Digital Forensics - Module 13 Quiz
NIST document SP 500-322 defines more than 75 cloud services, including which of the following? Drupal as a service Security as a service Backup as a service All of the above
All of the above
What capabilities should a forensics tool have to acquire data from a cloud? Examine virtual systems. Identify and acquire data from the cloud. Expand and contract data storage capabilities as needed for service changes. All of the above
All of the above
Which of the following is a mechanism the ECPA describes for the government to get electronic information from a provider? Subpoenas with prior notice Court orders Search warrants All of the above
All of the above
What are the two states of encrypted data in a secure cloud? CRC-32 and UTF-16 Homomorphic and AES RC4 and RC5 Data in motion and data at rest
Data in motion and data at rest
Commingled data isn't a concern when acquiring cloud data. True False
False
In which cloud service level can customers rent hardware and install whatever OSs and applications they need? SaaS PaaS HaaS IaaS
IaaS
Which of the following cloud deployment methods typically offers no security? Private cloud Public cloud Hybrid cloud Community cloud
Public cloud
Evidence of cloud access found on a smartphone usually means which cloud service level was in use? SaaS IaaS HaaS PaaS
SaaS
What are the three levels of cloud services defined by NIST? OpenStack, FROST, and management plane Hybrid, private, and community clouds CRC, DRAM, and IMAP SaaS, PaaS, and IaaS
SaaS, PaaS, and IaaS
A CSP's incident response team typically consists of system administrators, network administrators, and legal advisors. True False
True
A(n) CSA or cloud service agreement is a contract between a CSP and the customer that describes what services are being provided and at what level. True False
True
Amazon was an early provider of Web-based services that eventually developed into the cloud concept. True False
True
Public cloud services such as Dropbox and OneDrive use Sophos SafeGuard and Sophos Mobile Control as their encryption applications
True
The cloud services Dropbox, Google Drive, and OneDrive have Registry entries.
True
The multitenancy nature of cloud environments means conflicts in privacy laws can occur. True False
True
To see Google Drive synchronization files, you need a SQL viewer. True False
True
Updates to the EU Data Protection Rules will affect how data is moved during an investigation regardless of location. True False
True
When should a temporary restraining order be requested for cloud environments? When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case When cloud customers need immediate access to their data To enforce a court order When anti-forensics techniques are suspected
When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case
