   Nguyen Bao An (K13_HCM)

  Home  My courses  FRS301_DinhMH  Midterm Test 1  Midterm Test 1

Question 1 What is the First Step required in preparing a computer for forensics investigation?
Not yet
answered
Select one:
Marked out of
a. Secure any relevant media
1.00

Flag
b. Do not turn the computer o or on, run any programs, or attempt to access data on a computer
question c. Suspend automated document destruction and recycling policies that may pertain to any relevant
media or users at Issue
d. Identify the type of data you are seeking, the Information you are looking for, and the urgency
level of the examination
Clear my choice

Question 2 Network forensics can be de ned as the sni ng, recording, _________ and analysis of the network tra c
Not yet and event logs in order to investigate a network security incident.
answered


Marked out of Select one:
1.00
a. Attacking
Flag
question b. Infecting
c. Cracking
d. Acquisition

Clear my choice

Question 3 Which of the following statements does not support the case assessment?
Not yet
answered
Select one:
Marked out of
a. Do not document the chain of custody
1.00

Flag
b. Discuss whether other forensic processes need to be performed on the evidence
question c. Review the case investigator's request for service 
d. Identify the legal authority for the forensic examination request

Clear my choice

Question 4
What is cold boot (hard boot)?
Not yet
answered
Select one:
Marked out of
a. It is the process of shutting down a computer from a powered-on or on state
1.00

Flag
b. It is the process of restarting a computer that is already in sleep mode
question c. It is the process of restarting a computer that is already turned on through the operating system
d. It is the process of starting a computer from a powered-down or o state

Clear my choice

Question 5 Which of the following would you consider an aspect of organizational security, especially focusing on IT
Not yet security?
answered
Marked out of Select one:
1.00
a. Application security
Flag
question b. Information copyright security
c. Security from frauds
d. Biometric information security

Clear my choice

Question 6 Which of the following approaches checks and compares all the elds systematically and intentionally for
Not yet positive and negative correlation with each other to determine the correlation across one or multiple
answered elds?
Marked out of
1.00
Select one:
Flag
a. Graph-based approach
question
b. Rule-based approach
c. Neural network-based approach
d. Automated eld correlation approach

Clear my choice

Question 7
Deposition enables opposing counsel to preview an expert witness’s testimony at trial. Which of the
Not yet following deposition is not a standard practice? 
answered
Marked out of Select one:
1.00
a. Only one attorney is present
Flag
question b. No jury or judge
c. Both attorneys are present
d. Opposing counsel asks questions

Clear my choice

Question 8 What should you do?

Not yet
answered
Select one:
Marked out of
1.00
a. Use Norton Ghost to mirror the old disk to a new hard disk.

Flag b. Create a simple volume and get les back.

question
c. Migrate the deleted partition to a new hard disk.
d. Evaluate and extract the deleted partitions.

Clear my choice

Question 9 During the rst responder procedure you should follow all laws while collecting the evidence, and contact
Not yet a computer forensic ___________ as soon as possible.
answered
Marked out of Select one:
1.00
a. Examiner
Flag
question b. Professor
c. Tester
d. Dumper

Clear my choice

Question 10
Which one of the following is not a consideration in a forensic readiness planning checklist?
Not yet
answered
Select one:
Marked out of
a. Take permission from all employees of the organization.
1.00

Flag
b. Decide the procedure for securely collecting the evidence that meets the requirements in a
question forensically sound manner.
c. Identify the potential evidence available.
d. De ne the business states that need digital evidence.

Clear my choice

Question 11 Which of the following commands shows you all of the network services running on Windows based
Not yet servers?
answered
Marked out of Select one:
1.00
a. Net share
Flag
question b. Net use
c. Net start
d. Net Session

Clear my choice

Question 12 Email archiving is a systematic approach to save and protect the data contained in emails so that hackers
Not yet can exploit and easily access to read the victim’s email. Which of the following protect the email system?   
answered
Marked out of Select one:
1.00
a. Use email client to download email from Server mailbox.
Flag
question b. Use SSL to sign and encrypt email.
c. Use webmail to prevent hacker get email.
d. Use VPN connection before read email.

Clear my choice

Question 13
In which step of the computer forensics investigation methodology would you run MD5 checksum on the
Not yet evidence?
answered

Marked out of Select one:

1.00
a. Obtain search warrant
Flag
question b. Collect the evidence.
c. Acquire the data.
d. Evaluate and secure the scene.

Clear my choice

Question 14 Which of the following commands will you use to look at which sessions the machine has opened with
Not yet other systems?
answered
Marked out of Select one:
1.00
a. Net sessions
Flag
question b. Net use
c. Net share
d. Net con g

Clear my choice

Question 15 Which table is used to convert huge word lists (i .e. dictionary les and brute-force lists) into password
Not yet hashes?
answered
Marked out of Select one:
1.00
a. Hash tables
Flag
question b. Database tables
c. Rainbow tables
d. Master le tables

Clear my choice

Question 16
Which of the following task list commands provides information about the listed processes, including the
Not yet image name, PID, name, and number of the session for the process?
answered

Marked out of Select one:

1.00
a. tasklist /s
Flag
question b. tasklist /u
c. tasklist /V
d. tasklist /p

Clear my choice

Question 17 Windows Security Event Log contains records of login/logout activity or other security related events
Not yet speci ed by the system’s audit policy. What does event ID 531 in Windows Security Event Log indicates?
answered
Marked out of Select one:
1.00
a. A user successfully logged on to a computer.
Flag
question b. The logon attempt was made with an unknown username or a known username with a bad
password.
c. A logon attempt was made using a disabled account.
d. An attempt was made to log on with the user account outside of the allowed time.

Clear my choice

Question 18 Volatile information can be easily modi ed or lost when the system is shutdown or rebooted. Which of
Not yet the following help you to determine at a logical timeline?
answered
Marked out of Select one:
1.00
a. The processes are running.
Flag
question b. The registry information.
c. The virtual memory in the hard disk.
d. The security incident and the users who would be responsible.

Clear my choice

Question 19 You can nd the SIDs in Windows registry editor at the following location:
Not yet
answered
Select one:
Marked out of
1.00
a. HKEY_USER\SOFTWARE\Microsoft\Windows NT\Currentversion \Pro leList

Flag
b. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion \Pro leList
question c. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\Currentversion \Pro leList
d. HKEY_CURRENT_CONFIG\SOFTWARE\Microsoft\Windows NT\Currentversion \Pro leList

Clear my choice

Question 20 A technique used to make a person reveal con dential information such as passwords through
Not yet manipulation.
answered
Marked out of Select one:
1.00
a. File Slack
Flag
question b. Incident
c. Bandwidth
d. Social Engineering

Clear my choice

Question 21 The measure of how perishable electronically stored data are.

Not yet
answered
Select one:
Marked out of
a. Volatility
1.00

Flag
b. Bandwidth
question c. DriveSpy
d. File Slack

Clear my choice

Question 22
The art and science of hiding information by embedding messages in other, semmingly harmless
Not yet messages.
answered
Marked out of Select one:
1.00
a. Amperage
Flag
question b. Bandwidth
c. Steganography
d. Bookrack

Clear my choice

Question 23 Which of the following attacks allows attacker to acquire access to the communication channels between
Not yet the victim and server to extract the information?
answered
Marked out of Select one:
1.00
a. Social Engineering attack
Flag
question b. Brute-Force attack
c. Man-in-the-middle (MITM) attack
d. Denial of Service (DoS)

Clear my choice

Question 24 During private investigations, what do you search for?

Not yet
answered
Select one:
Marked out of
a. Computer forensics analysis tool
1.00

Flag
b. Vulnerability Threat Assessment and Risk Management
question c. Organization's internet proxy server logs
d. Evidence to support allegations of violations of a company's rules or an attack on its assets

Clear my choice

Question 25
What is Digital Forensic?
Not yet
answered
Select one:
Marked out of
a. Process of using scienti c knowledge in analysis and presentation of evidence in court.
1.00

Flag
b. A process where we develop and test hypotheses that answer questions about digital events.
question c. Use of science or technology in the investigation and establishment of the facts or evidence in a
court of law.
d. The application of computer science and investigative procedures for a legal purpose involving
the analysis of digital evidence after proper search authority, chain of custody, validation with
mathematics, use of validated tools, repeatability, reporting, and possible expert presentation.
Clear my choice

Question 26 Which of the following is NOT focus of digital forensic analysis?

Not yet
answered
Select one:
Marked out of
a. Enhancement.
1.00

Flag
b. Comparison.
question c. Proving.
d. Authenticity.

Clear my choice

Question 27 What is the Primary Objectives of Digital Forensic for Business and Industry?
Not yet
answered
Select one:
Marked out of
a. Prosecution.
1.00

Flag
b. Security.
question c. Continuity of operation.
d. Availability of service.

Clear my choice

Question 28 Which of the following hold the highest value of evidence in the court?
Not yet
answered
Select one:
Marked out of
1.00
a. Testimonial.

Flag b. Real.
question
c. Demonstrative.
d. Documentary.

Clear my choice

Next page

PREVIOUS ACTIVITY
 Announcements

Jump to...