: The other answers are made up.

    Rate this question:

  • 43. 

    The installation of Google Drive Client Version in Windows 10 creates this (choose the best answer):

    • Problems

    • Sync_log.log

    • Config.exe

    • Gd.exe

    Correct Answer
    A. Sync_log.log
    Explanation
    Chapter 10: The Sync_log.log file is created. This file contains information about the client sync session. Problems is wrong for obvious reasons. The other two answers are made up.

    Rate this question:

  • 44. 

    This extracts data contained from an internet traffic capture

    • X data extract

    • Xplico

    • Sysanalyzer

    • Web syssol

    Correct Answer
    A. Xplico
    Explanation
    (Chapter 2): Xplico is a network forensics analysis tool that extracts this type of data. SysAnalyzer is for malware analysis. The other two answers are made up tools and are incorrect.

    Rate this question:

  • 45. 

    David needs a tool that contains an ISO image.  He knows that ______ offers this.

    • Diskdigger

    • Active@ file recovery

    • Recuva

    • Easeus

    Correct Answer
    A. Active@ file recovery
    Explanation
    (Chapter 5): Of the choices listed, only Active@ File Recovery offers the CD/DVD ISO image. DiskDigger offers the thumbnail previews. Recuva offers secure file deletion. EaseUS supports large hard disks.

    Rate this question:

  • 46. 

    When a file is deleted in FAT, the first letter of the deleted filename is changed to:

    • H5H

    • E5H

    • ESH

    • ESE

    Correct Answer
    A. E5H
    Explanation
    (Chapter 5): E5H is put at the front of a deleted FAT file. Memorize this as you will likely see it on your exam. The other answers are made up and are incorrect.

    Rate this question:

  • 47. 

    The nbtstat command can be used for:

    • Linux servers 

    • NBT servers

    • NetBIOS

    • Malware execution

    Correct Answer
    A. NetBIOS
    Explanation
    (Chapter 6 and Chapter 8): The best answer here is NetBIOS. NBT servers is made up. you could technically give a Linux machine a NetBIOS name by installing SAMBA, but this is not what the nbtstat command can be used for. Malware execution is not relevant to the nbtstat command and is also incorrect.

    Rate this question:

  • 48. 

    18 USC §1030 covers:

    • Child pornography

    • Malicious mischief

    • Misleading domain activity

    • Fraud and related activity in connection with computers

    Correct Answer
    A. Fraud and related activity in connection with computers
    Explanation
    (Chapter 2): 18 USC §1030 covers fraud and related activity in connection with computers. §2252A is child pornography. Malicious mischief is covered in §1361-1362. Misleading domains are covered under §2252B.

    Rate this question:

  • 49. 

    Sectors are how many bytes long.

    • 256

    • 512

    • 128

    • 32

    Correct Answer
    A. 512
    Explanation
    (Chapter 3): Sectors are the smallest physical storage units on a hard disk platter and are 512 bytes long. Newer format sectors are 8 of the 512 byte sectors and they make up one 4KB sector, which is more efficient. This is in Chapter 3 of the official EC-Council material.

    Rate this question:

Quiz Review Timeline (Updated): Oct 25, 2024 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Oct 25, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 20, 2019
    Quiz Created by
    Catherine Halcomb
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.