Module 6 Online quiz

Which of the following netstat parameters displays all active TCP connections as well as UDP ports on which the computer is listening? -e -n -a -o

-a

Colson, a forensic officer, was attempting to track a cybercriminal who had performed an online attack by gaining remote access to a Windows system of an organization. In this process, Colson executed an nbtstat command that displays the contents of the NetBIOS name cache as well as NetBIOS name-to-IP address mappings, which will help him in tracking the perpetrator. Which of the following nbtstat parameters helps Colson view the contents of the NetBIOS name cache? -a Interval -r -c

-c

Jaylen, a forensic investigator, was inspecting a suspected system and wanted to gather the details of all the users who logged in to the suspected system. For this purpose, he executed a PsLoggedOn command to obtain information about locally logged-in users. Identify the PsLoggedOn parameter that helps Jaylen retrieve the details of locally logged-in users. -x -l - \ \computer name

-l

Which of the following PsList parameters displays processes, memory information, and threads? -s [n] -x -t -d

-x

Which of the following tasklist parameters specifies the types of process(es) to include in or exclude from the main query? /m [ModuleName] /fi FilterName /u Domain \ User /s Computer

/fi FilterName

Which of the following tasklist parameters lists all the service information for each process without truncation? /s /v /svc /u

/svc

Which of the following values of Enable Prefetcher corresponds to "Application prefetching is enabled"? 1 3 0 2

1

A command, when executed, retains the same modification date of a file but changes its creation time and date to the current time and date in the NTFS file system. Identify this command. Copy sample.txt from E:\ to E:\subdir on the NTFS file system Move sample.txt from FAT16 file system to an NTFS file system Move sample.txt from E:\ to E:\subdir on the NTFS file system Move sample.txt from E:\ to E:\subdir on the FAT16 file system

Copy sample.txt from E:\ to E:\subdir on the NTFS file system

Russell, a forensics expert, was tasked with investigating a system found at a crime scene. During the investigation, Russell discovered some .jpeg images in a locked folder that were suspected to be loaded by the attacker. Russell employed a tool to extract the metadata associated with those images for further investigation. Which of the following tools assisted Russell in the above scenario? ExifTool Hping3 Splunk Nmap

ExifTool

Which of the following registry hives contains file extension association information and programmatic identifier(ProgID), Class ID (CLSID), and Interface ID (IID) data? HKEY_USERS HKEY_LOCAL_MACHINE HKEY_CLASSES_ROOT HKEY_CURRENT_CONFIG

HKEY_CLASSES_ROOT

Caiden, a forensics expert, was tasked with investigating fraud that occurred in an organization. An employee ofthe organization accessed a restricted file from the organization's server and modified some crucial word documents. To initiate an investigation, Caiden employed an online tool that reveals the last user who accessed the file and how many times the file has been edited.Which of the following tools did Caiden employ in the above scenario? Wireshark Metashield Analyzer wbStego ExifTool

Metashield Analyzer

The system administrator of an organization identified that an attacker gained access to a system from a remotelocation and performed malicious activities. The administrator thoroughly analyzed the compromised system todetermine whether the attacker is still accessing the system.Which of the following tools can help the administrator view active TCP and UDP connections in the system? Netstat Nbtstat PsList PsLoggedOn

Netstat

Identify the tool that displays basic information about the running processes on a system, including the amount of time each process has been running for in both kernel and user modes. net file netstat nbstat PsList

PsList

Which of the following tools allows forensic investigators to analyze memory, detect malicious activities that occurred on the system, and construct the timeline and scope of a cybercrime incident? Redline BitLocker ShredIt Hexinator

Redline

Identify the term that refers to the portions of a hard drive that may contain either data from a previously deleted file or space unused by the currently allocated file. Crash dump Windows registry Slack space Memory dump

Slack space

Which of the following types of cells in the Windows Registry structure comprises a series of indexes pointing to the parent key cell? Value cell Value list cell Security descriptor cell Subkey list cell

Subkey list cell

Identify the subkey of the HKEY_LOCAL_MACHINE registry that stores information on the configuration settings of hardware drivers and services. Default Security System Software

System

Which of the following commands is used to collect information about the files opened by an intruder using remote login? net file [ID [/close]] net sessions [\\<ComputerName>] [/delete] [/list] logonsessions [-c[t]] [-p] psloggedon [- ] [-l] [-x] [\\computername | username]

net file [ID [/close]]

Identify the command used for managing computer connections that displays information about all the logged-in sessions of the local computer when used without parameters. net file [ID [/close]] net sessions [\\<ComputerName>] [/delete] [/list] logonsessions [-c[t]] [-p] psloggedon [- ] [-l] [-x] [\\computername | username]

net sessions [\\<ComputerName>] [/delete] [/list]

Zayn, a forensic expert, was tasked with investigating an incident that occurred on a Windows machine. Zayn wanted to check whether the attacker was still active on the network and spreading the infection. In this process, Zayn executed a netstat command that helped him view the TCP and UDP network connections, listening ports, and identifiers of the processes. Identify the command executed by Zayn in the above scenario. netstat -ano netstat -e netstat -p netstat -r

netstat -ano