CCT 121 Test 3

Which of the following types of files can provide useful information when you're examining an e-mail server?

.log files

In Microsoft Outlook, e-mails are typically stored in which of the following?

.pst and .ost files

In VirtualBox, a(n) __________ file contains settings for virtual hard drives.

.vbox

Which of the following file extensions are associated with VMware virtual machines?

.vmx, .log, and .nvram

SD cards have a capacity up to which of the following?

64 GB

To trace an IP address in an e-mail header, what type of lookup service can you use?

A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net

The term TDMA refers to which of the following?

A technique of dividing a radio frequency so that multiple users share the same channel A specific cellular network standard

E-mail headers contain which of the following information?

An ESMTP number or reference number The sender and receiver e-mail addresses The e-mail servers the message traveled through to reach its destination

What information is not in an e-mail header?

Blind copy (bcc) addresses

Which of the following categories of information is stored on a SIM card?

Call data Service-related data

When you access your e-mail, what type of computer architecture are you using?

Client/server

When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator?

E-mail header Firewall log

A forensic image of a VM includes all snapshots. True or False?

False

A forensic linguist can determine an author's gender by analyzing chat logs and social media communications. True or False?

False

What's the most commonly used cellular network worldwide?

GSM

Which Registry key contains associations for file extensions?

HKEY_CLASSES_ROOT

According to SANS DFIR Forensics, which of the following tasks should you perform if a mobile device is on and unlocked?

Isolate the device from the network. Remove the passcode Disable the screen lock.

Packet analyzers examine what layers of the OSI model?

Layers 2 and 3

Which of the following is a mobile forensics method listed in NIST guidelines?

Logical extraction Physical extraction Hex dumping

What are the three modes of protection in the DiD strategy?

People, technology, operations

GSM divides a mobile station into ______ and ______.

SIM card and ME

Evidence of cloud access found on a smartphone usually means which cloud service level was in use?

SaaS

What are the three levels of cloud services defined by NIST?

SaaS, PaaS, and IaaS

Which of the following is a mechanism the ECPA describes for the government to get electronic information from a provider?

Subpoenas with prior notice Court orders Search warrants

You can expect to find a type 2 hypervisor on what type of device?

Tablet, Desktop, Smartphone

Router logs can be used to verify what types of e-mail data?

Tracking flows through e-mail server ports

SIM card readers can alter evidence by showing that a message has been read when you view it. True or False?

True

To find network adapters, you use the __________ command in Windows and the __________ command in Linux.

ipconfig, ifconfig

Sendmail uses which file for instructions on processing an e-mail message?

sendmail.cf

Logging options on e-mail servers can be which of the following?

Configured to a specified size before being overwritten

What are the two states of encrypted data in a secure cloud?

Data in motion and data at rest

Commingled data isn't a concern when acquiring cloud data. True or False?

False

IETF is the organization setting standards for 5G devices. True or False?

False

The cloud services Dropbox, Google Drive, and OneDrive have Registry entries. True or False?

False

The uRLLC 5G category focuses on communications in smart cities. True or False?

False

When acquiring a mobile device at an investigation scene, you should leave it connected to a laptop or tablet so that you can observe synchronization as it takes place. True or False?

False

You can view e-mail headers in Notepad with all popular e-mail clients. True or False?

False

In which cloud service level can customers rent hardware and install whatever OSs and applications they need?

IaaS

What capabilities should a forensics tool have to acquire data from a cloud?

Identify and acquire data from the cloud. Examine virtual systems. Expand and contract data storage capabilities as needed for service changes.

A layered network defense strategy puts the most valuable data where?

In the innermost layer

Virtual Machine Extensions (VMX) are part of which of the following?

Intel Virtualized Technology

Phishing does which of the following?

Lures users with false promises

Which of the following is a current formatting standard for e-mail?

MIME

Which of the following relies on a central database that tracks account data, location data, and subscriber information?

MSC

When do zero day attacks occur?

On the day the application or OS is released Before the vendor is aware of the vulnerability

Which of the following cloud deployment methods typically offers no security?

Public cloud

The number of VMs that can be supported per host by a type 1 hypervisor is generally determined by the amount of __________ and __________.

RAM, storage

When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do?

Restore the e-mail server from a backup.

Remote wiping of a mobile device can result in which of the following?

Returning the phone to the original factory settings Deleting contacts Removing account information

In which of the following cases did the U.S. Supreme Court require using a search warrant to examine the contents of mobile devices?

Riley v. California

NIST document SP 500-322 defines more than 75 cloud services, including which of the following?

Security as a service Drupal as a service Backup as a service

What's the main piece of information you look for in an e-mail message you're investigating?

Sender or receiver's e-mail address

Most SIM cards allow ______ access attempts before locking you out.

Three

A CSP's incident response team typically consists of system administrators, network administrators, and legal advisors. True or False?

True

A(n) CSA or cloud service agreement is a contract between a CSP and the customer that describes what services are being provided and at what level. True or False?

True

After examining e-mail headers to find an e-mail's originating address, investigators use forward lookups to track an e-mail to a suspect. True or False?

True

Amazon was an early provider of Web-based services that eventually developed into the cloud concept. True or False?

True

E-mail accessed with a Web browser leaves files in temporary folders. True or False?

True

Mobile device information might be stored on the internal memory or the SIM card. True or False?

True

Placing it in paint cans and using Faraday bags are two ways you can isolate a mobile device from incoming signals. True or False?

True

Public cloud services such as Dropbox and OneDrive use Sophos SafeGuard and Sophos Mobile Control as their encryption applications. True or False?

True

Tcpslice can be used to retrieve specific timeframes of packet captures. True or False?

True

The Internet of Things includes radio frequency identification (RFID) sensors as well as wired, wireless, and mobile devices. True or False?

True

The multitenancy nature of cloud environments means conflicts in privacy laws can occur. True or False?

True

To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations. True or False?

True

To see Google Drive synchronization files, you need a SQL viewer. True or False?

True

Typically, you need a search warrant to retrieve information from a service provider. True or False?

True

Updates to the EU Data Protection Rules will affect how data is moved during an investigation regardless of location. True or False?

True

Which of the following is a clue that a virtual machine has been installed on a host system?

Virtual network adapter

When should a temporary restraining order be requested for cloud environments?

When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case

On a UNIX-like system, which file specifies where to save different types of e-mail log files?

syslog.conf