1.
Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensic investigation case?
A. 
B. 
C. 
D. 
2.
Which of the following is a record of the: characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map, and usage information, and the size of the block groups?
A. 
B. 
C. 
D. 
3.
Which of the following tool captures and allows you to interactively browse the traffic on a network?
A. 
B. 
C. 
D. 
4.
Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?
A. 
B. 
C. 
D. 
5.
Which of the following built-in Linux commands can be used by forensic investigators to copy data from a disk drive?
A. 
B. 
C. 
D. 
6.
Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox, or overwhelm the server where the email address is hosted, to cause a denial-of-service attack?
A. 
B. 
C. 
D. 
7.
Which tool does the investigator use to extract artifacts left by Google Drive on the system?
A. 
B. 
C. 
D. 
8.
Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?
A. 
B. 
C. 
MS-office Word PowerPoint
D. 
9.
Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?
A. 
B. 
C. 
D. 
10.
Which code does the FAT file system use to mark the file as deleted?
A. 
B. 
C. 
D. 
11.
Jacky encrypts her documents using a password. It is known that she uses her daughter's year of birth as part of the password. Which password cracking technique would be optimal to crack her password?
A. 
B. 
C. 
D. 
12.
Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in ON condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner.
Which of the following key combinations can he use to recover the IMEI number?
A. 
B. 
C. 
D. 
13.
A computer used in an alleged software piracy ring has been taken to a forensics lab for investigation. After searching for three days, the investigators have found no trace of illegal activity. As a last effort, the investigators decide to examine the slack space of the computer’s hard drive.
What information will this produce for the investigators?
A. 
Data contained in the BIOS
B. 
C. 
Data contained in the master boot record (MBR)
D. 
Data from the sectors of the disk
14.
Report writing is a crucial stage in the outcome of an investigation. Which information should NOT be included in the report section?
A. 
B. 
C. 
D. 
Speculation or opinion as to the cause of the incident
15.
Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and GRUB (Grand Unified Bootloader). In which stage of the booting process do the bootloaders become active?
A. 
B. 
C. 
D. 
16.
The investigator wants to examine changes made to the system’s registry by the suspect program. Which of the following tool can help the investigator?
A. 
B. 
C. 
D. 
17.
Which among the following U.S. laws requires financial institutions – companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance – to protect their customers’ information against security threats?
A. 
B. 
C. 
D. 
18.
Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as:
FF D8 FF E1
What is the file type of the image?
A. 
B. 
C. 
D. 
19.
Which among the following search warrants allows the first responder to search and seize the victim’s computer components such as hardware, software, storage devices, and documentation?
A. 
Citizen Informant Search Warrant
B. 
Electronic Storage Device Search Warrant
C. 
D. 
Service Provider Search Warrant
20.
Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses' testimony during federal legal proceedings?
A. 
B. 
C. 
D. 
21.
Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration, and critical system files, and to execute commands outside of the web server's root directory?
A. 
B. 
C. 
Security misconfiguration
D. 
22.
BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24-bit color (16.7 million colors). Each bitmap file contains a header, the RGBQUAD array, information header, and image data.
Which of the following element specifies the dimensions, compression type, and color format for the bitmap?
A. 
B. 
C. 
D. 
23.
Which of the following is NOT an anti-forensics technique?
A. 
B. 
C. 
D. 
24.
Which of the following techniques creates a replica of an evidence media?
A. 
B. 
C. 
D. 
25.
Wireless access control attacks aim to penetrate a network by evading WLAN access control measures such as AP MAC filters and Wi-Fi port access controls. Which of the following wireless access control attacks allow the attacker to set up a rogue access point outside the corporate perimeter and then lure the employees of the organization to connect to it?
A. 
B. 
C. 
D.