IP Address Of A Remote Computer Trivia Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Catherine Halcomb
C
Catherine Halcomb
Community Contributor
Quizzes Created: 1428 | Total Attempts: 5,897,934
Questions: 316 | Attempts: 188

SettingsSettingsSettings
IP Address Quizzes & Trivia

Questions and Answers
  • 1. 

    Exchange server email header information is located here.

    • A.

      PRIV.STM

    • B.

      PRIV.EDB

    • C.

      PUB.EDB

    • D.

      PRIB.EDB

    Correct Answer
    B. PRIV.EDB
    Explanation
    (Chapter 12) The PRIV.EDB file contains the message headers, message text, and standard attachments. PRIV.STM is for streaming MIME content (video, audio, etc...). PUB.EDB is a database file that stores hierarchies. PRIB.EDB is made up and is incorrect.

    Rate this question:

  • 2. 

    UTC stands for:

    • A.

      Universal Coordinate Tasks

    • B.

      Coordinated Universal Time

    • C.

      Coordinated User Time

    • D.

      Universal Computer Time

    Correct Answer
    B. Coordinated Universal Time
    Explanation
    (Chapter 6): UTC stands for Coordinated Universal Time. The other choices are made up answers.

    Rate this question:

  • 3. 

    The forensic investigator uses this command to see what sessions are open.

    • A.

      Net session 

    • B.

      Net open

    • C.

      Net run

    • D.

      Net sessioning

    • E.

      Option 5

    Correct Answer
    A. Net session 
    Explanation
    (Chapter 8): The net session command can be used to verify users with open sessions and to see all open sessions.

    Rate this question:

  • 4. 

    This is a type of anti-forensic technique with malware.

    • A.

      Packing

    • B.

      Vacationing

    • C.

      $Rxyte provisioning

    • D.

      Static analysis

    Correct Answer
    A. Packing
    Explanation
    (Chapter 5 and Chapter 11): Many attackers use a packer to try and prevent forensic analysis of the malware. Static analysis is a form of malware analysis. The other two choices are made up and are incorrect.

    Rate this question:

  • 5. 

    This does not use OLE.

    • A.

      Word

    • B.

      Excel

    • C.

      PDF

    • D.

      MS Office

    Correct Answer
    C. PDF
    Explanation
    (Chapter 3): OLE (Object Linking and Embedding) is not used in PDF, but is used in Microsoft Office applications, specifically Word and Excel.

    Rate this question:

  • 6. 

    This verifies the file system integrity of a volume, fixes logical file system errors, and is similar to the fsck command in unix.

    • A.

      RegEdit

    • B.

      CHKDSK

    • C.

      Disk Integrity

    • D.

      Lsck

    Correct Answer
    B. CHKDSK
    Explanation
    (Chapter 3): CHKDSK verifies the file system integrity of a volume, fixes logical file system errors, and is similar to the fsck command in Unix. RegEdit (Registry Editor) is used to load registry hives. lsck is made up as is Disk Integrity.

    Rate this question:

  • 7. 

    The investigator is looking to detect something after the incident has ended.

    • A.

      Real-time analysis

    • B.

      Post-trial analysis

    • C.

      Post-mortem analysis

    • D.

      After-action anaylsis

    Correct Answer
    C. Post-mortem analysis
    Explanation
    (Chapter 7): Investigators perform post-mortem analysis after an incident has already occurred. Real-Time analysis is used while an incident is taking place, so there can be an immediate response. Post-trial and After-action are not mentioned in the ECC text.

    Rate this question:

  • 8. 

    A hacker commits a DDoS attack against a specific IP address of a company's Web server. This is considered what type of attack?

    • A.

      APT attack

    • B.

      Network attack

    • C.

      Web application attack

    • D.

      Ids attack

    Correct Answer
    B. Network attack
    Explanation
    (Chapter 7 and 8): The attack is against a specific IP address and is not exploiting an application vulnerability (notice it shows Web application attack in the other answer), so it would fall under the realm of a network attack. The DDoS attack may also be affecting an IDS, but that is not the true target of the attack described. It could be an APT (Advanced Persistent Threat) group performing the attack, but it could also just be a simple teenager.

    Rate this question:

  • 9. 

    What file type is this? FF D8 FF E1

    • A.

      BMP

    • B.

      JPEG

    • C.

      GIF

    • D.

      PNG

    Correct Answer
    B. JPEG
    Explanation
    (Chapter 3): The FF D8 FF is the hex format for JPEG files. BMP starts with 42 4d. GIF starts with 47 49 46. PNG starts with 89 50 4e.

    Rate this question:

  • 10. 

    This tasklist command specifies the name or IP address of a remote computer.

    • A.

      /v

    • B.

      /s

    • C.

      /u

    • D.

      /r

    Correct Answer
    B. /s
    Explanation
    (Chapter 6): The /s command specifies the name or IP address of a remote computer. The /v specifies that verbose task information be displayed in the output. The /u command runs the command with the account permissions of the specified user. The /r command is made up.

    Rate this question:

  • 11. 

    You can use this to see the last access time change for win10

    • A.

      Devcon

    • B.

      Fsutil

    • C.

      Wmic service

    • D.

      Reg.exe

    • E.

      Option 5

    Correct Answer
    B. Fsutil
    Explanation
    (Chapter 6): fsutil can be used to see the last access time change for Windows 10. reg.exe is Window's Console Registry Tool. WMIC stands for Windows Management Instrumentation Command-line, "wmic service" is not valid. devcon (devcon.exe) is a command used in Windows to see details about connected devices.

    Rate this question:

  • 12. 

    This displays all commands stored in memory.

    • A.

      Memory key command

    • B.

      Doskey history

    • C.

      -l display

    • D.

      Regedit

    Correct Answer
    B. Doskey history
    Explanation
    (Chapter 6): The doskey history displays all commands stored in memory. Regedit is used to edit the System Registry. The memory key command and -l display are made up.

    Rate this question:

  • 13. 

    GIF has how many bits per pixel

    • A.

      16

    • B.

      24

    • C.

      8

    • D.

      32

    Correct Answer
    C. 8
    Explanation
    (Chapter 3): GIF has 8 bits per pixel and 256 colors per frame.

    Rate this question:

  • 14. 

    Jv16 tool is used for

    • A.

      Malware reversing

    • B.

      Dynamic analysis

    • C.

      Registry

    • D.

      Bit-to-bit mapping

    Correct Answer
    C. Registry
    Explanation
    (Chapter 11): jv16 is a registry tool. It is not used for malware analysis or reversing, and also is not used to make bit copies. Remember that it is not used for malware for your CHFI exam.

    Rate this question:

  • 15. 

    You can detect Trojans with which of the following?

    • A.

      Tripwire

    • B.

      Capsa

    • C.

      Belkasoft RAM Cap

    • D.

      Regshot

    Correct Answer
    B. Capsa
    Explanation
    (Chapter 11): Capsa can be used to detect Trojans. Tripwire is for file integrity, Belkasoft RAM Capturer is self-explanatory, and Regshot monitors registry changes.

    Rate this question:

  • 16. 

    A web analytics solution for small and medium sized websites.

    • A.

      Clickfunnels

    • B.

      Deep Log Analyzer

    • C.

      XRY log

    • D.

      LAN Who

    Correct Answer
    B. Deep Log Analyzer
    Explanation
    (Chapter 8): The Deep Log Analyzer is a web analytics solution for small and medium sized websites. XRY Log is used for mobile device extraction. Clickfunnels is a software used to build sales funnels. LAN Who is made up. There is a LAN Whois, but this is not listed and is not a web analytics solution.

    Rate this question:

  • 17. 

    This contains the manufacturer's information

    • A.

      ICCID

    • B.

      ESN

    • C.

      EIR

    • D.

      IMSI

    Correct Answer
    B. ESN
    Explanation
    (Chapter 13): The ESN (Electronic Serial Number) has the manufacturer’s code. ICCID (Integrated Circuit Card Identifier) is printed on the SIM to identify the SIM internationally. EIR is made up. IMSI (International Mobile Subscriber Identity) defines the subscriber in the wireless world, including the country and mobile network that the subscriber belongs to.

    Rate this question:

  • 18. 

    You can view DBX files in:

    • A.

      Adobe Acrobat Reader

    • B.

      Thunderbird

    • C.

      MS Outlook Express

    • D.

      Thundercats

    Correct Answer
    C. MS Outlook Express
    Explanation
    (Chapter 12): DBX files are viewed with Microsoft Outlook Express. Adobe Acrobat Reader is PDF. Thundercats was a cartoon in the 1980's. Thunderbird does not open DBX files.

    Rate this question:

  • 19. 

    When a FAT file is deleted, what is placed at the front?

    • A.

      ELH

    • B.

      E5H

    • C.

      EH5

    • D.

      ESH

    Correct Answer
    B. E5H
    Explanation
    (Chapter 5): E5H is put at the front of a deleted FAT file. The other answers are incorrect because they do not contain the correct sequence.

    Rate this question:

  • 20. 

    This can do data acquisition and duplication.

    • A.

      Capsa

    • B.

      Drivespy

    • C.

      Wireshark

    • D.

      Xplico

    Correct Answer
    B. Drivespy
    Explanation
    (Chapter 4): Drivespy can do data acquisition and duplication. Wireshark is for network sniffing. Capsa is a network analyzer and can detect Trojans. Xplico is a network forensics analysis tool.

    Rate this question:

  • 21. 

    A deleted file in the Recycle Bin is named RIYH6VR.doc. This tells us:

    • A.

      The file was deleted from the Y drive in the 6th order

    • B.

      The deleted file is a document file

    • C.

      The file was deleted with Recuva

    • D.

      None of the above

    Correct Answer
    B. The deleted file is a document file
    Explanation
    (Chapter 5): We can infer that this is a document file, based on the extension of .doc. Recuva does not leave a particular file name when performing recovery. The other answers do not make sense, since we do not see Dy5, which indicate a file deleted form the Y drive in the 6th order, and since we know this is a document file.

    Rate this question:

  • 22. 

    This is an IDS:

    • A.

      Kismet

    • B.

      Snort

    • C.

      Accountix Pro

    • D.

      Nikto 1000

    Correct Answer
    B. Snort
    Explanation
    (Chapter 8): Snort is a popular IDS. Kismet is for wireless sniffing. Accountix Pro and Nikto 1000 are made up and are incorrect.

    Rate this question:

  • 23. 

    The $l file contains all of the following EXCEPT:

    • A.

      The original file size

    • B.

      The date the file was sent to the recycle bin

    • C.

      The length of the files as 344 bytes long

    • D.

      The original file path

    Correct Answer
    C. The length of the files as 344 bytes long
    Explanation
    (Chapter 5): The $I file is 544 bytes long. In Windows 7 and Vista, when a file is deleted, it is renamed $R, followed by random characters, then the file extension. At the same time, a $I file is created that contains the same random characters and the same file extension.

    Rate this question:

  • 24. 

    This has journaling:

    • A.

      Ext1

    • B.

      NTFS

    • C.

      FAT

    • D.

      FAT32

    Correct Answer
    B. NTFS
    Explanation
    (Chapter 3): NTFS is the only answer here that offers journaling. EXT3 offers journaling, not EXT1. FAT and FAT32 also do not offer journaling.

    Rate this question:

  • 25. 

    A small law firm suspects an incident, where there was potential criminal action, and wants to investigate themselves.  Why should they avoid doing so? (choose the best answer)

    • A.

      Law firms should not perform digital forensic investigations

    • B.

      They may alter the date or timestamp information of the evidence

    • C.

      They can prosecute the attack

    • D.

      They have a conflict of interest, since they are involved in real estate law

    Correct Answer
    B. They may alter the date or timestamp information of the evidence
    Explanation
    (Chapter 2): The law firm may alter the data, so it will then be inadmissible in a criminal case.

    Rate this question:

  • 26. 

    This is part of Metasploit that can be used to hide data in the slack space of FAT and NTFS

    • A.

      RuneFS

    • B.

      Slacker

    • C.

      FragFS

    • D.

      WaffenFS

    Correct Answer
    B. Slacker
    Explanation
    (Note: the only Metasploit tool mentioned in the ECC official material is Timestomp-- used to change the timestamp, mentioned in Chapter 5, but you will likely see Slacker mentioned on the exam. Welcome to ECC exams): Slacker is the tool in Metasploit that will hide data in the slack space of FAT or NTFS file systems, WaffenFS stores data in the EXT3 journal file, FragFS hides data within the NTFS Master file table, RuneFS stores data in bad blocks.

    Rate this question:

  • 27. 

    The attorney that calls the witness to the stand is asking the questions

    • A.

      Cross-examination

    • B.

      Direct examination

    • C.

      Deposition

    • D.

      Expert testimony

    Correct Answer
    B. Direct examination
    Explanation
    (Chapter 14): Direct examination occurs, when the attorney that calls the witness to the stand is asking the questions. Cross-Examination is when the attorney that did not call the witness to the stand is asking the questions. Deposition is not a form of asking questions of a witness. Expert testimony involves direct and cross examination, but is not the definition described in the question.

    Rate this question:

  • 28. 

    The first __ bits of the ESN is the manufacturer's code

    • A.

      32

    • B.

      8

    • C.

      16

    • D.

      24

    Correct Answer
    B. 8
    Explanation
    (Chapter 13): The first 8 bits of the ESN is the manufacturer’s code. The other answers are made up and are incorrect.

    Rate this question:

  • 29. 

    The linux bootloader is active in this stage

    • A.

      Kernel stage

    • B.

      Bootloader stage

    • C.

      Bios stage

    • D.

      Gluc stage

    Correct Answer
    B. Bootloader stage
    Explanation
    (Chapter 3): The Linux bootloader (LILO and GRUB) are active in the Bootloader stage as these load the Kernel. GLUC is not a stage of the Linux boot process.

    Rate this question:

  • 30. 

    This tool is used to open registry hives

    • A.

      MySQLlog Editor

    • B.

      Registry Editor

    • C.

      Reg_HIV OpenPS

    • D.

      Hiveopener 3000

    Correct Answer
    B. Registry Editor
    Explanation
    (Chapter 5): Registry Editor is used to open registry hives (hives start with HKEY..). The other answers are made up and are incorrect.

    Rate this question:

  • 31. 

    This is the default folder path used for syncing files in Dropbox

    • A.

      C:\Users\$user\Dropbox

    • B.

      C:\Users\Dropbox\sync.config

    • C.

      C:\Dropbox\Client\sync

    • D.

      C:\Users\Admin\sync\Dropbox\Client

    Correct Answer
    A. C:\Users\$user\Dropbox
    Explanation
    Chapter 10: The other answers are made up.

    Rate this question:

  • 32. 

    These files are located within an instance (n) of Dropbox folder in AppData of the user's profile

    • A.

      Executables

    • B.

      Configuration

    • C.

      User files

    • D.

      N-instance files

    Correct Answer
    B. Configuration
    Explanation
    Chapter 10: configuration files are correct. No other files listed are located within the instance.

    Rate this question:

  • 33. 

    This contains executables, libraries, Program Files, LiNK files, links of user profiles, and application shortcuts in Dropbox.

    • A.

      Google Client

    • B.

      Dropbox.dbl

    • C.

      Dropbox Client

    • D.

      Program File

    Correct Answer
    C. Dropbox Client
    Explanation
    Chapter 10: Dropbox Client is correct. The question asks about Dropbox, so the Google Client answer is obviously incorrect. Dropbox.dbl is made up and Program File is also incorrect.

    Rate this question:

  • 34. 

    Dropbox Client path:

    • A.

      C:\Program Files(x86)\Dropbox\Client

    • B.

      C:\Program Files\Dropbox\Client

    • C.

      C:\Dropbox\Client

    • D.

      C:\Dropbox\Client\Config

    Correct Answer
    A. C:\Program Files(x86)\Dropbox\Client
    Explanation
    Chapter 10: The other paths are made up.

    Rate this question:

  • 35. 

    These store information of files synced ot the cloud using Dropbox.

    • A.

      Store.db and dropbox.db

    • B.

      Store.dbx and dropbox.dbx

    • C.

      Filecache.dbx and config.dbx

    • D.

      Config.dbx and Filesystem.dbx

    Correct Answer
    C. Filecache.dbx and config.dbx
    Explanation
    Chapter 10: While config.dbx is correct Filesystem.dbx is not. The other answers are made up.

    Rate this question:

  • 36. 

    The default Google Drive installation location in win10 OS

    • A.

      C:\Program Files (x86)\Google\Drive

    • B.

      C:\Program Files(x64)\Google Driver

    • C.

      C:\Progarm Files\System32\Google Drive

    • D.

      C:\Program Files (x86)\Google\Drive\Config

    Correct Answer
    A. C:\Program Files (x86)\Google\Drive
    Explanation
    Chapter 10: The other answers are made up paths.

    Rate this question:

  • 37. 

    These are saved in the installation folder in the user profile for Google Drive

    • A.

      Backup files

    • B.

      Configuration files

    • C.

      Log files

    • D.

      Image files

    Correct Answer
    B. Configuration files
    Explanation
    Chapter 10: Configuration files is correct. The other files are not saved in the installation folder.

    Rate this question:

  • 38. 

    Google Drive Configuration files are stored at this path:

    • A.

      C:\Google\Drive\User\Default

    • B.

      C:\Google Drive\<user default>

    • C.

      C:\Users\<username>\AppData\Local\Google\Drive\user_default

    • D.

      C:\Users\AppData\Local\Google Drive\user

    Correct Answer
    C. C:\Users\<username>\AppData\Local\Google\Drive\user_default
    Explanation
    Chapter 10: The other answers are made up.

    Rate this question:

  • 39. 

    This contains the Google Drive version, the local sync root path, and user's email address

    • A.

      Snapshot.db

    • B.

      Sync_config.db

    • C.

      Sync_config.db

    • D.

      Config.db

    Correct Answer
    C. Sync_config.db
    Explanation
    Chapter 10: Sync_config.db is correct. The sync_config.db stores details about local entry and cloud entry along with snapshot.db. config.db is made up.

    Rate this question:

  • 40. 

    The installation of Google Drive Client Version in Windows 10 creates this (choose the best answer):

    • A.

      Problems

    • B.

      Sync_log.log

    • C.

      Config.exe

    • D.

      Gd.exe

    Correct Answer
    B. Sync_log.log
    Explanation
    Chapter 10: The Sync_log.log file is created. This file contains information about the client sync session. Problems is wrong for obvious reasons. The other two answers are made up.

    Rate this question:

  • 41. 

    RAPID IMAGE 7020 X2 is designed to copy how many “Master” hard drives?

    • A.

      Two

    • B.

      One

    • C.

      Three

    • D.

      Unlimited

    • E.

      Option 5

    Correct Answer
    B. One
    Explanation
    (Chapter 2 and Chapter 4-- both have the same information): RAPID IMAGE 7020 X2 is designed to copy 1 Master hard drive and up to 19 Target hard drives. The other answers are incorrect, based on Chapter 2 of the EC-Council material.

    Rate this question:

  • 42. 

    This rule covers limited admissibility

    • A.

      Rule 401

    • B.

      Rule 402

    • C.

      Rule 105

    • D.

      Rule 103

    Correct Answer
    C. Rule 105
    Explanation
    (Chapter 1): Rule 105 covers limited admissibility. Rule 402 covers the general admissibility of relevant evidence. Rule 103 is for the rulings on evidence. Rule 401 is not mentioned in the ECC text.

    Rate this question:

  • 43. 

    Which one do you like?Max has arrived on scene and sees that the computer is turned on.  His first step should be to (choose the best answer):``

    • A.

      Power off the computer to preserve evidence

    • B.

      Leave the computer on, but look at task manager to see if any programs are running

    • C.

      Photograph the current computer state

    • D.

      Perform a bit by bit copy of the drive

    Correct Answer
    C. Photograph the current computer state
    Explanation
    (Chapter 2): The computer must be photographed to show its state before evidence is gathered. Powering off the computer is not the answer, since if the computer is on, we always leave it on. The other answers are incorrect because they are later steps in the investigation.

    Rate this question:

  • 44. 

    Samuel has completed static analysis of a new malware strain.  He is now going to perform dynamic analysis.  Which tool can he use to monitor for installations, while performing dynamic analysis?

    • A.

      Jv16

    • B.

      Sysanalyzer

    • C.

      Data recovery pro

    • D.

      Stellar phoenix

    Correct Answer
    B. Sysanalyzer
    Explanation
    (Chapter 11): SysAnalyzer is used for dynamic malware analysis, specifically for monitoring installations, like Comodo Program Manager also does. jv16 is used for Registry. You want to know that for your exam. Data Recovery Pro and Stellar Phoenix are used for file recovery and not malware analysis.

    Rate this question:

  • 45. 

    This tool displays details about GPT partition tables in Mac OS

    • A.

      VFS Rider

    • B.

      DiskDrill

    • C.

      File Salvage

    • D.

      Disk Utility

    • E.

      Option 5

    Correct Answer
    D. Disk Utility
    Explanation
    (chapter 3): Disk Utility is the only selection that displays details about partition tables in Mac. VFS Rider is a made up tool. DiskDrill can recover from corrupted memory cards. File Salvage is also a Mac tool, but is used for file recovery.

    Rate this question:

  • 46. 

    Nasir is needing to recover lost data from RAID. He knows that this tool will be needed.

    • A.

      Total Recall

    • B.

      DiskDigger

    • C.

      Advanced Disk Recovery

    • D.

      Comodo Programs Manager

    Correct Answer
    A. Total Recall
    Explanation
    (Chapter 5): Total Recall is used for RAID. Comodo Programs Manager is used for dynamic malware analysis. DiskDigger offers thumbnail previews of recovered files. Advanced Disk Recovery offers the Quick and Deep scans.

    Rate this question:

  • 47. 

    Jennifer is an investigator with the FBI. She is performing dynamic analysis on malware and wants to know the dependencies. What tool should she use?

    • A.

      Jv16 power tools

    • B.

      Xplico

    • C.

      Dependency walker

    • D.

      Dependency crawler

    Correct Answer
    C. Dependency walker
    Explanation
    (Chapter 11): Dependency Walker is the correct answer. Dependency Crawler is made up. jv16 is used for Registry. Xplico is a network forensics analysis tool.

    Rate this question:

  • 48. 

    Which wondows version can use uefi-gpt or bios-mbr

    • A.

      Xp

    • B.

      10

    • C.

      7

    • D.

      95

    Correct Answer
    B. 10
    Explanation
    (Chapter 3): Windows 8 and later boot with either UEFI-GPT or BIOS-MBR. Windows XP, Vista, and 7 boot with BIOS-MBR.

    Rate this question:

  • 49. 

    This tool can recover deleted files emptied from the Recycle Bin, or lost because of the formatting/corruption of a hard drive, virus or Trojan infection, and unexpected system shutdowns.

    • A.

      File Salvage

    • B.

      DiskDigger

    • C.

      Recover My Files

    • D.

      Recuva

    Correct Answer
    C. Recover My Files
    Explanation
    (Chapter 2): Recover My files is correct. File Salvage is a Mac Tool. DiskDigger recovers from hard drives, memory cards, and USB. Recuva offers the Advanced Deep Scan.

    Rate this question:

  • 50. 

    David is looking for a tool that contains an ISO image, so he can burn a bootable CD. What tool is he looking for?

    • A.

      CD Boot

    • B.

      Active@ File Recovery

    • C.

      Pandora Recovery

    • D.

      Data Rescue 4

    Correct Answer
    B. Active@ File Recovery
    Explanation
    (Chapter 5): Active@ File Recovery is the only answer here that contains a CD/DVD ISO image that allows you to burn a bootable CD.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 20, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 20, 2019
    Quiz Created by
    Catherine Halcomb
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.