CCT 121 Test 3
Which of the following types of files can provide useful information when you're examining an e-mail server?
.log files
In Microsoft Outlook, e-mails are typically stored in which of the following?
.pst and .ost files
In VirtualBox, a(n) __________ file contains settings for virtual hard drives.
.vbox
Which of the following file extensions are associated with VMware virtual machines?
.vmx, .log, and .nvram
SD cards have a capacity up to which of the following?
64 GB
To trace an IP address in an e-mail header, what type of lookup service can you use?
A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net
The term TDMA refers to which of the following?
A technique of dividing a radio frequency so that multiple users share the same channel A specific cellular network standard
E-mail headers contain which of the following information?
An ESMTP number or reference number The sender and receiver e-mail addresses The e-mail servers the message traveled through to reach its destination
What information is not in an e-mail header?
Blind copy (bcc) addresses
Which of the following categories of information is stored on a SIM card?
Call data Service-related data
When you access your e-mail, what type of computer architecture are you using?
Client/server
When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator?
E-mail header Firewall log
A forensic image of a VM includes all snapshots. True or False?
False
A forensic linguist can determine an author's gender by analyzing chat logs and social media communications. True or False?
False
What's the most commonly used cellular network worldwide?
GSM
Which Registry key contains associations for file extensions?
HKEY_CLASSES_ROOT
According to SANS DFIR Forensics, which of the following tasks should you perform if a mobile device is on and unlocked?
Isolate the device from the network. Remove the passcode Disable the screen lock.
Packet analyzers examine what layers of the OSI model?
Layers 2 and 3
Which of the following is a mobile forensics method listed in NIST guidelines?
Logical extraction Physical extraction Hex dumping
What are the three modes of protection in the DiD strategy?
People, technology, operations
GSM divides a mobile station into ______ and ______.
SIM card and ME
Evidence of cloud access found on a smartphone usually means which cloud service level was in use?
SaaS
What are the three levels of cloud services defined by NIST?
SaaS, PaaS, and IaaS
Which of the following is a mechanism the ECPA describes for the government to get electronic information from a provider?
Subpoenas with prior notice Court orders Search warrants
You can expect to find a type 2 hypervisor on what type of device?
Tablet, Desktop, Smartphone
Router logs can be used to verify what types of e-mail data?
Tracking flows through e-mail server ports
SIM card readers can alter evidence by showing that a message has been read when you view it. True or False?
True
To find network adapters, you use the __________ command in Windows and the __________ command in Linux.
ipconfig, ifconfig
Sendmail uses which file for instructions on processing an e-mail message?
sendmail.cf
Logging options on e-mail servers can be which of the following?
Configured to a specified size before being overwritten
What are the two states of encrypted data in a secure cloud?
Data in motion and data at rest
Commingled data isn't a concern when acquiring cloud data. True or False?
False
IETF is the organization setting standards for 5G devices. True or False?
False
The cloud services Dropbox, Google Drive, and OneDrive have Registry entries. True or False?
False
The uRLLC 5G category focuses on communications in smart cities. True or False?
False
When acquiring a mobile device at an investigation scene, you should leave it connected to a laptop or tablet so that you can observe synchronization as it takes place. True or False?
False
You can view e-mail headers in Notepad with all popular e-mail clients. True or False?
False
In which cloud service level can customers rent hardware and install whatever OSs and applications they need?
IaaS
What capabilities should a forensics tool have to acquire data from a cloud?
Identify and acquire data from the cloud. Examine virtual systems. Expand and contract data storage capabilities as needed for service changes.
A layered network defense strategy puts the most valuable data where?
In the innermost layer
Virtual Machine Extensions (VMX) are part of which of the following?
Intel Virtualized Technology
Phishing does which of the following?
Lures users with false promises
Which of the following is a current formatting standard for e-mail?
MIME
Which of the following relies on a central database that tracks account data, location data, and subscriber information?
MSC
When do zero day attacks occur?
On the day the application or OS is released Before the vendor is aware of the vulnerability
Which of the following cloud deployment methods typically offers no security?
Public cloud
The number of VMs that can be supported per host by a type 1 hypervisor is generally determined by the amount of __________ and __________.
RAM, storage
When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do?
Restore the e-mail server from a backup.
Remote wiping of a mobile device can result in which of the following?
Returning the phone to the original factory settings Deleting contacts Removing account information
In which of the following cases did the U.S. Supreme Court require using a search warrant to examine the contents of mobile devices?
Riley v. California
NIST document SP 500-322 defines more than 75 cloud services, including which of the following?
Security as a service Drupal as a service Backup as a service
What's the main piece of information you look for in an e-mail message you're investigating?
Sender or receiver's e-mail address
Most SIM cards allow ______ access attempts before locking you out.
Three
A CSP's incident response team typically consists of system administrators, network administrators, and legal advisors. True or False?
True
A(n) CSA or cloud service agreement is a contract between a CSP and the customer that describes what services are being provided and at what level. True or False?
True
After examining e-mail headers to find an e-mail's originating address, investigators use forward lookups to track an e-mail to a suspect. True or False?
True
Amazon was an early provider of Web-based services that eventually developed into the cloud concept. True or False?
True
E-mail accessed with a Web browser leaves files in temporary folders. True or False?
True
Mobile device information might be stored on the internal memory or the SIM card. True or False?
True
Placing it in paint cans and using Faraday bags are two ways you can isolate a mobile device from incoming signals. True or False?
True
Public cloud services such as Dropbox and OneDrive use Sophos SafeGuard and Sophos Mobile Control as their encryption applications. True or False?
True
Tcpslice can be used to retrieve specific timeframes of packet captures. True or False?
True
The Internet of Things includes radio frequency identification (RFID) sensors as well as wired, wireless, and mobile devices. True or False?
True
The multitenancy nature of cloud environments means conflicts in privacy laws can occur. True or False?
True
To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations. True or False?
True
To see Google Drive synchronization files, you need a SQL viewer. True or False?
True
Typically, you need a search warrant to retrieve information from a service provider. True or False?
True
Updates to the EU Data Protection Rules will affect how data is moved during an investigation regardless of location. True or False?
True
Which of the following is a clue that a virtual machine has been installed on a host system?
Virtual network adapter
When should a temporary restraining order be requested for cloud environments?
When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case
On a UNIX-like system, which file specifies where to save different types of e-mail log files?
syslog.conf