Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

cpeg495 > final > Flashcards

final Flashcards

chapter 6,8,9,10,12,13 review questions

1
Q

What are the functions required for digital forensics tools?

A

Acquisition, validation and verification, extraction, reconstruction, and reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

acquisition

A

the process of creating a duplicate image of data; one of the required functions of digital tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

brute-force attack

A

the process of trying every combination of characters to find a matching password or passphrase value for an encrypted file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Computer Forensics Tool Testing (CFTT)

A

a project sponsored by the National Institute of Standards and Technology (NIST) to manage research on digital forensics tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

extraction

A

the process of pulling relevant data from an image and recovering or reconstructing data fragments; one of the required functions of digital forensics tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

keyword search

A

a method of finding files or other information by entering relevant characters, words, or phrases in a search tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

National Software Reference Library (NSRL)

A

a NIST project with the goal of collecting all known hash values for commercial software and OS files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

password dictionary attack

A

an attack that uses a collection of words or phrases that might be passwords for an encrypted file. password recovery programs can use this to compare potential passwords to an encrypted file’s password or passphrase hash values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

validation

A

a way to confirm that a tool is functioning as intended; one of the functions of digital forensics tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

reconstruction

A

the process of rebuilding data files; one of the required functions of digital forensics tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

verification

A

the process of proving that two sets of data are identical by calculating hash values or using another similar method

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

write-blocker

A

a hardware device or software program that prevents a computer from writing data to an evidence drive. software write-blockers typically alter interrupt-13 write functions to a drive in a PC’s BIOS. hardware write-blockers are usually bridging devices between a drive and and the forensic workstation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Forensics software tools are grouped into ____ and ___ applications.

A

command-line and GUI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

According to ISO standard 27037, which of the following is an important factor in data acquisition?

A

Digital Evidence First Responder (DEFR)’s competency and use of validated tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An encrypted drive is one reason to choose a logical acquisition. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Hashing, filtering, and file header analysis make up which function of digital forensics tools?

A

Validation and verification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Hardware acquisition tools typically have built-in software for data analysis. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The reconstruction function is needed for which of the following purposes?

A

recreate a suspect drive to show what happened, create a copy of drive for other investigators, recreate a drive compromised by malwares

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

List three subfunctions of the extraction function.

A

data viewing, keyword searching, decompressing/uncompressing, carving, decrypting, book marking/tagging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Hash values are used for which of the following purposes?

A

filtering known good files from potentially suspicious data,
reconstructing file fragments, validating that the original data hasn’t changed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

In testing tools, the term “reproducible results” means that if you work in the same lab on the same machine, you generate the same results. True or false?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The verification function does which of the following?

A

Proves that two sets of data are identical hash values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What’s the advantage of a write-blocking device that connects to a computer through a FireWire or USB controller?

A

Not having to shut down your workstation when drives are disconnected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Building a forensic workstation is more expensive than purchasing one. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A live acquisition can be replicated. True or false?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following is true about most drive-imaging tools?

A

They ensure that the original drive doesn’t become corrupt and damage the digital evidence, they create a copy of the original drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The standards for testing forensics tools are based on which criteria?

A

ISO 17025

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A log report in forensics tools does which of the following?

A

Records an investigator’s actions in examining a case

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

When validating the results of a forensic analysis, you should do which of the following?

A

Calculate the hash value with two different tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

The primary hashing algorithm the NSRL uses is SHA-1. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

bitmap images

A

collections of dots, or pixels, in a grid format that forms a graphic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

carving

A

the process of recovering file fragments that are scattered across a disk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

data compression

A

the process of coding data from a larger form to a smaller form

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

demosaicing

A

the process of converting raw picture data to another format, such as JPEG or TIF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Exchangeable Image File (Exif)

A

a file format the Japan Electronics and Information Technology Industries Association (JEITA) developed as a standard for storing metadata in JPEG and TIF files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

fair use

A

a guideline that describes the free use of copyrighted material for news reports, critiques, noncommercial use, and educational purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

false positives

A

the result of keyword searches that contain the correct match but aren’t relevant to the investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

least significant bit (LSB)

A

the lowest bit value in a byte. in Microsoft OSs, bits are displayed from right to left, so the rightmost bit is the LSB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

lossless compression

A

a compression method in which no data is lost. with this type of compression, a large file can be compressed to take up less space and then uncompressed without any loss of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

lossy compression

A

a compression method that permanently discards bits of information in a file. the removed bits of information reduce image quality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

metafile graphics

A

graphics files that are combinations of bitmap and vector images

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

most significant bit (MSB)

A

the highest bit value in a byte

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

nonstandard graphics file formats

A

less common graphics file formats, including proprietary formats, newer formats, formats that most image viewers don’t recognize, and old or obsolete formats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

pixels

A

small dots used to create images; the term comes from “picture element”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

raster images

A

collections of pixels stored in rows rather than a grid, as with bitmap images, to make graphics easier to print; usually created when a vector graphic is converted to a bitmap image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

raw file format

A

a file format typically found on higher-end digital cameras; the camera performs no enhancement processing—hence the term “raw.” this format maintains the best picture quality, but because it’s a proprietary format, not all image viewers can display it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

resolution

A

the density of pixels displayed onscreen, which governs image quality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

salvaging

A

another term for carving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

standard graphics file formats

A

common graphics file formats that most graphics programs and image viewers can open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

vector graphics

A

graphics based on mathematical instructions to form lines, curves, text, and other geometric shapes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

vector quantization (VQ)

A

a form of compression that uses an algorithm similar to rounding off decimal values to eliminate unnecessary bits of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Graphics files stored on a computer can’t be recovered after they are deleted. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

When you carve a graphics file, recovering the image depends on which of the following skills?

A

Recognizing the pattern of the file header content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Explain how to identify an unknown graphics file format that your digital forensics tool doesn’t recognize.

A

Find the hexadecimal for the first several bytes of the file from a hex editor. Compare other file formats with similar hex code in their headers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What type of compression uses an algorithm that allows viewing the graphics file without losing any portion of the data?

A

lossless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

When investigating graphics files, you should convert them into one standard format. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Digital pictures use data compression to accomplish which of the following goals?

A

Save space on hard drive, provide a crisp and clear image, eliminate redundant data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

The process of converting raw images to another format is called which of the following?

A

Demosaicing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

In JPEG files, what’s the starting offset position for the JFIF label?

A

Offset 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Each type of graphics file has a unique header containing information that distinguishes it from other types of graphics files. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Copyright laws don’t apply to Web sites. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

When viewing a file header, you need to include hexadecimal information to view the image. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

When recovering a file with ProDiscover, your first objective is to recover cluster values. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Bitmap (.bmp) files use which of the following types of compression?

A

Lossless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

A JPEG file uses which type of compression?

A

Lossy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Only one file format can compress graphics files. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

A JPEG file is an example of a vector graphic. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Which of the following is true about JPEG and TIF files?

A

They have different values for the first 2 bytes of their file headers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What methods do steganography programs use to hide data in graphics files?

A

Carving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Some clues left on a drive that might indicate steganography include which of the following?

A

Multiple copies of a graphics file, graphics files with the same name but different file sizes, steganography programs in the suspect’s All Programs list, graphics files with different timestamps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What methods are used for digital watermarking?

A

Invisible modification of the LSBs in the file, layering visible symbols on top of the image, using a hex editor to alter the image data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

bit-shifting

A

the process of shifting one or more digits in a binary number to the left or right to produce a different value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

block-wise hashing

A

the process of hashing all sectors of a file and then comparing them with sectors on a suspect’s drive to determine whether there are any remnants of the original file that couldn’t be recovered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

cover-media

A

in steganalysis, the original file with no hidden message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

key escrow

A

a technology designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Known File Filter (KFF)

A

an AccessData database containing the hash values of known legitimate and suspicious files. It’s used to identify files that are possible evidence or eliminate files from an investigation if they’re legitimate

76
Q

rainbow table

A

a file containing the hash values for every possible password that can be generated from a computer’s keyboard

77
Q

salting tables

A

adding bits to a password before it’s hashed so that a rainbow table can’t find a matching hash value to decipher the password

78
Q

scope creep

A

the result of an investigation expanding beyond its original description because the discovery of unexpected evidence increases the amount of work required

79
Q

steganography

A

a cryptographic technique for embedding information in another file for the purpose of hiding that information from casual observers

80
Q

stego-media

A

in steganalysis, the file containing the hidden message

81
Q

Which of the following represents known files you can eliminate from an investigation? (Choose all that apply.)

A

Files associated with an application
System files the OS uses

82
Q

For which of the following reasons should you wipe a target drive?

A

To ensure the quality of digital evidence you acquire
To make sure unwanted data isn’t retained on the drive

83
Q

The Known File Filter (KFF) can be used for which of the following purposes? (Choose all that apply.)

A

Filter known program files from view.

Compare hash values of known files with evidence files.

84
Q

Password recovery is included in all forensics tools. True or False

A

False

85
Q

After you shift a file’s bits, the hash value remains the same. True or False?

A

False

86
Q

Which forensic image file format creates or incorporates a validation hash value in the image file? (Choose all that apply.)

A

Expert Witness, SMART

87
Q

blank 1 happens when an investigation goes beyond the bounds of its original description.

A

scope creep

88
Q

Suppose you’re investigating an e-mail harassment case. Generally, is collecting evidence for this type of case easier for an internal corporate investigation or a criminal investigation?

A

Internal corporate investigation because corporate investigators typically have ready access to company records

89
Q

You’re using Disk Management to view primary and extended partitions on a suspect’s drive. The program reports the extended partition’s total size as larger than the sum of the sizes of logical partitions in this extended partition. What might you infer from this information?

A

There’s a hidden partition.

90
Q

Steganography is used for which of the following purposes?

A

Hiding data

91
Q

The National Software Reference Library provides what type of resource for digital forensics examiners?

A

B

92
Q

In steganalysis, cover-media is which of the following?

A

The file a steganography tool uses to host a hidden message, such as a JPEG or an MP3 file

93
Q

Rainbow tables serve what purpose for digital forensics examinations?

A

rainbow tables contain computed hashes of possible passwords that some password-recovery programs can use to crack passwords

94
Q

The likelihood that a brute-force attack can succeed in cracking a password depends heavily on the password length. True or False?

A

True

95
Q

If an application uses salting when creating passwords, what concerns should a forensics examiner have when attempting to recover passwords?

A

Salting can make password recovery extremely difficult and time consuming.

96
Q

Block-wise hashing has which of the following benefits for forensics examiners?

A

Provides a method for hashing sectors of a known good file that can be used to search for data remnants on a suspect’s drive

97
Q

defense in depth (DiD)

A

The NSA’s approach to implementing a layered network defense strategy. It focuses on three modes of protection: people, technology, and operations.

98
Q

distributed denial-of-service (DDoS)

A

A type of DoS attack in which other online machines are used, without the owners’ knowledge, to launch an attack.

99
Q

honeypot

A

A computer or network set up to lure an attacker.

100
Q

honeywalls

A

Intrusion prevention and monitoring systems that track what attackers do on honeypots.

101
Q

layered network defense strategy

A

An approach to network hardening that sets up several network layers to place the most valuable data at the innermost part of the network.

102
Q

network forensics

A

The process of collecting and analyzing raw network data and systematically tracking network traffic to determine how security incidents occur.

103
Q

order of volatility (OOV)

A

A term indicating how long an item on a network lasts. RAM and running processes might last only milliseconds; data stored on hard drives can last for years.

104
Q

packet analyzers

A

Devices and software used to examine network traffic. On TCP/IP networks, they examine packets (hence the name).

105
Q

type 1 hypervisor

A

A virtual machine interface that loads on physical hardware and contains its own OS.

106
Q

type 2 hypervisor

A

A virtual machine interface that’s loaded on top of an existing OS.

107
Q

Virtualization Technology (VT)

A

Intel’s CPU design for security and performance enhancements that enable the BIOS to support virtualization.

108
Q

Virtual Machine Extensions (VMX)

A

Instruction sets created for Intel processors to handle virtualization.

109
Q

zero day attacks

A

Attacks launched before vendors or network administrators have discovered vulnerabilities and patches for them have been released.

110
Q

zombies

A

Computers used without the owners’ knowledge in a DDoS attack.

111
Q

Virtual Machine Extensions (VMX) are part of which of the following?

A

Intel Virtualized Technology

112
Q

You can expect to find a type 2 hypervisor on what type of device? (Choose all that apply.)

A

Tablet, Desktop, Smartphone

113
Q

Which of the following file extensions are associated with VMware virtual machines?

A

.vmx, .log, .nvram

114
Q

In VirtualBox, a(n) blank 1 file contains settings for virtual hard drives.

A

.vbox

115
Q

The number of VMs that can be supported per host by a type 1 hypervisor is generally determined by the amount of blank 1 and blank 2.

A

RAM and storage

116
Q

A forensic image of a VM includes all snapshots. True or False?

A

False

117
Q

Which Registry key contains associations for file extensions?

A

HKEY_CLASSES_ROOT

118
Q

Which of the following is a clue that a virtual machine has been installed on a host system?

A

Virtual network adapter

119
Q

To find network adapters, you use the blank 1 command in Windows and the blank 2 command in Linux.

A

ipconfig and ifconfig

120
Q

What are the three modes of protection in the DiD strategy?

A

People, operations, technology

121
Q

A layered network defense strategy puts the most valuable data where?

A

Innermost layer

122
Q

Tcpslice can be used to retrieve specific timeframes of packet captures. True or False?

A

True

123
Q

Packet analyzers examine what layers of the OSI model?

A

2 and 3

124
Q

When do zero day attacks occur? (Choose all that apply.)

A

Before the vendor is aware of the vulnerability
Before it’s patched

125
Q

Code Division Multiple Access

A

A widely used digital cell phone technology that makes use of spread-spectrum modulation to spread the signal across a wide range of frequencies.

126
Q

electronically erasable programmable read-only memory (EEPROM)

A

A type of nonvolatile memory that can be reprogrammed electrically, without having to physically access or remove the chip.

127
Q

Enhanced Data GSM Environment (EDGE)

A

An improvement to GSM technology that enables it to deliver higher data rates. See also Global System for Mobile Communications (GSM).

128
Q

fifth-generation (5G)

A

The coming generation of mobile device standards, expected to be finalized in 2020.

129
Q

fourth-generation (4G)

A

The current generation of mobile phone standards, with technologies that improved speed and accuracy.

130
Q

Global System for Mobile Communications (GSM)

A

A second-generation cellular network standard; currently the most used cellular network in the world.

131
Q

International Telecommunication Union (ITU)

A

An international organization dedicated to creating telecommunications standards.

132
Q

Orthogonal Frequency Division Multiplexing (OFDM)

A

A 4G technology that uses numerous parallel carriers instead of a single broad carrier and is less susceptible to interference.

133
Q

smartphones

A

Mobile telephones with more features than a traditional phone has, including a camera, an e-mail client, a Web browser, a calendar, contact management software, an instant-messaging program, and more.

134
Q

subscriber identity module (SIM) cards

A

Removable cards in GSM phones that contain information for identifying subscribers. They can also store other information, such as messages and call history.

135
Q

Telecommunications Industry Association (TIA)

A

A U.S. trade association representing hundreds of telecommunications companies that works to establish and maintain telecommunications standards.

136
Q

third-generation (3G)

A

The preceding generation of mobile phone standards and technology; had more advanced features and faster data rates than the older analog and personal communications service (PCS) technologies.

137
Q

Time Division Multiple Access (TDMA)

A

The technique of dividing a radio frequency into time slots, used by GSM networks; also refers to a cellular network standard covered by Interim Standard (IS) 136. See also Global System for Mobile Communications (GSM).

138
Q

List four places where mobile device information might be stored.

A

Internal Memory
- SIM card
- Removable storage
- Servers

139
Q

Typically, you need a search warrant to retrieve information from a service provider. True or False?

A

True

140
Q

The term TDMA refers to which of the following? (Choose all that apply.)

A

A technique of dividing a radio frequency so that multiple users share the same channel

141
Q

What’s the most commonly used cellular network worldwide?

A

GSM

142
Q

Which of the following relies on a central database that tracks account data, location data, and subscriber information?

A

MSC

143
Q

GSM divides a mobile station into blank 1 and blank 2.

A

SIM and Mobile Equipment

144
Q

SD cards have a capacity up to which of the following?

A

64 gb

145
Q

Describe two ways you can isolate a mobile device from incoming signals.

A

Airplane mode or turn it off

146
Q

Which of the following categories of information is stored on a SIM card? (Choose all that apply.)

A

Call data and service related data

147
Q

Most SIM cards allow blank 1 access attempts before locking you out.

A

3

148
Q

SIM card readers can alter evidence by showing that a message has been read when you view it. True or False?

A

True

149
Q

The uRLLC 5G category focuses on communications in smart cities. True or False?

A

False

150
Q

When acquiring a mobile device at an investigation scene, you should leave it connected to a laptop or tablet so that you can observe synchronization as it takes place. True or False?

A

False

151
Q

Remote wiping of a mobile device can result in which of the following? (Choose all that apply.)

A
  • (A) Removing account information
  • (C) Returning the phone to the original factory settings
  • (D) Deleting contacts
152
Q

In which of the following cases did the U.S. Supreme Court require using a search warrant to examine the contents of mobile devices?

A

Riley v california

153
Q

The Internet of Things includes blank 1 as well as wired, wireless, and mobile devices.

A

Radio Frequency Identification (RFID) sensors

154
Q

Which of the following is a mobile forensics method listed in NIST guidelines? (Choose all that apply.)

A

Logical extraction
Physical extraction
Hex dumping

155
Q

According to SANS DFIR Forensics, which of the following tasks should you perform if a mobile device is on and unlocked? (Choose all that apply.)

A
  • (A) Isolate the device from the network
  • (B) Disable the screen lock
  • (C) Remove the passcode
156
Q

Which organization is setting standards for 5G devices?

A

3GPP (3rd Generation Partnership Project)

157
Q

cloud service agreements (CSAs)

A

Contracts between a cloud service provider and a cloud customer. Any additions or changes to a CSA can be made through an addendum. See also cloud service providers (CSPs).

158
Q

cloud service providers (CSPs)

A

Vendors that provide on-demand network access to a shared pool of resources (typically remote data storage or Web applications).

159
Q

community cloud

A

A shared cloud service that provides access to common or shared data.

160
Q

deprovisioning

A

Deallocating cloud resources that were assigned to a user or an organization. See also provisioning.

161
Q

hybrid cloud

A

A cloud deployment model that combines public, private, or community cloud services under one cloud. Segregation of data is used to protect private cloud storage and applications.

162
Q

infrastructure as a service (IaaS)

A

With this cloud service level, an organization supplies its own OS, applications, databases, and operations staff, and the cloud provider is responsible only for selling or leasing the hardware.

163
Q

management plane

A

A tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly.

164
Q

multitenancy

A

A principle of software architecture in which a single installation of a program runs on a server accessed by multiple entities (tenants). When software is accessed by tenants in multiple jurisdictions, conflicts in copyright and licensing laws might result.

165
Q

platform as a service (PaaS)

A

A cloud is a service that provides a platform in the cloud that has only an OS. The customer can use the platform to load their own applications and data. The CSP is responsible only for the OS and hardware it runs on; the customer is responsible for everything else that they have loaded on to it.

166
Q

private cloud

A

A cloud service dedicated to a single organization.

167
Q

public cloud

A

A cloud service that’s available to the general public.

168
Q

software as a service (SaaS)

A

With this cloud service level, typically a Web hosting service provides applications for subscribers to use.

169
Q

spoliation

A

Destroying, altering, hiding, or failing to preserve evidence, whether it’s intentional or a result of negligence.

170
Q

Amazon was an early provider of Web-based services that eventually developed into the cloud concept. True or False?

A

True

171
Q

What are the three levels of cloud services defined by NIST?

A

c. SaaS, PaaS, and IaaS

172
Q

What capabilities should a forensics tool have to acquire data from a cloud?

A

a. Identify and acquire data from the cloud. b. Expand and contract data storage capabilities as needed for service changes. d. Examine virtual systems.

173
Q

. Commingled data isn’t a concern when acquiring cloud data. True or False?

A

False

174
Q

A(n) ________________________ is a contract between a CSP and the customer that describes what services are being provided and at what level.

A

cloud service agreement

175
Q

Which of the following is a mechanism the ECPA describes for the government to get electronic information from a provider? (Choose all that apply.)

A

a. Subpoenas with prior notice c. Search warrants d. Court orders

176
Q

In which cloud service level can customers rent hardware and install whatever OSs and applications they need?

A

infrastructure as a service

177
Q

What are the two states of encrypted data in a secure cloud?

A

Data in motion and data at rest

178
Q

Evidence of cloud access found on a smartphone usually means which cloud service level was in use?

A

SaaS

179
Q

Which of the following cloud deployment methods typically offers no security?

A

public cloud

180
Q

The multitenancy nature of cloud environments means conflicts in privacy laws can occur. True or False?

A

True

181
Q

To see Google Drive synchronization files, you need a SQL viewer. True or False?

A

true

182
Q

A CSP’s incident response team typically consists of which staff? List at least three positions.

A

system administrators, network administrators, and legal advisors

183
Q

The cloud services Dropbox, Google Drive, and OneDrive have Registry entries. True or False?

A

true

184
Q

When should a temporary restraining order be requested for cloud environments?

A

When a search warrant requires seizing a CSP’s hardware and software used by other parties not involved in the case

185
Q

Updates to the EU Data Protection Rules will affect how data is moved regardless of location. True or False?

A

True

186
Q

NIST document SP 500-322 defines more than 75 cloud services, including which of the following? (Choose all that apply.)

A

a. Backup as a service b. Security as a service c. Drupal as a service

187
Q

Public cloud services such as Dropbox and OneDrive use what encryption applications?

A

Sophos Safeguard and Sophos Mobile Control

cpeg495 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions