Windows Networking & Computer Fundamentals Exercises Solutions Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Tui
T
Tui
Community Contributor
Quizzes Created: 1 | Total Attempts: 527
Questions: 247 | Attempts: 528

SettingsSettingsSettings
Windows Networking & Computer Fundamentals Exercises Solutions Quiz - Quiz

Attempt this 'Windows Networking & Computer Fundamentals Exercises Solutions' quiz and evaluate yourself whether you're a true computer genius or not. This quiz covers almost every topic related to computers, including windows, the internet, networking, system drives, cyber security, and many more. If you consider yourself a true computer engineer or an expert when it comes to computers, you should really play the quiz and assess yourself. The test becomes tougher after every question. So, go ahead and try to score at least 75 percent! Good luck!


Questions and Answers
  • 1. 

    What does the acronym POST mean as it relates to a PC?

    • A.

      Primary Operations Short Test

    • B.

      PowerOn Self Test

    • C.

      Pre Operational Situation Test

    • D.

      Primary Operating System Test

    Correct Answer
    B. PowerOn Self Test
    Explanation
    The acronym POST stands for PowerOn Self Test. This test is performed by a computer when it is powered on to check if all the hardware components are functioning properly. It checks the memory, keyboard, hard drive, and other essential components. If any issues are detected during the POST, the computer may display error messages or emit beep codes to indicate the problem. The POST is an important diagnostic tool that helps identify hardware failures and ensures that the computer is in a good operational state before the operating system is loaded.

    Rate this question:

  • 2. 

    If you see the files ZerO.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

    • A.

      The system files have been copied by a remote attacker

    • B.

      The system administrator has created an incremental backup

    • C.

      The system has been compromised using a tOrnrootkit

    • D.

      Nothing in particular as these can be operational files

    Correct Answer
    D. Nothing in particular as these can be operational files
    Explanation
    The presence of the files ZerO.tar.gz and copy.tar.gz on a Linux system does not provide enough information to draw any conclusions. These files could be operational files used by the system, and their presence alone does not indicate any suspicious activity or compromise. Further investigation and analysis would be necessary to determine their purpose and if they pose any security risks.

    Rate this question:

  • 3. 

    Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step  of  the  investigation,  he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that  disappeared  upon execution. Now, he wants to examine the MIME stream content. Which of the following files is he going to examine?

    • A.

      PRIV.STM

    • B.

      Gwcheck.db

    • C.

      PRIV.EDB

    • D.

      PUB.EDB

    Correct Answer
    A. PRIV.STM
    Explanation
    Adam is investigating an attack on the Microsoft Exchange Server and has already examined the PRIV.EDB file to gather information. The PRIV.EDB file revealed the source of the email and the name of the file that disappeared upon execution. Now, Adam wants to examine the MIME stream content, which is stored in the PRIV.STM file. Therefore, he will examine the PRIV.STM file to further investigate the attack.

    Rate this question:

  • 4. 

    Which of the following files gives information about the client sync sessions in Google Drive on Windows?

    • A.

      Sync_log.log

    • B.

      Sync_log.log

    • C.

      Sync.log

    • D.

      Sync.log

    Correct Answer
    B. Sync_log.log
    Explanation
    The correct answer is "Sync_log.log" because the question is asking for a file that provides information about client sync sessions in Google Drive on Windows. The file name "Sync_log.log" suggests that it is a log file specifically for syncing activities, and the use of underscores and lowercase letters is consistent with file naming conventions on Windows.

    Rate this question:

  • 5. 

    How many possible sequence number combinations are there in TCP/IP protocol?

    • A.

      1 billion

    • B.

      320 billion

    • C.

      4 billion

    • D.

      32 million

    Correct Answer
    C. 4 billion
    Explanation
    The TCP/IP protocol uses a 32-bit sequence number field, which means there are 2^32 (4 billion) possible combinations. This allows for a large number of unique sequence numbers to be used in TCP/IP communication, ensuring reliable and ordered data transmission.

    Rate this question:

  • 6. 

    Which of the following technique creates a replica of an evidence media?

    • A.

      Data Extraction

    • B.

      Backup

    • C.

      Bit Stream Imaging

    • D.

      Data Deduplication

    Correct Answer
    C. Bit Stream Imaging
    Explanation
    Bit Stream Imaging is a technique that creates a complete and exact replica of an evidence media. It captures every bit and byte of data, including deleted and hidden files, as well as the file system structure. This ensures that the integrity of the original evidence is preserved, allowing for a thorough analysis without altering or damaging the original data. Backup, Data Extraction, and Data Deduplication do not create a complete replica of the evidence media, making Bit Stream Imaging the correct answer.

    Rate this question:

  • 7. 

    To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?

    • A.

      Computer Forensics Tools and Validation Committee (CFTVC)

    • B.

      Association of Computer Forensics Software Manufactures (ACFSM)

    • C.

      National Institute of Standards and Technology (NIST)

    • D.

      Society for Valid Forensics Tools and Testing (SVFTT)

    Correct Answer
    C. National Institute of Standards and Technology (NIST)
    Explanation
    The National Institute of Standards and Technology (NIST) is actively providing tools and creating procedures for testing and validating computer forensics software. This ensures that the evidence recovered and analyzed using the software can be admitted in court.

    Rate this question:

  • 8. 

    Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?

    • A.

      Net config

    • B.

      Net file

    • C.

      Net share

    • D.

      Net sessions

    Correct Answer
    B. Net file
    Explanation
    The correct answer is "Net file" because this command displays the names of all open shared files on a server and also provides information about the number of file locks on each file. This command is useful for monitoring file sharing and identifying any potential issues or conflicts with file access.

    Rate this question:

  • 9. 

    You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

    • A.

      Network

    • B.

      Transport

    • C.

      Data Link

    • D.

      Session

    Correct Answer
    A. Network
    Explanation
    While watching traffic to and from the router, you are monitoring at the Network layer of the OSI model. The Network layer is responsible for routing and forwarding data packets between different networks. By monitoring at this layer, you can analyze the network addresses, routing protocols, and other network-related information to gather evidence for the investigation of the alleged network intrusion.

    Rate this question:

  • 10. 

    Which of the following tools is not a data acquisition hardware tool?

    • A.

      UltraKit

    • B.

      Atola Insight Forensic

    • C.

      F-Response Imager

    • D.

      Triage-Responder

    Correct Answer
    C. F-Response Imager
    Explanation
    F-Response Imager is not a data acquisition hardware tool because it is a software tool used for remote forensic imaging and analysis. It allows investigators to acquire data from remote computers over a network connection, rather than physically connecting to the hardware. The other options, UltraKit, Atola Insight Forensic, and Triage-Responder, are all examples of data acquisition hardware tools that are used to physically connect to and acquire data from target devices.

    Rate this question:

  • 11. 

    You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

    • A.

      Polymorphic

    • B.

      Metamorphic

    • C.

      Oligomorhic

    • D.

      Transmorphic

    Correct Answer
    B. Metamorphic
    Explanation
    The type of virus being tested in this scenario is a metamorphic virus. This type of virus is able to rewrite its own code completely, changing its signatures from child to child while maintaining the same functionality. This makes it difficult for antivirus software to detect and block the virus, as the signatures keep changing.

    Rate this question:

  • 12. 

    Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM files on a computer. Where should Harold navigate on the computer to find the file?

    • A.

      %systemroot%\system32\LSA

    • B.

      %systemroot%\system32\drivers\etc

    • C.

      %systemroot%\repair

    • D.

      %systemroot%\LSA

    Correct Answer
    C. %systemroot%\repair
    Explanation
    Harold should navigate to the %systemroot%\repair directory on the computer to find the backup SAM files.

    Rate this question:

  • 13. 

    This ISO standard defines file systems and protocols for exchanging data between optical disks. What is it?

    • A.

      ISO 9660

    • B.

      ISO/IEC 13940

    • C.

      ISO 9060

    • D.

      IEC 3490

    Correct Answer
    A. ISO 9660
    Explanation
    ISO 9660 is the correct answer because it is an ISO standard that specifically defines file systems and protocols for exchanging data between optical disks. ISO/IEC 13940 and ISO 9060 are not relevant to this topic, and IEC 3490 is not an ISO standard.

    Rate this question:

  • 14. 

    The MD5 program is used to:

    • A.

      Wipe magnetic media before recycling it

    • B.

      Make directories on an evidence disk

    • C.

      View graphics files on an evidence drive

    • D.

      Verify that a disk is not altered when you examine it

    Correct Answer
    D. Verify that a disk is not altered when you examine it
    Explanation
    The MD5 program is used to verify that a disk is not altered when you examine it. MD5 (Message Digest Algorithm 5) is a widely used cryptographic hash function that produces a unique hash value for a given input. By comparing the hash value of a disk before and after examination, you can determine if any changes or alterations have been made to the disk. This is important for ensuring the integrity and authenticity of the evidence on the disk.

    Rate this question:

  • 15. 

    If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

    • A.

      The zombie will not send a response

    • B.

      31402

    • C.

      31399

    • D.

      31401

    Correct Answer
    D. 31401
    Explanation
    In IDLE scanning, the attacker's computer sends a series of SYN packets to the zombie computer on an open port. If the IPID of the attacker's computer is 31400, the zombie computer will respond with a SYN/ACK packet and increment the IPID by 1. Therefore, the response from the zombie computer will have an IPID of 31401.

    Rate this question:

  • 16. 

    Which of the following should a computer forensics lab used for investigations have?

    • A.

      Isolation

    • B.

      Restricted access

    • C.

      Open access

    • D.

      An entry log

    Correct Answer
    B. Restricted access
    Explanation
    A computer forensics lab should have restricted access to ensure the security and integrity of the investigations. This means that only authorized personnel should be allowed to enter the lab, minimizing the risk of tampering or unauthorized access to the evidence. Restricted access helps maintain the chain of custody and ensures that the evidence collected is admissible in court. It also helps protect the lab from potential threats or breaches that could compromise the investigations.

    Rate this question:

  • 17. 

    Sectors are pie-shaped regions on a hard disk that store data. Which of the following parts of a hard disk do not contribute in determining the addresses of data?

    • A.

      Sectors

    • B.

      Interface

    • C.

      Cylinder

    • D.

      Heads

    Correct Answer
    B. Interface
    Explanation
    The interface of a hard disk is responsible for connecting the hard disk to the computer system and facilitating communication between them. It does not play a role in determining the addresses of data stored on the hard disk. The addresses of data are determined by the combination of sectors, cylinders, and heads, which define the physical location of the data on the disk.

    Rate this question:

  • 18. 

    The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output? SI Administrator Command Prompt   -           □          X   03/10/2016 03:30 AH <DIR> migration 03/10/2016 03:32 AH 352,136 FNTCACHE.DAT 03/25/2016 08:09 pH 140,098 perfc009.dat 03/25/2016 08:09 pH 746,532 perfh009.dat 03/25/2016 08:09 pH 883,572 PerfStringBackup. Illi 04/06/2016 04:54 pH <DIR> Driverstore 04/13/2016 11:27 AH <DIR> catroot2 04/13/2016 12:33 pH 135,176,864 HRT.exe 04/13/2016 12:33 pH <DIR> HRT 04/14/2016 09:36 AH <DIR> config 04/14/2016 03:06 pH <OIR> drivers 04/14/2016 04:02 pH <OIR> 04/14/2016 04:02 pH <DIR> 04/14/2016 04:02 pH 324 pid.dump 04/14/2016 05:51 pH <OIR> sru 3866 File(s) 1,727,891,022 bytes ■ 116 Dir(s) 63,601,328,128 bytes free ■ C:\WINOOWS\system32>_ ____________ ___________________  

    • A.

      Dir/o:d

    • B.

      Dir /o:s

    • C.

      Dir/o:e

    • D.

      Dir/o:n

    Correct Answer
    A. Dir/o:d
    Explanation
    The investigator used the "dir/o:d" command to view this output. This command is used to list the files and directories in a directory in chronological order based on their date of installation.

    Rate this question:

  • 19. 

    Andie, a network administrator, suspects unusual network services running on a windows system. Which of the following commands should he use to verify unusual network services started on a Windows system?

    • A.

      Net serv

    • B.

      Netmgr

    • C.

      Lusrmgr

    • D.

      Net start

    Correct Answer
    D. Net start
    Explanation
    The correct answer is "net start". This command is used to display a list of running services on a Windows system. By using this command, Andie can verify if there are any unusual network services running on the system.

    Rate this question:

  • 20. 

    Why should you note all cable connections for a computer you want to seize as evidence?

    • A.

      To know what outside connections existed

    • B.

      In case other devices were connected

    • C.

      To know what peripheral devices exist

    • D.

      To know what hardware existed

    Correct Answer
    A. To know what outside connections existed
    Explanation
    When seizing a computer as evidence, it is important to note all cable connections in order to determine what outside connections existed. This information can be crucial for understanding the potential sources of data transfer or communication, such as external storage devices or network connections. It can also help identify any additional devices that may have been connected to the computer, providing a more comprehensive picture of the digital environment and potential evidence sources.

    Rate this question:

  • 21. 

    What stage of the incident handling process involves reporting events?

    • A.

      Containment

    • B.

      Follow-up

    • C.

      Identification

    • D.

      Recovery 

    Correct Answer
    C. Identification
    Explanation
    The stage of the incident handling process that involves reporting events is the "Identification" stage. This is the initial step where the incident is detected and recognized as an actual security event. Reporting events involves documenting and notifying the appropriate individuals or teams about the incident, providing them with the necessary information to begin the incident response process.

    Rate this question:

  • 22. 

    Which of the following is a MAC-based File Recovery Tool?

    • A.

      VirtualLab

    • B.

      GetDataBack

    • C.

      Cisdem DataRecovery 3

    • D.

      Smart Undeleter

    Correct Answer
    C. Cisdem DataRecovery 3
    Explanation
    Cisdem DataRecovery 3 is a MAC-based File Recovery Tool.

    Rate this question:

  • 23. 

    What does the superblock in Linux define?

    • A.

      Filesynames

    • B.

      Diskgeometr

    • C.

      Location of the firstinode

    • D.

      Available space

    Correct Answer
    C. Location of the firstinode
    Explanation
    The superblock in Linux defines the location of the first inode. The inode is a data structure that contains information about a file or directory, such as its permissions, size, and location on the disk. The superblock is a crucial part of the file system as it helps in locating the first inode, which is the starting point for accessing and managing files and directories in the file system.

    Rate this question:

  • 24. 

    With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches           .

    • A.

      0

    • B.

      10

    • C.

      100

    • D.

      1

    Correct Answer
    A. 0
    Explanation
    In the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches 0. The inode internal link count represents the number of hard links pointing to a particular file. When the link count reaches 0, it means that there are no more hard links pointing to the file, indicating that the file is no longer in use and can be safely deleted.

    Rate this question:

  • 25. 

    Chong-lee, a forensics executive, suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. What type of test would confirm his claim?

    • A.

      File fingerprinting

    • B.

      Identifying file obfuscation

    • C.

      Static analysis

    • D.

      Dynamic analysis

    Correct Answer
    A. File fingerprinting
    Explanation
    File fingerprinting would confirm Chong-lee's claim that a malware is continuously making copies of files and folders on the victim system to consume disk space. File fingerprinting involves generating unique hash values or signatures for each file, allowing for comparison and identification of duplicate files. By conducting file fingerprinting, Chong-lee can determine if there are multiple copies of the same files, supporting his suspicion of malware activity.

    Rate this question:

  • 26. 

    From the following spam mail header, identify the host IP that sent this spam? From [email protected] [email protected] Tue Nov 27 17:27:11 2001 Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id fAR9RAP23061 for; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT) Message-Id: >200111270926.fAR9QXwZ018431 @viruswall.ie.cuhk.edu.hk From: "china hotel web" To: "Shlam" Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0 Priority: 3 X-MSMail- Priority: Normal Reply-To: ' china hotel web"

    • A.

      137.189.96.52

    • B.

      8.12.1.0

    • C.

      203.218.39.20

    • D.

      203.218.39.50

    Correct Answer
    C. 203.218.39.20
    Explanation
    The spam mail header shows that the email was received from viruswall.ie.cuhk.edu.hk (137.189.96.52), which then received it from pcd249020.netvigator.com (203.218.39.20). Therefore, the host IP that sent this spam is 203.218.39.20.

    Rate this question:

  • 27. 

    Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

    • A.

      Fill the disk with zeros

    • B.

      Low-level format

    • C.

      Fill the disk with 4096 zeros

    • D.

      Copy files from the master disk to the slave disk on the secondary IDE controller

    Correct Answer
    A. Fill the disk with zeros
    Explanation
    The command "dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync" would fill the disk with zeros. This is achieved by using the input file "/dev/zero" which contains null bytes and writing it to the output file "/dev/hda" which represents the disk. The option "bs=4096" specifies the block size of 4096 bytes, and "conv=noerror, sync" ensures that any errors encountered during the process are ignored and the data is synchronized.

    Rate this question:

  • 28. 

    What is cold boot (hard boot)?

    • A.

      It is the process of restarting a computer that is already in sleep mode

    • B.

      It is the process of shutting down a computer from a powered-on or on state

    • C.

      It is the process of restarting a computer that is already turned on through the operating system

    • D.

      It is the process of starting a computer from a powered-down or off state

    Correct Answer
    D. It is the process of starting a computer from a powered-down or off state
    Explanation
    A cold boot, also known as a hard boot, refers to the process of starting a computer from a powered-down or off state. This means that the computer is completely shut down and then powered on again. It is different from restarting a computer that is already turned on through the operating system or restarting a computer that is in sleep mode. In a cold boot, the computer goes through the full startup process, including loading the operating system and initializing all hardware components.

    Rate this question:

  • 29. 

    Diskcopy is:

    • A.

      A utility by AccessData

    • B.

      A standard MS-DOS command

    • C.

      Digital Intelligence utility

    • D.

      Dd copying tool

    Correct Answer
    B. A standard MS-DOS command
    Explanation
    Diskcopy is a standard MS-DOS command. MS-DOS is an operating system developed by Microsoft for IBM-compatible personal computers. The diskcopy command is used to make a copy of an entire floppy disk onto another floppy disk. It is a built-in utility in MS-DOS and does not require any additional software or tools.

    Rate this question:

  • 30. 

    The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block?

    • A.

      512 bits

    • B.

      512 bytes

    • C.

      256 bits

    • D.

      256 bytes

    Correct Answer
    B. 512 bytes
    Explanation
    The size of each block on a hard disk is 512 bytes. This means that each partition within a track on the surface of the hard disk is divided into blocks, with each block being 512 bytes in size.

    Rate this question:

  • 31. 

    In Linux, what is the smallest possible shellcode?

    • A.

      24 bytes

    • B.

      8 bytes

    • C.

      800 bytes

    • D.

      80 bytes

    Correct Answer
    A. 24 bytes
    Explanation
    The smallest possible shellcode in Linux is 24 bytes. Shellcode is a small piece of code that is used to exploit vulnerabilities and execute arbitrary commands. In Linux, shellcode is typically written in assembly language and injected into a program to gain unauthorized access or perform malicious actions. The size of shellcode is important because it needs to fit within the memory space allocated for the exploit. The smaller the shellcode, the more likely it is to succeed in exploiting a vulnerability without being detected. Therefore, the smallest possible shellcode is preferred for stealthy attacks.

    Rate this question:

  • 32. 

    A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

    • A.

      Searching for evidence themselves would not have any ill effects

    • B.

      Searching could possibly crash the machine or device

    • C.

      Searching creates cache files, which would hinder the investigation

    • D.

      Searching can change date/time stamps

    Correct Answer
    D. Searching can change date/time stamps
    Explanation
    Searching can change date/time stamps. When searching for evidence of a breach, it is important to preserve the integrity of the data. Searching can potentially alter the date/time stamps associated with the files and make it difficult to establish a timeline of events. This can hinder the investigation and make it harder to determine the extent of the breach and the actions taken by the hacker. It is recommended to involve professionals with expertise in digital forensics to ensure that the investigation is conducted properly and the evidence is preserved accurately.

    Rate this question:

  • 33. 

    Which among the following search warrants allows the first responder to get the victim’s computer information such as service records, billing records, and subscriber information from the service provider?

    • A.

      Citizen Informant Search Warrant

    • B.

      Electronic Storage Device Search Warrant

    • C.

      John Doe Search Warrant

    • D.

      Service Provider Search Warrant 

    Correct Answer
    B. Electronic Storage Device Search Warrant
    Explanation
    An Electronic Storage Device Search Warrant allows the first responder to obtain the victim's computer information from the service provider. This warrant specifically authorizes the search and seizure of electronic storage devices, such as computers, to collect evidence related to a crime. It enables the first responder to access the victim's service records, billing records, and subscriber information, which can be crucial in the investigation process. The other search warrants mentioned in the options do not specifically pertain to obtaining computer information from a service provider.

    Rate this question:

  • 34. 

    Which of the following is a responsibility of the first responder?

    • A.

      Determine the severity of the incident

    • B.

      Collect as much information about the incident as possible

    • C.

      Share the collected information to determine the root cause

    • D.

      Document the findings

    Correct Answer
    B. Collect as much information about the incident as possible
    Explanation
    The responsibility of the first responder is to collect as much information about the incident as possible. This is important because it allows the first responder to assess the situation accurately and make informed decisions about the appropriate course of action. By gathering information, the first responder can determine the severity of the incident, identify potential risks or hazards, and provide accurate and timely information to other responders or authorities. Additionally, collecting information helps in documenting the findings for future reference or analysis.

    Rate this question:

  • 35. 

    Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold? needs?

    • A.

      Circuit-level proxy firewall

    • B.

      Packet filtering firewall

    • C.

      Application-level proxy firewall

    • D.

      Data link layer firewall

    Correct Answer
    C. Application-level proxy firewall
    Explanation
    An application-level proxy firewall would be the most appropriate for Harold because it operates at the application layer of the network stack. This means that it can inspect the content of the FTP traffic and only allow FTP-PUT requests while blocking other types of FTP traffic. Circuit-level proxy firewalls, packet filtering firewalls, and data link layer firewalls do not have the ability to inspect the content of the traffic at the application layer, making them less suitable for Harold's needs.

    Rate this question:

  • 36. 

    Which one do you like?

    • A.

      John Doe Search Warrant

    • B.

      Citizen Informant Search Warrant

    • C.

      Electronic Storage Device Search Warrant

    • D.

      Service Provider Search Warrant

    Correct Answer
    C. Electronic Storage Device Search Warrant
    Explanation
    An electronic storage device search warrant is likely the correct answer because it is specifically focused on searching electronic devices for evidence. This type of warrant would be used when law enforcement suspects that electronic devices, such as computers or smartphones, may contain information relevant to an investigation. It allows them to legally search and seize these devices in order to gather evidence. The other options, such as John Doe Search Warrant or Citizen Informant Search Warrant, do not provide any specific information about the nature of the search or the type of evidence being sought. The Service Provider Search Warrant may be relevant in cases where law enforcement needs to access information stored by a service provider, but it does not necessarily involve searching electronic devices.

    Rate this question:

  • 37. 

    When marking evidence that has been collected with the “aaa/ddmmyy/nnnn/zz" format, what does the “nnnn” denote?

    • A.

      The initials of the forensics analyst

    • B.

      The sequence number for the parts of the same exhibit

    • C.

      The year he evidence was taken

    • D.

      The sequential number of the exhibits seized by the analyst

    Correct Answer
    D. The sequential number of the exhibits seized by the analyst
    Explanation
    The "nnnn" in the "aaa/ddmmyy/nnnn/zz" format denotes the sequential number of the exhibits seized by the analyst. This number is used to keep track of the order in which the exhibits were collected, allowing for easy reference and organization of the evidence.

    Rate this question:

  • 38. 

    A forensic examiner is examining a Windows system seized from a crime scene. During the examination of a suspect file, he discovered that the file is password protected. He tried guessing the password using the suspect's available information but without any success. Which of the following tool can help the investigator to solve this issue?

    • A.

      Cain & Abel

    • B.

      Xplico

    • C.

      Recuva

    • D.

      Colasoft's Capsa

    Correct Answer
    A. Cain & Abel
    Explanation
    Cain & Abel is a password recovery tool that can help the forensic examiner in solving the issue of a password-protected file. This tool is specifically designed for recovering various types of passwords, including network passwords and password-protected files. It uses different methods such as brute-force attacks and dictionary attacks to crack the password. By using Cain & Abel, the forensic examiner can increase the chances of successfully unlocking the suspect file and gaining access to its contents for further investigation.

    Rate this question:

  • 39. 

    When obtaining a warrant, it is important to:

    • A.

      Particularlydescribe the place to be searched and particularly describe the items to be seized

    • B.

      Generallydescribe the place to be searched and particularly describe the items to be seized

    • C.

      Generallydescribe the place to be searched and generally describe the items to be seized

    • D.

      Particularlydescribe the place to be searched and generally describe the items to be seized

    Correct Answer
    A. Particularlydescribe the place to be searched and particularly describe the items to be seized
    Explanation
    When obtaining a warrant, it is important to particularly describe the place to be searched and particularly describe the items to be seized. This requirement ensures that the warrant is specific and does not give the authorities unlimited power to search any location or seize any item. By specifically describing the place and items, it provides a clear limit to the search and seizure, protecting individuals' rights and preventing potential abuse of power.

    Rate this question:

  • 40. 

    What type of analysis helps to identify the time and sequence of events in an investigation?

    • A.

      Time-based

    • B.

      Functional

    • C.

      Relational

    • D.

      Temporal

    Correct Answer
    D. Temporal
    Explanation
    Temporal analysis is the type of analysis that helps to identify the time and sequence of events in an investigation. Temporal analysis involves examining the timestamps, dates, and chronological order of events to understand the timeline and sequence of activities. This analysis can be useful in various fields such as forensic investigations, historical research, and data analysis, where understanding the temporal aspect is crucial for drawing accurate conclusions and uncovering patterns or trends.

    Rate this question:

  • 41. 

    Which tool can help the investigator if he wants to examine changes made to the system’s registry by the suspect program?

    • A.

      TRIPWIRE

    • B.

      RAM Capturer

    • C.

      Regshot

    • D.

      What's Running

    Correct Answer
    C. Regshot
    Explanation
    Regshot is a tool that can help the investigator examine changes made to the system's registry by the suspect program. It takes snapshots of the registry before and after the program is executed and then compares the two snapshots to identify any changes. This allows the investigator to analyze and understand the modifications made by the program, which can be crucial in determining its behavior and potential impact on the system.

    Rate this question:

  • 42. 

    When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?

    • A.

      One

    • B.

      Two

    • C.

      Three

    • D.

      Four

    Correct Answer
    B. Two
    Explanation
    In a sexual harassment case, it is recommended to have two investigators during the preliminary investigations. This is because having two investigators allows for a more objective and unbiased investigation. It also ensures that multiple perspectives are considered and helps to prevent any potential conflicts of interest. Having two investigators can also help to ensure that all aspects of the case are thoroughly examined and that no important details are overlooked.

    Rate this question:

  • 43. 

    Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

    • A.

      Data collection

    • B.

      Secure the evidence

    • C.

      First response

    • D.

      Data analysis

    Correct Answer
    C. First response
    Explanation
    During the investigation phase of a cybercrime forensics investigation case, various tasks are performed to gather evidence and analyze data. Data collection involves gathering relevant information and evidence related to the cybercrime. Secure the evidence involves ensuring the preservation and protection of the collected evidence to maintain its integrity. Data analysis involves examining and interpreting the collected data to identify patterns, anomalies, and other important information. However, the first response is not a task that falls under the investigation phase. The first response refers to the initial actions taken immediately after the detection of a cybercrime, such as reporting the incident and securing the affected systems.

    Rate this question:

  • 44. 

    You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe. What are you trying to accomplish here?

    • A.

      Poison the DNS records with false records

    • B.

      Enumerate MX and A records from DNS

    • C.

      Establish a remote connection to the Domain Controller

    • D.

      Enumerate domain user accounts and built-in groups

    Correct Answer
    D. Enumerate domain user accounts and built-in groups
    Explanation
    By connecting to the Domain Controller on port 389 using ldp.exe, the attacker is attempting to enumerate domain user accounts and built-in groups. This allows them to gather information about the users and groups present in the Active Directory network, which can be used for further exploitation or privilege escalation. The other options, such as poisoning DNS records or establishing a remote connection, are not relevant to the given scenario and do not align with the attacker's objectives.

    Rate this question:

  • 45. 

    Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

    • A.

      Volume Boot Record

    • B.

      Master Boot Record

    • C.

      GUID Partition Table

    • D.

      Master File Table

    Correct Answer
    D. Master File Table
    Explanation
    The Master File Table (MFT) is a database in which information about every file and directory on an NT File System (NTFS) volume is stored. It acts as a directory for the file system, keeping track of the location and metadata of each file and directory on the volume. The MFT is a crucial component of the NTFS file system and is used by the operating system to access and manage files and directories efficiently.

    Rate this question:

  • 46. 

    When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

    • A.

      Universal Time Set

    • B.

      Network Time Protocol

    • C.

      SyncTime Service

    • D.

      Time-Sync Protocol

    Correct Answer
    B. Network Time Protocol
    Explanation
    The correct answer is Network Time Protocol. Network Time Protocol (NTP) is a service used to synchronize time among multiple computers. It ensures that the clocks of different computers are aligned, allowing administrators to accurately reconstruct events during an attack or security incident. Without synchronized time, it becomes challenging to determine the exact timing and sequence of events.

    Rate this question:

  • 47. 

    Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program What part of the analysis is he performing?

    • A.

      Identifying File Dependencies

    • B.

      Strings search

    • C.

      Dynamic analysis

    • D.

      File obfuscation

    Correct Answer
    B. Strings search
    Explanation
    Shane is using the tool ResourcesExtract to find more details of the malicious program. This tool is specifically designed to extract strings from binary files, which can provide valuable information about the malware. Therefore, Shane is performing a strings search as part of the static analysis to uncover important details about the malicious program.

    Rate this question:

  • 48. 

    On Linux/Unix based Web servers, what privilege should the daemon service be run under?

    • A.

      Guest

    • B.

      Root

    • C.

      You cannot determine what privilege runs the daemon service

    • D.

      Something other than root

    Correct Answer
    D. Something other than root
    Explanation
    The daemon service on Linux/Unix based Web servers should be run under a privilege other than root. Running the daemon service as root can pose a security risk as it grants extensive permissions and control over the system. By running the daemon service under a different privilege, the potential damage that can be caused by any vulnerabilities or malicious actions is limited. This helps to ensure the overall security and stability of the server.

    Rate this question:

  • 49. 

    Gill is a computer forensics investigator who has been called upon to examine a seized computer. This computer, according to the police, was used by a hacker who gained access to numerous banking institutions to steal customer information. After preliminary investigations, Gill finds in the computer’s log files that the hacker was able to gain access to these banks through the use of Trojan horses. The hacker then used these Trojan horses to obtain remote access to the companies’ domain controllers. From this point, Gill found that the hacker pulled off the SAM files from the domain controllers to then attempt and crack network passwords. What is the most likely password cracking technique used by this hacker to break the user passwords from the SAM files?

    • A.

      Syllable attack

    • B.

      Hybrid attack

    • C.

      Brute force attack

    • D.

      Dictionary attack

    Correct Answer
    D. Dictionary attack
    Explanation
    The most likely password cracking technique used by the hacker to break the user passwords from the SAM files is a dictionary attack. This is because the hacker gained access to the domain controllers and pulled off the SAM files, which contain the hashed passwords of the users. In a dictionary attack, the hacker uses a pre-built list of commonly used passwords or words from a dictionary to try and match the hashed passwords and gain unauthorized access.

    Rate this question:

  • 50. 

    In the context of file deletion process, which of the following statement holds true?

    • A.

      When files are deleted, the data is overwritten and the cluster marked as available

    • B.

      The longer a disk is in use, the less likely it is that deleted files will be overwritten

    • C.

      While booting, the machine may create temporary files that can delete evidence

    • D.

      Secure delete programs work by completely overwriting the file in one go

    Correct Answer
    C. While booting, the machine may create temporary files that can delete evidence
    Explanation
    The correct answer is "While booting, the machine may create temporary files that can delete evidence." This statement is true because during the booting process, the machine may generate temporary files that can unintentionally delete evidence or overwrite existing data. This can occur if the temporary files are stored in the same location as the files that need to be preserved. Therefore, it is important to be cautious during the booting process to prevent the loss of important data.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 23, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Nov 07, 2019
    Quiz Created by
    Tui
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.