CSNT 280 Quiz Review

In what year was the Computer Fraud and Abuse Act passed?​ ​1976 ​1980 1986 ​1996

1986

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?​ ​512 MB 2 GB ​1 TB ​1 PB

2 GB

​In order to qualify for the Certified Computer Forensic Technician, Basic Level certification, how many hours of computer forensics training are required? ​10 ​20 ​30 40

40

Which RAID type provides increased speed and data storage capability, but lacks redundancy? RAID 0 ​RAID 1 ​RAID 0+1 ​RAID 5

RAID 0

Which RAID type utilizes mirrored striping, providing fast access and redundancy?​ RAID 1 RAID 3 RAID 5 RAID 10

RAID 10

Which RAID type utilizes a parity bit and ​allows for the failure of one drive without losing data? ​RAID 1 ​RAID 2 ​RAID 3 RAID 5

RAID 5

​Which option below is not a hashing function used for validation checks? RC4 ​MD5 ​SHA-1 ​CRC32

RC4

_______ is not recommended for a digital forensics workstation. ​A text editor tool ​A write-blocker device ​An SCSI card Remote access software

Remote access software

Which option below is not a recommendation for securing storage containers? ​The container should be located in a restricted area. ​Only authorized access should be allowed, and it should be kept to a minimum. ​Evidence containers should remain locked when they aren't under direct supervision. Rooms with evidence containers should have a secured wireless network.

Rooms with evidence containers should have a secured wireless network.

Which of the following is not done when preparing for a case?​ ​Describe the nature of the case. ​Identify the type of OS. Set up covert surveillance. ​Determine whether you can seize the computer or digital device.

Set up covert surveillance.

​A TEMPEST facility is designed to accomplish which of the following goals? ​Prevent data loss by maintaining consistent backups. Shield sensitive computing systems and prevent electronic eavesdropping of computer emissions. ​Ensure network security from the Internet using comprehensive security software. ​Protect the integrity of data.

Shield sensitive computing systems and prevent electronic eavesdropping of computer emissions.

​As a general rule, what should be done by forensics experts when a suspect computer is seized in a powered-on state? ​The power cable should be pulled. ​The system should be shut down gracefully. ​The power should be left on. The decision should be left to the Digital Evidence First Responder (DEFR).

The decision should be left to the Digital Evidence First Responder (DEFR).

_______ is responsible for creating and monitoring lab policies for staff, and provides a safe and secure workplace for staff and evidence.​ The lab manager ​The lab investigator ​The lab secretary ​The lab steward

The lab manager

​In order to qualify for the Advanced Certified Computer Forensic Technician certification, a candidate must have _______ years of hands-on experience in computer forensics investigations. ​two three five six

five

A _______ is not ​a private sector organization. ​small to medium business ​large corporation ​non-government organization hospital

hospital

Within the fdisk interactive menu, what character should be entered to view existing partitions?​ l p o d

l

​To create a new primary partition within the fdisk interactive utility, which letter should be typed? c p l n

n

Hardware and software errors or incompatibilities are a common problem when dealing with older hard drives.​ True False

True

If you turn evidence over to law enforcement and begin working under their direction, you have become an agent of law enforcement, and are subject to the same restrictions on search and seizure as a law enforcement agent.​ True False

True

Most digital investigations in the private sector involve misuse of computing assets. True False

True

State public disclosure laws apply to state records, but FOIA allows citizens to request copies of public documents created by federal agencies.​ True False

True

Which open-source acquisition format is capable of producing compressed or uncompressed image files, and uses the .afd extension for segmented image files? Advanced Forensics Disk Advanced Forensic Format Advanced Capture Image Advanced Open Capture

Advanced Forensic Format

​What is the name of the Microsoft solution for whole disk encryption? ​DriveCrypt ​TrueCrypt BitLocker ​SecureDrive

BitLocker

​What certification program, sponsored by ISC2, requires knowledge of digital forensics, malware analysis, incident response, e-discovery, and other disciplines related to cyber investigations? ​Certified Computer Crime Investigator ​Certified Forensic Computer Examiner Certified Cyber Forensics Professional ​EnCase Certified Examiner

Certified Cyber Forensics Professional

​Candidates who complete the IACIS test successfully are designated as a _______. Certified Forensic Computer Examiner (CFCE) ​Certified Forensics Investigator (CFI) ​Certified Investigative Forensics Examiner (CIFE) ​Certified Investigative Examiner (CIE)

Certified Forensic Computer Examiner (CFCE)

After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant. ​Digital Evidence Recorder ​Digital Evidence Specialist Digital Evidence First Responder ​Digital Evidence Scene Investigator

Digital Evidence First Responder

​How often should hardware be replaced within a forensics lab? ​Every 6 to 12 months Every ​12 to 18 months Every ​18 to 24 months Every ​24 to 30 months

Every ​12 to 18 months

According to the National Institute of Standards and Technology (NIST), digital forensics involves scientifically examining and analyzing data from computer storage media so that it can be used as evidence in court. True False

False

All suspected industrial espionage cases should be treated as civil case investigations.​ True False

False

Because they are outdated, ribbon cables should not be considered for use within a forensics lab. True False

False

Computer-stored records are data the system maintains, such as system log files and proxy server logs​. True False

False

_______ is a common cause for lost or corrupted evidence. public access ​​Not having enough people on the processing team ​Having an undefined security perimeter Professional curiosity

Professional curiosity

What does FRE stand for? Federal Rules of Evidence ​Federal Regulations for Evidence ​Federal Rights for Everyone ​Federal Rules for Equipment

Federal Rules of Evidence

You must abide by the _______ while collecting evidence. Fourth Amendment ​Federal Rules of Evidence ​state's Rules of Evidence ​Fifth Amendment

Fourth Amendment

_______ is the term for a statement that is made by someone other than an actual witness to the event while testifying at a hearing. Second-party evidence ​Rumor ​Fiction Hearsay

Hearsay

Which technology below is not a hot-swappable technology? USB-3 ​FireWire 1394A ​SATA IDE

IDE

_______ are a special category of private sector businesses, due to their ability to investigate computer abuse committed by employees only, but not customers. ​Hospitals ISPs ​Law firms ​News networks

ISPs

Which Microsoft OS below is the least intrusive to disks in terms of changing data?​ ​Windows 95 ​Windows XP ​Windows 7 MS-DOS 6.22

MS-DOS 6.22

What should you do while copying data on a suspect's computer that is still live?​ ​Open files to view contents. Make notes regarding everything you do. ​Conduct a Google search of unknown extensions using the computer. ​Check Facebook for additional suspects.

Make notes regarding everything you do.

_______ describes the characteristics of a safe storage container. ​ISO2960 NISPOM ​SSO 990 ​STORSEC

NISPOM

_______ can be used to restore backup files directly to a workstation. ​Belarc Advisor Norton Ghost ​ProDiscover ​Photorec

Norton Ghost

A disaster recovery plan ensures that workstations and file servers can be restored to their original condition in the event of a catastrophe. True False

True

A forensics investigator should verify that acquisition tools can copy data in the HPA of a disk drive.​ True False

True

An emergency situation under the PATRIOT Act is defined as the immediate risk of death or personal ​injury, such as finding a bomb threat in an e-mail. True False

True

To investigate employees suspected of improper use of company digital assets, a company policy statement about misuse of digital assets allows corporate investigators to conduct covert surveillance with little or no cause, and access company computer systems and digital devices without a warrant.​ True False

True

User groups for a specific type of system can be very useful in a forensics investigation.​ True False

True

​The ImageUSB utility can be used to create a bootable flash drive. True False

True

​The recording of all updates made to a workstation or machine is referred to as configuration management. True False

True

When seizing digital evidence in criminal investigations, whose standards should be followed?​ U.S. DOJ ISO/IEC​ ​IEEE ​ITU

U.S. DOJ

Which option below is not a Linux Live CD meant for use as a digital forensics tool?​ ​Penguin Sleuth Kali Linux Ubuntu ​CAINE

Ubuntu

Which court case established that it is not necessary for computer programmers to testify in order to authenticate computer-generated records?​ United States v. Wong​ ​United States v. Carey United States v. Salgado ​United States v. Walser

United States v. Salgado

Which option below is not one of the recommended practices for maintaining a keyed padlock? ​Appoint a key custodian. Take inventory of all keys when the custodian changes. Use a master key. ​Change locks and keys annually.

Use a master key.

A(n) _______________ notifies end users that the organization owning the computer equipment reserves the right to inspect or search computer systems and network traffic at will. Warning banner System Administrator Security warning Login banner

Warning banner

Which of the following scenarios should be covered in a disaster recovery plan?​ damage caused by lightning strikes ​damage caused by flood ​damage caused by a virus contamination all of the above

all of the above

When conducting a digital forensics analysis under _______________ rules for an attorney, you must keep all findings confidential.​ attorney-client privilege (ACP) Federal Rules of Procedures investigation Federal

attorney-client privilege (ACP)

The _______ command was developed by Nicholas Harbour of the Defense Computer Forensics Laboratory. ​dd ​split dcfldd ​echo

dcfldd

The Linux command _____ can be used to write bit-stream data to files.​ ​write dd cat dump

dd

The Linux command _______ can be used to list the current disk devices connected to the computer. ls -l fdisk -l show drives geom

fdisk -l

The term _______ is used to describe someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest. ​criminal ​potential data source person of interest ​witness

person of interest

The ability to obtain a search warrant from a judge that authorizes a search and seizure of specific evidence requires sufficient _______.​ probable cause ​due diligence ​accusations ​reliability

probable cause

​Within a computing investigation, the ability to perform a series of steps again and again to produce the same results is known as _______. repeatable findings reloadable steps ​verifiable reporting ​evidence reporting

repeatable findings

The term _______ describes rooms filled with extremely large disk systems that are typically used by large business data centers. ​storage room server farm ​data well ​storage hub

server farm

Typically, the _____________ requires a bootable DVD or USB flash drive that runs an independent OS in a suspect computer's RAM, with the goal of preserving data during an acquisition. software write-blocker anti-malware software USB port forensics software

software write-blocker

_______ can be used with the dcfldd command to compare an image file to the original medium. ​compare ​cmp vf ​imgcheck

vf

The _______ switch can be used with the split command to adjust the size of segmented volumes created by the dd command. -p ​-s ​-b ​-S

​-b

In order to qualify for the Certified Computer Crime Investigator, Basic Level certification, candidates must provide documentation of at least _______ cases in which they participated.​ ​5 ​10 ​15 ​20

​10

Which tool below is not recommended for use in a forensics lab?​ ​2.5-inch adapters for drives ​FireWire and USB adapters ​SCSI cards ​Degausser

​Degausser

_______ would not be found in an initial-response field kit. ​Computer evidence bags (antistatic bags) ​Leather gloves and disposable latex gloves ​A digital camera with extra batteries or 35mm camera with film and flash ​External USB devices or a portable hard drive

​Leather gloves and disposable latex gloves

If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct him or her to submit a(n) _______.​ exhibit ​verdict ​affidavit ​memo

​affidavit

The sale of sensitive or confidential company information to a competitor is known as _______. ​industrial sabotage ​industrial espionage ​industrial collusion ​industrial betrayal

​industrial espionage

The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network. ​intrusion detection system ​active defense mechanism ​total awareness system ​intrusion monitoring system

​intrusion detection system