Module 13 Quiz - Forensics
What are the two states of encrypted data in a secure cloud? A) RC4 and RC5 B) CRC-32 and UTF-16 C) Data in motion and data at rest D) Homomorphic and AES
C) Data in motion and data at rest
When should a temporary restraining order be requested for cloud environments? A) When anti-forensics techniques are suspected B) When cloud customers need immediate access to their data C) When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case D) To enforce a court order
C) When a search warrant requires seizing a CSP's hardware and software used by other
NIST document SP 500-322 defines more than 75 cloud services, including which of the following? A) Security as a service B) Backup as a service C) Drupal as a service D) All of the above
D) All of the above
What capabilities should a forensics tool have to acquire data from a cloud? A) Expand and contract data storage capabilities as needed for service changes. B) Identify and acquire data from the cloud. C) Examine virtual systems. D) All of the above
D) All of the above
Which of the following is a mechanism the ECPA describes for the government to get electronic information from a provider? A) Subpoenas with prior notice B) Search warrants C) Court orders D) All of the above
D) All of the above
In which cloud service level can customers rent hardware and install whatever OSs and applications they need? A) PaaS B) HaaS C) SaaS D) IaaS
D) IaaS
Which of the following cloud deployment methods typically offers no security? A) Public cloud B) Private cloud C) Community cloud D) Hybrid cloud
A) Public cloud
A CSP's incident response team typically consists of system administrators, network administrators, and legal advisors. A) True B) False
A) True
A(n) CSA or cloud service agreement is a contract between a CSP and the customer that describes what services are being provided and at what level. A) True B) False
A) True
Amazon was an early provider of Web-based services that eventually developed into the cloud concept. A) True B) False
A) True
Public cloud services such as Dropbox and OneDrive use Sophos SafeGuard and Sophos Mobile Control as their encryption applications A) True B) False
A) True
The cloud services Dropbox, Google Drive, and OneDrive have Registry entries. A) True B) False
A) True
The multitenancy nature of cloud environments means conflicts in privacy laws can occur. A) True B) False
A) True
To see Google Drive synchronization files, you need a SQL viewer. A) True B) False
A) True
Updates to the EU Data Protection Rules will affect how data is moved during an investigation regardless of location. A) True B) False
A) True
Cloud Service Providers have incident response teams that consist of all of the following, EXCEPT: A) backup operators B) legal advisors C) network administrators D) system administrators
A) backup operators
Commingled data isn't a concern when acquiring cloud data. A) True B) False
B) False
All of the following are mechanisms that are used to collect digital evidence under the U.S. Electronic Communications Privacy Act (ECPA), EXCEPT: A) court orders B) subpoenas without prior notice to the subscriber or customer C) subpoenas D) search warrants
B) subpoenas without prior notice to the subscriber or customer
Evidence of cloud access found on a smartphone usually means which cloud service level was in use? A) HaaS B) IaaS C) SaaS D) PaaS
C) SaaS
What are the three levels of cloud services defined by NIST? A) CRC, DRAM, and IMAP B) Hybrid, private, and community clouds C) OpenStack, FROST, and management plane D) SaaS, PaaS, and IaaS
D) SaaS, PaaS, and IaaS
All of the following pose challenges to cloud computing, EXCEPT: A) analysis of cloud forensic data B) cloud architecture C) legal issues D) cloud uptime
D) cloud uptime
All of the following are considered cloud service levels, EXCEPT: A) infrastructure as a service B) software as a service C) platform as a service D) computer as a service
D) computer as a service
Which of the following contain metadata on the last date and time an application was run and how many times it has run since being installed? A) metadata files B) tracker files C) postfetch files D) prefetch files
D) prefetch files