CC402 Final
Which of the following are details used by telecommunications carriers for billing purposes and can include phone numbers called, call duration, dates and times of calls, and cell sites used? A. Mobile network operator B. Temporary Mobile Subscriber Identity C. Equipment Identity Register D. Call detail records
D. call detail records
The ________ Amendment of the Constitution is a part of the Bill of Rights. The purpose of this constitutional amendment was to protect individuals against unlawful search and seizure. A. Fifth B. Third C. Second D. Fourth
D. fourth
Megan Meier was a 13-year-old student from Ostmann Elementary School in Missouri who committed suicide by hanging herself. Lori Drew, a 47-year-old, posed as a boy named Josh Evans. She created a fake ________ page and befriended Megan. A. LinkedIn B. Facebook C. Instagram D. MySpace
D. myspace
In the Federal Rules of Evidence, an "original" photograph can include a negative or a ________ from the negative. A. Positive B. Copy C. Process D. Print
D. print
A ________ is a device used to illegally capture the data stored on the magnetic stripe of an ATM card, credit card, or debit card. A. Creditor B. Recorder C. Striper D. Skimmer
D. skimmer
What is shown in the following figure? application layer presentation layer session layer transport layer network layer data link layer physical layer A. The ISO Model B. The TCP Model C. The Network Model D. The OSI Model
D. the OSI model
Dr. Edmond Locard developed a theory known as ________ of Evidence. A. Whitening B. Blackening C. Penetration D. Transfer
D. transfer
Which of the following is volatile memory that is used for processes that are currently running on a computer? A. RAM B. Flash C. Hard disk drive D. ROM
a. RAM
A disk ________ is an exact copy of a hard drive. A. Clone B. None of the other answers are correct. C. Restore point D. Image
a. clone
The National White ________ Crime Center delivers training to law enforcement? A. Collar B. Cyber C. Intelligence D. Criminal
a. collar
A(n) _______ photograph is an image taken with a camera and stored as a computer file. A. Digital B. Raster C. Bits and Bytes D. Analog
a. digital
A separate ________ should be completed for each computer that is analyzed, which should note Case Number, Date, Location, Make, Model, and Serial Number. A. Worksheet B. Work desk C. Paper work D. Workload
a. worksheet
The ________ is an extremely important crime database utilized by law enforcement nationwide to apprehend fugitives, recover stolen goods, identify terrorists, and locate missing persons. A. FBI B. NCIC C. CERT D. NCIS
b. NCIC
Which of the following terms best describes the hiding, altering, or destroying of evidence related to an investigation? A. Inculpatory evidence B. Spoliation of evidence C. Manipulation of evidence D. Exculpatory evidence
b. Spoliation of evidence
_______ is not a member of Five Eyes. A. New Zealand B. Japan C. UK D. USA
b. japan
Which of the following witnesses will testify about personal experience and knowledge and may express an opinion on the ultimate issue? A. Expert witness B. Character witness C. Lay witness D. Court witness
b. lay witness
JPEG is a ________ format, which means that compression causes some loss of quality to the image. A. Lossless B. Lossy C. Gainful D. Gaining
b. lossy
In NTFS, the ___________ maintains file and folder metadata A. Companion File Table B. Master File Table C. Slave File Table D. Matter File Table
b. master file table
______ is a feature of OS X that enables the user to preview the contents of a file without opening the file or starting its associated application. A. Time Machine B. Quick Look C. Spotlight D. MyView
b. quick look
Which of the following can be used to detect when a police officer has removed her firearm and can activate a body worn camera? A. None of the other answers are correct. B. Smart holster sensor C. Smart body worn sensor D. Connect firearm GPS
b. smart holster sensor
Which of the following best describes malware that is disguised as a legitimate application or program? A. Worm B. Trojan C. Virus D. Logic bomb
b. trojan
A security vulnerability that is a threat on the day that it is discovered because a software patch, to fix the exploit, does not yet exist is called a(n): A. genesis vulnerability B. zero-day exploit C. asynchronous exploit D. critical vulnerability
b. zero-day exploit
In 2016, which of the following was malware that infected devices connected to the Internet, which ran on the Linux operating system, and enrolled these devices in a botnet? A. IoTware B. Stuxnet C. Mirai D. Strava
c. Mirai
Which of the following is a chemical found in all electronics and which dogs can be trained to find? A. Ribonucleotide reductase (RNR) B. Photoplethysmography (PPG) C. TPPO (triphenylphosphine oxide) D. Indium phosphide (InP)
c. TPPO (triphenylphosphine oxide)
An application that simulates or runs an operating system is in a virtual machine is called a(n): A. clone B. image C. emulator D. simulator
c. emulator
The sole purpose of an evidence bag is to prevent tampering of __________ A. Heat B. Moisture C. Evidence D. Signals
c. evidence
The ________.sys is a file that contains a copy of the contents of RAM and is saved to a computer's hard drive when the computer goes into hibernate mode. A. Mem B. Ram C. Hiberfil D. Config
c. hiberfil
NTFS utilizes ________ A. Overhauling B. Naming C. Journaling D. Bypassing
c. journaling
______ is an operating system feature that maintains a backup of user files; if a system crashes, the last saved copy of that file can be made available to the user. A. Digitizing B. Copying C. Journaling D. Logging
c. journaling
The Windows Registry is composed of two elements: ________and values. A. Indicators B. Registers C. Keys D. Supplements
c. keys
File ________ is information about a file and can include the creation, modified, and last access dates. A. Posting B. None of the other answers are correct. C. Metadata D. Processes
c. metadata
Trial Courts of Limited Jurisdiction are limited to hearing certain types of cases. It is the ________ court that hears cases relating to the distribution of a deceased's assets. A. Small claims B. Municipal C. Probate D. Family
c. probate
The purpose of a computer forensics investigator's _______ is to detail findings, not to convey an opinion nor convince a jury that a suspect is guilty. A. Message B. Writing C. Report D. Detailing
c. report
A(n) ________ is a hardware device that enables an individual to read data from a device, such as a hard drive, without writing to that device. A. Write enable B. Write protect C. Write blocker D. Write blockade
c. write blocker
Question: ________ evidence is used to prove the innocence of a defendant. A. Inclusionary B. Inculpatory C. Exclusionary D. Exculpatory
d. exculpatory
The word ________ means "to bring to court." A. Exculpate B. None of the other answers are correct. C. Inculpate D. Forensics
d. forensics
Which of the following is an example of a cryptocurrency? A. Solaro B. Ethem C. Conque D. Monero
d. monero
A(n) ________is the smallest element of a raster image. A. GiF B. Rastor C. Pixle D. Pixel
d. pixel
A __________ is the party that makes a claim against another party and initiates a lawsuit. A. Tiff B. Gif C. Plain Gif D. Plaintiff
d. plaintiff
The burden of ________implies that a defendant is innocent until proven guilty. A. All of these B. Reality C. Pardon D. Proof
d. proof
__ drives are the hard disk drives that act as receptacles for evidence acquired from the suspect's hard drive. A. Harvest B. Modal C. Reflective D. Model
A. harvest
Serial killer Dennis Rader sent letters and packages to local media describing his ________. A. Victims B. Family C. Dinners D. Hosts
A. victims
Which of the following best describes using a predetermined list of words to decrypt data or authenticate a user? A. Brute-force attack B. Dictionary attack C. EGREP D. Cryptanalysis
B. Dictionary attack
Which of the following is a clearinghouse of crime data that is managed by the FBI? A. NW3C B. NCIC C. NCMEC D. CERT
B. NCIC
_____ is a file system developed by Microsoft that utilizes a table to store information about where files are stored, where file space is available, and where files cannot be stored. A. File Location Table B. File Allocation Table C. File Table D. File Design Table
B. file allocation table
Which of the following organizations is an independent body that provides forensics lab guidelines and certification? A. ASCLD B. SWGDE C. ESI D. ASCLD/LAB
D. ASCLD/LAB
______ is an open source operating system based on the Linux 2.6 kernel. A. Google B. None of the other answers are correct. C. iOS D. Android
D. Android
Which of the following would be an example of a dynamic analysis of an app? A. Code review B. Analysis of the app manifest C. None of the other answers are correct. D. DNS analysis with Debookee
D. DNS analysis with Debookee
A computer forensics laboratory should have computers running the Windows and ________ operating systems. A. VMware B. Hyper-V C. OS2 D. MAC
D. Mac
A __________ is a raster image file format that supports lossless compression. A. JPEG B. GIF C. None fo the other answers are correct. D. PNG
D. PNG
Which of the following features on a Mac allows you to search for files of folders and displays results as you begin typing? A. PMAP B. Quick Look C. IOReg D. Spotlight
D. Spotlight
A _______ is a device used to make a physical dump of a cellphone. A. Flasher box B. Black box C. Flash box D. White box
a. flasher box
________ order is a request to a service provider to retain the records relating to a suspect. A. Preservation B. Reservation C. Conservation D. Dominion
a. preservation
Contents of RAM during hibernation on Mac are kept in A. sleepimage B. sleep.image C. hibernate.mac D. machib
a. sleepimage
_____ counsel is a lawyer who assists a client who has invoked his right to self-representation. A. Standby B. Ancillary C. Primary D. Subordinate
a. standby
Which of the following best describes a zero-day exploit? A. There is no known patch or anti-virus. B. You have zero days to find the exploit. C. An anti-virus company will provide a patch on the day that the exploit is discovered. D. None of the other answers are correct.
a. there is no known patch or anti-virus
_______ is the world's largest international police organization A. MI6 B. INTERPOL C. FBI D. CIA
b. interpol
_____ is a proprietary protocol developed by Apple to wirelessly stream content from the Internet and between compatible devices. A. Facetime B. AirTime C. AirPlay D. FarPlay
c. airplay
After the evidence has been seized, the investigator needs to possess and maintain a ________ form. A. Chain of custody B. Chain of time C. Chain of law D. Chain of evidence
A. Chain of custody
The ____________ portion of the report will provide a synopsis of the purpose of the examination and the investigator's major findings. A. Executive Summary B. Summary C. Index of pages D. Insights
A. Executive Summary
____ is evidence that proves guilt. A. Inculpatory B. None of the other answers are correct. C. Exculpatory D. Defamation
A. Inculpatory
Which of the following most accurately describes a law enforcement StingRay device? A. It acts as a fake cell tower B. It is an illegal device C. It is primarily used to listen to a suspect's phone call D. It captures the MEID of a cellphone
A. It acts as a fake cell tower
____ refers to techniques that can enhance edges and sharpen objects in an image. A. Linear filtering B. Cropping C. Color balancing D. Contrast adjustment
A. Linear filtering
Which acts established the Department of Homeland Security and mandated that the United States Secret Service establish Electronic Crime Task Forces nationwide? A. The USA PATRIOT Act B. The PROTECT Act C. Children's Online Privacy Protection Act D. Health Insurance Portability and Accountability Act
A. The USA PATRIOT Act
Which of the following best describes photoplethysmography (PPG)? A. The use of light to determine heart rate. B. The use of electrical signals from the heart. C. It is the name of a chemical found in all electronic devices. D. It is a heart condition which can result from high blood pressure.
A. The use of light to determine heart rate.
Which of the following includes the longitude and latitude of where a digital photograph was taken? A. Geotag B. Metatag C. LatLongTag D. geoCookie
A. Geotag
_______ is a messaging service found on most cell phones that allows the user to send multimedia content, such as audio, video, and images. A. MMS B. SMS C. MSM D. SIS
A. MMS
What activity is being performed in the following figure? disk jockey, scsci A. Using Disk Jockey to copy content of one hard disk to another B. Using Disk Jockey to erase the contents hard disks C. Using Disk Jockey to move content of one hard disk to another D. Using Disk Jockey to connect one hard disk to another
A. Using Disk Jockey to copy content of one hard disk to another
A ________ refers to a geographic area within a cellular network. A. Cell B. Comb C. Patch D. Hive
A. cell
In rebutting assertions made by Zacharias Moussaoui's defense counsel, an expert witness noted that the FBI uses three methods of _______ a hard drive: Linuxdd, SafeBack, and Logicube. A. Encrypting B. Duplicating C. Erasing D. Decrypting
B. Duplicating
Who was Stephen Craig Paddock? A. He was involved with the 9/11 attack B. He was responsible for the Las Vegas Massacre C. He was found guilty of cyber bullying D. He created a Dark Web marketplace
B. He was responsible for the Las Vegas Massacre
In 1996, the USSS established the ________________ A. FBI B. New York Electronic Crimes Task Force C. Crime Investigation Approach D. None of the other answers are correct.
B. New York Electronic Crimes Task Force
The Windows ________ is a hierarchical database that stores system configuration information. A. Program Files B. Registry C. System32 D. All of these
B. Registry
Information about digital image evidence and manipulation can be found in the published work of the ___________. A. TWIG B. SWGIT C. SWITG D. GIF
B. SWGIT
_______ standard operating procedures for a variety of scientific practices, including cell phone forensics. It issued guidelines on cell phone forensics in 2014. A. Cellphone Forensics B. The National Institute of Standards and Technology (NIST) C. GPS Standards D. None of the other answers are correct.
B. The National Institute of Standards and Technology (NIST)
_____ is the process by which over time areas of a storage medium become unusable. A. Environmental disturbances B. Ware-leveling C. Ware housing D. Misuse
B. Ware-leveling
Which of the following values are found in hexadecimal? A. A-F B. 0-9 and A-F C. 0-9 D. 0 or 1
B. 0-9 and A-F
Which of the following indicates the routing information for a bank branch? A. ABC B. ABA C. ESI D. AFF
B. ABA
A(n) _________ is a file's set of attributes A. CDS B. ADS C. MDS D. BDS
B. ADS
Which of the following attacks, which utilized malware like QuasarRAT, has been attributed to Chinese hackers and targeted managed service providers? A. APT6 B. APT10 C. APT1 D. APT35
B. APT10
Which of the following statements best defines computer forensics? A. Computer forensics is the use of evidence to solve computer crimes. B. Computer forensics is the use of digital evidence to solve a crime. C. Computer forensics is only used to find deleted files on a computer. D. Computer forensics is only used to examine desktop and laptop computers.
B. Computer forensics is the use of digital evidence to solve a crime.
The Computer Analysis and Response Team (CART) is a unit of which government agency? A. USSS B. FBI C. CIA D. ICE
B. FBI
Based in Georgia, US _________________ is an interagency law enforcement training organization. A. CIS B. FLETC C. SEALS D. FBI
B. FLETC
According to the Federal Rules of Evidence, ________ is a statement other than one made by the declarant while testifying at the trial or hearing offered in evidence to prove the truth of the matter asserted. A. Discovery B. Hearsay C. Exclusionary D. Best evidence
B. Hearsay
Investigating a computer while it is turned on is called _____ forensics. A. Switch On B. Live C. Powered On D. Continuum
B. Live
What sort of disk drive is shown in the following figure? crucial M500 2.5 inch solid state drive A. eSATA HDD B. SSD C. IDE HDD D. SATA HDD
B. SSD
What does the following figure represent? spindle, platters, power connector, jumper pins, scsi interface connector, actuator, actuator arm, ribbon cable, slider head A. The outer layout of a hard disk B. The physical layout of a hard disk C. The logical layout of a hard disk D. The physical layout of a USB
B. The physical layout of a hard disk
Which of the following tools is used to classify and identify malware variants? A. RegRipper B. YARA C. Carbon Black D. Kibana
B. YARA
Which of the following would be an example of a static analysis of an app? A. Analysis of DNS connections B. Application code review C. App analysis with Wireshark D. Executing an app with an emulator
B. app code review
The ________ rule states that secondary evidence, or a copy, is inadmissible in court when the original exists. A. Discovery B. Best evidence C. Exclusionary D. Hearsay
B. best evidence
______ law outlines the relationships among the Legislative, Judiciary, and Executive branches. A. Judicial B. Constitutional C. Regulatory D. Codified
B. constitutional
The State of Florida defines the term ________ to mean communication by means of electronic mail or electronic communication that causes substantial emotional distress and does not serve a legitimate purpose. A. Cybertalk B. Cyberstalk C. Cyberfollowing D. Cyberconsulting
B. cyberstalk
A ________ examination is the questioning of counsel's witness in a trial. (One's own witness) A. Jury B. Direct C. Private D. Cross
B. direct
A(n) ________ locker is a metal cabinet with individual compartments that can be locked individually. A. Police B. Evidence C. None of the other answers are correct. D. Forensic
B. evidence
What does the following figure signify? item #, description item #, description item #, description A. All of these are correct. B. Evidence list C. Evidence Order D. Evidence Guardian Chart
B. evidence list
Under the Sarbanes-Oxley Act, publicly traded companies must maintain all electronic information, including emails, for a minimum of ________ years. A. Ten B. Fifteen C. Three D. Five
B. fifteen
A(n) ________detection system is hardware or software used to monitor network traffic for malicious activity. A. Packet B. Intrusion C. System D. Activity
B. intrusion
A ________ is a logical storage unit on a disk. A. None of the other answers are correct. B. Partition C. Hard drive D. Platter
B. partition
Before the investigation, all harvest disk drives must be __________. A. Encrypted B. Sanitized C. Salted D. Copied
B. sanitized
When photographing hardware evidence, each item should be photographed as a whole, and then the _________ should be photographed. A. Instruction manual B. Serial number C. None of the other answers are correct. D. Inside of the hardware
B. serial number
Which of the following tools can be used to find the location of unsecured IoT devices, including CCTV? A. Maltego B. Shodan C. Mirai D. FTK
B. shodan
A(n) ________, sometimes called a newsgroup, is an online distributed discussion board that enables users to post messages and read postings. A. None of the other answers are correct. B. Usenet C. Proxy D. Web Club
B. usenet
Which of the following is a set of rules that determine the admissibility of evidence in both civil and criminal cases in federal court? A. Federal Rules of Hearsay B. Federal Rules of Discovery C. Federal Rules of Evidence D. Federal Rules of Civil Procedure
C. Federal Rules of Evidence
The first sector on a hard disk (Sector 0) is known as the ________. A. Boot Master B. First Record C. Master Boot Record D. Master Record
C. Master Boot Record
______ is mandated to help locate missing children and combat the (sexual) exploitation of children. A. CIA B. FBI C. NCMEC D. USSS
C. NCMEC
A(n) ________ cookie is a text file sent to a browser that is stored on a computer and used to identify and authenticate Internet users. A. Template B. All of these C. Session D. Presentation
C. Session
Antistatic polyethylene evidence bags are primarily designed to protect electronic devices from ________ A. None of the other answers are correct. B. Exposure to light C. Static electricity D. Spillage
C. Static electricity
A chain of custody (CoC) form documents which of the following? A. Law enforcement officers who arrest and imprison a criminal suspect. B. A chain of letters or emails used in an investigation. C. Anyone who has been in contact with evidence in a case. D. None of the above
C. Anyone who has been in contact with evidence in a case
A(n) ______ court decides whether to hear an appeal. A. Jury B. Judicial C. Appeals D. State
C. Appeals
What is shown in the following figure? Reconnaissance Weaponize Deliver Exploit Install Command and Control Act on Objectives A. Cyber Chain B. Kill Chain C. Cyber Kill Chain D. Cyber Reconnaissance Chain
C. Cyber Kill Chain
_____ is the time recorded at 0 degrees longitude. All time zones around the world are coordinated with this time. A. AMT B. IST C. GMT D. GCT
C. GMT
In the US, the supreme courts are also referred to as court(s) of ________. A. State B. Federal C. Appeal D. Judicial
C. appeal
The FBI became aware that a computer at Kinko's in Eagan, Minnesota had been used by Zacharias Moussaoui because it inspected Kinko's ________logs. A. Switch B. Computer C. Firewall D. Router
C. firewall
Every computer forensics laboratory should have a ____________ A. Analog to digital converter B. Forensic inspector C. Forensic disk duplicator D. Digital manipulator
C. forensic disk duplicator
The two primary functions of a SIM card are to identify the subscriber to a cellular network and to ________. A. None of the other answers are correct. B. Provide backup power to the device C. Store data D. Broadcast location
C. store data
______ contains the user profile for the current profile that is logged in to the system A. HKEY_CLASSES_ROOT (HKCR) B. HKEY_LOCAL_MACHINE (HKLM) C. HKEY_CURRENT_CONFIG (HKCC) D. HKEY_CURRENT_USER (HKCU)
D. HKEY_CURRENT_USER (HKCU)
Who was Ross Ulbricht? A. He was found guilty of cyber bullying B. He was responsible for the Las Vegas Massacre C. He was involved with the 9/11 attack D. He created a Dark Web marketplace
D. He created a Dark Web marketplace
The first three digits of the IMSI are referred to as which of the following? A. Mobile Subscriber Identity Number B. Mobile network operator C. Integrated Circuit Card ID D. Mobile country code
D. Mobile country code
The BTK case involving Dennis Rader involved serial killings that began in 1974 and ended in ________. A. 1985 B. 1981 C. 1975 D. 1991
D. 1991
Which of the following fire extinguishers are suitable for electrical fires? A. DBA B. AFF C. FAC D. ABC
D. ABC
Which of the following is the standard time for computer systems? A. Greenwich Mean Time B. Eastern Standard Time C. Mountain Standard Time D. Universal Time Coordinated
D. Universal Time Coordinate (UTC)
Companies can benefit from sharing intelligence about similar cyber threats. Therefore, we have sector-based Information Sharing and __________ Centers that facilitate this process? A. Informatics B. Cyber C. Database D. Analysis
D. analysis
