Scribd
Upload
20 views13 pages

ZCZXCZXCZXCZXCZXCZXC

This document contains 35 multiple choice questions about digital forensics and cybersecurity topics. The questions cover a range of topics including steganography, email protocols, digital evidence handling procedures, and computer forensic investigation phases and techniques.

Uploaded by

momo082298
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
20 views13 pages

ZCZXCZXCZXCZXCZXCZXC

This document contains 35 multiple choice questions about digital forensics and cybersecurity topics. The questions cover a range of topics including steganography, email protocols, digital evidence handling procedures, and computer forensic investigation phases and techniques.

Uploaded by

momo082298
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 13

Question 1 (1 point)

Saved
ListenReadSpeaker webReader: Listen Focus
In SSD there is no need to perform low level format since the memory board
will delete the data automatically
Question 1 options:
True
False
Question 2 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Deciding what type of searches needs to be executed and documents created
are part of the
Question 2 options:
Presentation

Validation

Planning

Processing

Identification

Preservation

Question 3 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Every file has a metadata field indicating the name of the creator ,revision,
version etc.
Question 3 options:
True
False
Question 4 (1 point)
Saved
ListenReadSpeaker webReader: Listen
One of many roles of forensic investigator is to rephrase the findings in a way
so non-technical people would understand
Question 4 options:
True
False
Question 5 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Writing down notes and important findings happens at the _ phase
Question 5 options:
Planning

Processing

Validation

Presentation

Preservation

Identification

Question 6 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Litigation support is one of the goals of Digital forensics
Question 6 options:
True
False
Question 7 (1 point)
Saved
ListenReadSpeaker webReader: Listen
On traditional hard drives the head "reads" the data by interpreting changes in
polarity
Question 7 options:
True
False
Question 8 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The BIOS "sees" hard drives as a series of blocks
Question 8 options:
True
False
Question 9 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Directory traversal attack is only impacting web servers
Question 9 options:
True
False
Question 10 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When malware in Windows OS is designed to survive reboot it is likely to
hide in:

Question 10 options:
\HKEY_CLASSES_ROOT\.vsto\bootstrap

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BOOTSTRAP

HKEY_CURRENT_USER\System\CurrentControlSet\Control\NotifyDeviceReboot

HKEY_CLASSES_ROOT\BOOTSTRAP

Question 11 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Performing forensic shutdown usually happens at the _ phase
Question 11 options:
Preservation

Presentation

Identification

Planning

Validation

Processing

Question 12 (1 point)
Saved
ListenReadSpeaker webReader: Listen
EXT4 file system can support partitions up to 1000 TB
Question 12 options:
True
False
Question 13 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Which of the following is not a key element of computer forensics
Question 13 options:
Validation

Chain of Custody

Reasonable assumptions

Ensuring complete and accurate documentation

Collecting and preserving evidence

Question 14 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The OS defines how data is stored/organized on device
Question 14 options:
True
False
Question 15 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Directory traversal is based on a built in OS functionality of command line
based directory navigation
Question 15 options:
True
False
Question 16 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Removing an item from the scene is never allowed even when done as part of
securing evidence
Question 16 options:
True
False
Question 17 (1 point)
Saved
ListenReadSpeaker webReader: Listen
File system block on EXT4 are fixed to 64 KB
Question 17 options:
True
False
Question 18 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Chain of custody should track ( select all that apply)
Question 18 options:
Evidence movement transfer details
Note indicating the original location of the evidence

Evidence details like make, model etc.

Abnormalities about device connectivity and configuration

Initial collection date and time

Question 19 (1 point)
Saved
ListenReadSpeaker webReader: Listen
A computer with Windows XP was originally installed as windows 98 and
then upgraded to windows XP without changing the file system .
The following statement is correct
Question 19 options:
Windows XP is coming with NTFS therefore FAT 32 limits will not apply to this case

It will only support files of up to 1 TB in size because of the upgrade

It will support partition size up up to 32 GB based on FAT32 Specification

Windows XP uses ext2 and can support unlimited partition and file sizes

It will support any file size up to 2 TB as per windows XP specifications

It will support up to 4 GB of file size based on FAT32 Specifications

Question 20 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Data deduplication happens at the _ phase
Question 20 options:
Preservation
Planning

Identification

Processing

Validation

Presentation

Question 21 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The process of breaking the Enigma device during WWII is an example of
Question 21 options:
Steganography

Steganalysis

Cryptography

Watermarking

Cryptoanalysis

Question 22 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The only two MIME formats allowed in the body of the email message are
text and HTML
Question 22 options:
True
False
Question 23 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Adding file to another file (using steganography) will not change the hash of
the file being used as a container
Question 23 options:
True
False
Question 24 (1 point)
Saved
ListenReadSpeaker webReader: Listen
SPF records are meaningless without full DMARC policy
Question 24 options:
True
False
Question 25 (1 point)
Saved
ListenReadSpeaker webReader: Listen
SMTP protocol has encryption mechanism build in as part of the original
SMTP RFC
Question 25 options:
True
False
Question 26 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When audio files used in steganography
Question 26 options:
They need to be only of mp3 format

Users will unlikely notice the difference between the altered file and the original one

They can only include very small text files

They can be only played in special devices or software

Question 27 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When using web browser to compile an email in your gmail account . The
browser is used as
Question 27 options:
MUA

MRA

MDA

MTA

MSA

Question 28 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Replacing the least significant bit of every byte is a method by which security
analyst can add watermarks to the document
Question 28 options:
True
False
Question 29 (1 point)
Saved
ListenReadSpeaker webReader: Listen
One of the main reasons companies should enforce internal email policies and
have low tolerance for non-job related emails is
Question 29 options:
Non-job-related email causes waste of time and resources

Emails take disk space and company is at risk running out of disk space on the mailserver

Some people might find non-job related emails annoying and report it to the HR

An email between two coworkers can result in a potential lawsuit against the company

Question 30 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When an existing lookalike domain doesn't have an A or MX record it could
mean
Question 30 options:
Attackers will not be able to use this domain for email attacks until they modify the DNS records

Attackers will use this domain without any records

Attackers are "aging" the domain before the attack

Attackers can still use this domain to send phishing links to company's users

Question 31 (1 point)
Saved
ListenReadSpeaker webReader: Listen
If you installed MTA in your home network why it is unlikely that you would
be able to send emails using it
Question 31 options:
Your home router will block inbound port 25 unless specially configured to allow it

Your home's NAT will prevent it

Your ISP is blocking outbound port 25 to prevent SPAM distribution

You need a special hardware to support MTA

Question 32 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Expert witness has to witness the crime the way eyewitness does , expert
witness just understands it better to testify
Question 32 options:
True
False
Question 33 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When applied to the digital world Steganography:
Question 33 options:
Steganography

Assures data survival

Mostly focuses on Integrity


Assures data availability

Question 34 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The following header is the hardest one to spoof
Question 34 options:
SPF

MessageID

Return-Path

From

DMARC

Question 35 (1 point)

You might also like