National Polytechnic Institute CHFI Practice Test
.
- 1.Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensic investigation case?
- A.
Secure the evidence
- B.
First response
- C.
Data collection
- D.
Data analysis
- 2.Which of the following is a record of the: characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map, and usage information, and the size of the block groups?
- A.
Inode table
- B.
Superblock
- C.
Mount Count
- D.
Master Boot Record (MBR)
- 3.Which of the following tool captures and allows you to interactively browse the traffic on a network?
- A.
RegScanner
- B.
ThumbsDisplay
- C.
Wireshark
- D.
Security Task Manager
- 4.Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?
- A.
OpenGL/ES and SGL
- B.
WebKit
- C.
Surface Manager
- D.
Media framework
- 5.Which of the following built-in Linux commands can be used by forensic investigators to copy data from a disk drive?
- A.
Expr
- B.
Diff
- C.
Lprm
- D.
Dd and dcfldd
- 6.Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox, or overwhelm the server where the email address is hosted, to cause a denial-of-service attack?
- A.
Email spamming
- B.
Phishing
- C.
Mail bombing
- D.
Email spoofing
- 7.Which tool does the investigator use to extract artifacts left by Google Drive on the system?
- A.
VirusTotal
- B.
RAM Capturer
- C.
WebBrowserPassView
- D.
Deep Log Analyzer
- 8.Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?
- A.
MS-office Word Document
- B.
Portable Document Format
- C.
MS-office Word PowerPoint
- D.
MS-office Word OneNote
- 9.Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?
- A.
IDS
- B.
SIEM
- C.
Domain Controller
- D.
Firewall
- 10.Which code does the FAT file system use to mark the file as deleted?
- A.
H5e
- B.
ESh
- C.
5Eh
- D.
E5h
- 11.Jacky encrypts her documents using a password. It is known that she uses her daughter's year of birth as part of the password. Which password cracking technique would be optimal to crack her password?
- A.
Hybrid attack
- B.
Brute force attack
- C.
Syllable attack
- D.
Rule-based attack
- 12.Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in ON condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner. Which of the following key combinations can he use to recover the IMEI number?
- A.
*IMEI#
- B.
#*06*#
- C.
#06#*
- D.
*#06#
- 13.A computer used in an alleged software piracy ring has been taken to a forensics lab for investigation. After searching for three days, the investigators have found no trace of illegal activity. As a last effort, the investigators decide to examine the slack space of the computer’s hard drive. What information will this produce for the investigators?
- A.
Data contained in the BIOS
- B.
Recently deleted files
- C.
Data contained in the master boot record (MBR)
- D.
Data from the sectors of the disk
- 14.Report writing is a crucial stage in the outcome of an investigation. Which information should NOT be included in the report section?
- A.
Purpose of the report
- B.
Author of the report
- C.
Incident summary
- D.
Speculation or opinion as to the cause of the incident
- 15.Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and GRUB (Grand Unified Bootloader). In which stage of the booting process do the bootloaders become active?
- A.
BIOS Stage
- B.
Kernel Stage
- C.
BootROM Stage
- D.
Bootloader Stage
- 16.The investigator wants to examine changes made to the system’s registry by the suspect program. Which of the following tool can help the investigator?
- A.
What's Running
- B.
RAM Capturer
- C.
TRIPWIRE
- D.
Regshot
- 17.Which among the following U.S. laws requires financial institutions – companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance – to protect their customers’ information against security threats?
- A.
GLBA
- B.
FISMA
- C.
SOX
- D.
HIPAA
- 18.Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as: FF D8 FF E1 What is the file type of the image?
- A.
GIF
- B.
JPEG
- C.
PNG
- D.
BMP
- 19.Which among the following search warrants allows the first responder to search and seize the victim’s computer components such as hardware, software, storage devices, and documentation?
- A.
Citizen Informant Search Warrant
- B.
Electronic Storage Device Search Warrant
- C.
IT Bench Search Warrant
- D.
Service Provider Search Warrant
- 20.Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses' testimony during federal legal proceedings?
- A.
Daubert
- B.
Frye
- C.
IOCE
- D.
SWGDE & SWGIT
- 21.Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration, and critical system files, and to execute commands outside of the web server's root directory?
- A.
Unvalidated input
- B.
Directory traversal
- C.
Security misconfiguration
- D.
Parameter/form tampering
- 22.BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24-bit color (16.7 million colors). Each bitmap file contains a header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?
- A.
The RGBQUAD array
- B.
Information header
- C.
Header
- D.
Image data
- 23.Which of the following is NOT an anti-forensics technique?
- A.
Data Deduplication
- B.
Password Protection
- C.
Encryption
- D.
Steganography
- 24.Which of the following techniques creates a replica of an evidence media?
- A.
Data Extraction
- B.
Data Deduplication
- C.
Bit Stream Imaging
- D.
Backup
- 25.Wireless access control attacks aim to penetrate a network by evading WLAN access control measures such as AP MAC filters and Wi-Fi port access controls. Which of the following wireless access control attacks allow the attacker to set up a rogue access point outside the corporate perimeter and then lure the employees of the organization to connect to it?
- A.
Client mis-association
- B.
Ad-hoc associations
- C.
Rogue access points
- D.
MAC spoofing
Related Topics
Featured Quizzes
Back to top