ZCZXCZXCZXCZXCZXCZXC
ZCZXCZXCZXCZXCZXCZXC
Saved
ListenReadSpeaker webReader: Listen Focus
In SSD there is no need to perform low level format since the memory board
will delete the data automatically
Question 1 options:
True
False
Question 2 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Deciding what type of searches needs to be executed and documents created
are part of the
Question 2 options:
Presentation
Validation
Planning
Processing
Identification
Preservation
Question 3 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Every file has a metadata field indicating the name of the creator ,revision,
version etc.
Question 3 options:
True
False
Question 4 (1 point)
Saved
ListenReadSpeaker webReader: Listen
One of many roles of forensic investigator is to rephrase the findings in a way
so non-technical people would understand
Question 4 options:
True
False
Question 5 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Writing down notes and important findings happens at the _ phase
Question 5 options:
Planning
Processing
Validation
Presentation
Preservation
Identification
Question 6 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Litigation support is one of the goals of Digital forensics
Question 6 options:
True
False
Question 7 (1 point)
Saved
ListenReadSpeaker webReader: Listen
On traditional hard drives the head "reads" the data by interpreting changes in
polarity
Question 7 options:
True
False
Question 8 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The BIOS "sees" hard drives as a series of blocks
Question 8 options:
True
False
Question 9 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Directory traversal attack is only impacting web servers
Question 9 options:
True
False
Question 10 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When malware in Windows OS is designed to survive reboot it is likely to
hide in:
Question 10 options:
\HKEY_CLASSES_ROOT\.vsto\bootstrap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BOOTSTRAP
HKEY_CURRENT_USER\System\CurrentControlSet\Control\NotifyDeviceReboot
HKEY_CLASSES_ROOT\BOOTSTRAP
Question 11 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Performing forensic shutdown usually happens at the _ phase
Question 11 options:
Preservation
Presentation
Identification
Planning
Validation
Processing
Question 12 (1 point)
Saved
ListenReadSpeaker webReader: Listen
EXT4 file system can support partitions up to 1000 TB
Question 12 options:
True
False
Question 13 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Which of the following is not a key element of computer forensics
Question 13 options:
Validation
Chain of Custody
Reasonable assumptions
Question 14 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The OS defines how data is stored/organized on device
Question 14 options:
True
False
Question 15 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Directory traversal is based on a built in OS functionality of command line
based directory navigation
Question 15 options:
True
False
Question 16 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Removing an item from the scene is never allowed even when done as part of
securing evidence
Question 16 options:
True
False
Question 17 (1 point)
Saved
ListenReadSpeaker webReader: Listen
File system block on EXT4 are fixed to 64 KB
Question 17 options:
True
False
Question 18 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Chain of custody should track ( select all that apply)
Question 18 options:
Evidence movement transfer details
Note indicating the original location of the evidence
Question 19 (1 point)
Saved
ListenReadSpeaker webReader: Listen
A computer with Windows XP was originally installed as windows 98 and
then upgraded to windows XP without changing the file system .
The following statement is correct
Question 19 options:
Windows XP is coming with NTFS therefore FAT 32 limits will not apply to this case
Windows XP uses ext2 and can support unlimited partition and file sizes
Question 20 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Data deduplication happens at the _ phase
Question 20 options:
Preservation
Planning
Identification
Processing
Validation
Presentation
Question 21 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The process of breaking the Enigma device during WWII is an example of
Question 21 options:
Steganography
Steganalysis
Cryptography
Watermarking
Cryptoanalysis
Question 22 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The only two MIME formats allowed in the body of the email message are
text and HTML
Question 22 options:
True
False
Question 23 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Adding file to another file (using steganography) will not change the hash of
the file being used as a container
Question 23 options:
True
False
Question 24 (1 point)
Saved
ListenReadSpeaker webReader: Listen
SPF records are meaningless without full DMARC policy
Question 24 options:
True
False
Question 25 (1 point)
Saved
ListenReadSpeaker webReader: Listen
SMTP protocol has encryption mechanism build in as part of the original
SMTP RFC
Question 25 options:
True
False
Question 26 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When audio files used in steganography
Question 26 options:
They need to be only of mp3 format
Users will unlikely notice the difference between the altered file and the original one
Question 27 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When using web browser to compile an email in your gmail account . The
browser is used as
Question 27 options:
MUA
MRA
MDA
MTA
MSA
Question 28 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Replacing the least significant bit of every byte is a method by which security
analyst can add watermarks to the document
Question 28 options:
True
False
Question 29 (1 point)
Saved
ListenReadSpeaker webReader: Listen
One of the main reasons companies should enforce internal email policies and
have low tolerance for non-job related emails is
Question 29 options:
Non-job-related email causes waste of time and resources
Emails take disk space and company is at risk running out of disk space on the mailserver
Some people might find non-job related emails annoying and report it to the HR
An email between two coworkers can result in a potential lawsuit against the company
Question 30 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When an existing lookalike domain doesn't have an A or MX record it could
mean
Question 30 options:
Attackers will not be able to use this domain for email attacks until they modify the DNS records
Attackers can still use this domain to send phishing links to company's users
Question 31 (1 point)
Saved
ListenReadSpeaker webReader: Listen
If you installed MTA in your home network why it is unlikely that you would
be able to send emails using it
Question 31 options:
Your home router will block inbound port 25 unless specially configured to allow it
Question 32 (1 point)
Saved
ListenReadSpeaker webReader: Listen
Expert witness has to witness the crime the way eyewitness does , expert
witness just understands it better to testify
Question 32 options:
True
False
Question 33 (1 point)
Saved
ListenReadSpeaker webReader: Listen
When applied to the digital world Steganography:
Question 33 options:
Steganography
Question 34 (1 point)
Saved
ListenReadSpeaker webReader: Listen
The following header is the hardest one to spoof
Question 34 options:
SPF
MessageID
Return-Path
From
DMARC
Question 35 (1 point)