Security+ Chapter 15 Questions

¡Supera tus tareas y exámenes ahora con Quizwiz!

Henry wants to use an open source forensic suite. Which of the following tools should he select? A. Autopsy B. EnCase C. FTK D. WinHex

A

Melissa wants to capture network traffic for forensic purposes. What tool should she use to capture it? A. A forensic suite B. Wireshark C. dd D. WinHex

B

What legal concept determines the law enforcement agency or agencies that will be involved in a case based on location? A. Nexus B. Nonrepudiation C. Jurisdiction D. Admissibility

C

What is the document that tracks the custody or control of a piece of evidence called? A. Evidence log B. Audit log C. Event report D. Chain of custody

D

Michael wants to acquire the firmware from a running device for analysis. What method is most likely to succeed? A. Use forensic memory acquisition techniques B. Use disk forensic acquisition techniques C. Remove the firmware chip from the system D. The forensic tool is reading the timestamps incorrectly

A

What is the key difference between hashing and checksums? A. Both can validate integrity, but a hash also provides a unique digital fingerprint B. A hash can be reversed, and a checksum cannot be C. Checksums provide greater security than hashing D. Checksums have fewer message collisions than a hash

A

Alex has been handed a flash media device that was quick-formatted and has been asked to recover the data. What data will remain on the drive? A. No data will remain on the drive B. Files will remain but file indexes will not C. File indexes will remain, but the files will be gone D. Files and file indexes will remain on the drive

B

Gabby wants to capture the pagefile for a system. Where will she find the pagefile stored? A. In memory B. On disk C. In a CPU register D. In a device firmware

B

Isaac is performing a forensic analysis on two systems that were compromised in the same event in the same facility. As he performs his analysis, he notices that the event appears to have happened almost exactly one hour earlier on one system than the other. What is the most likely issue he has encountered? A. The attacker took an hour to get to the second system. B. One system is set to an incorrect time zone. C. The attacker changed the system clock to throw off forensic practitioners. D. The forensic tool is reading the timestamps incorrectly.

B

Maria has acquired a disk image from a hard drive using dd, and she wants to ensure that her process is forensically sound. What should her next step be after completing the copy? A. Securely wipe the source drive. B. Compare the hashes of the source and target drive. C. Securely wipe the target drive. D. Update her chain-of-custody document.

B

Naomi is preparing to migrate her organization to a cloud service and wants to ensure that she has the appropriate contractual language in place. Which of the following is not a common item she should include? A. Right-to-audit clauses B. Right to forensic examination C. Choice of jurisdiction D. Data breach notification timeframe

B

Charles needs to know about actions an individual performed on a PC. What is the best starting point to help him identify those actions? A. Review the system log B. Review the event log C. Interview the individual D. Analyze the system's keystroke log

C

Charles wants to obtain a forensic copy of a running virtual machine. What technique should he use to capture the image? A. Run dd from within the running machine B. Use FTK Imager from the virtual machine host C. Use the VM host to create a snapshot D. Use WinHex to create a copy from within the running machine

C

Cynthia wants to make an exact copy of a drive using a Linux command-line tool. What command should she use? A. df B. cp C. dd D. ln

C

Greg wants to use a tool that can directly edit disks for forensic purposes. What commercial tool could he select from this list? A. dd B. memdump C. WinHex D. df

C

Gurvinder wants to follow the order of volatility to guide his forensic data acquisition. Which of the following is the least volatile? A. RAM B. Data on the hard drive C. Backups D. Remote logs

C

Theresa's organization has received a legal hold notice for their files and documents. Which of the following is not an action she needs to take? A. Ensure that changes to existing documents related to the case are tracked and that originals can be provided B. Preserve all existing documents relevant to the case C. Delete all sensitive documents related to the case D. Prevent backups that contain files related to the case from being overwritten on their normal schedule

C

Alaina wants to maintain chain of custody documentation and has created a form. Which of the following is not a common element on a chain of custody form? A. Item identifier number B. Signature of the person transferring the item C. Signature of the person receiving

D

Frank is concerned about the admissibility of his forensic data. Which of the following is not an element he should be concerned about? A. Whether the forensic source data has remained unaltered B. Whether the practices and procedures would survive review by experts C. Whether the evidence is relevant to the case D. Whether the forensic information includes a timestamp

D

Which of the following is a memory forensics toolkit that includes memdump? A. FTK Imager B. WinHex C. dd D. Volatility

D


Conjuntos de estudio relacionados

Fiscal and Monetary Policy Mini TEST 1/6/22

View Set

Medical Laboratory Science Review Harr 5.7 Chemistry - Enzymes and Cardiac Markers (41-80)

View Set

Chapter 08: Communication and the Nurse-Patient Relationship Study Guide

View Set

Pediatric practice questions exam 2

View Set

Chapter 5: Starting out with C++ Definitions, Starting out with C++ Chapter 2 Quiz, Starting out with C++ Chapter 3 Quiz, Starting out with C++ Chapter 4 Quiz

View Set

4 - Operations and Incident Response: Incorrect Answers

View Set