Post-Course Assessment Quiz

Question 1

Intel ____ has responded to the need for security and performance by producing different CPU designs.

Hyper-V

Parallels Virtualization

Virtualization Technology (VT)

KVM

Answer 1

Virtualization Technology (VT)

Question 2

The ____ tool can be used to bypass a virtual machine’s hypervisor, and can be used with OpenStack.

ARC

FROST

WinHex

OpenForensics

Answer 2

FROST

Question 3

Confidential business data included with the criminal evidence are referred to as ____ data.

Commingled

Exposed

Revealed

Public

Answer 3

Commingled

Question 4

____ from both the plaintiff’s and defense’s attorneys is an optional phase of the trial. Generally, it’s allowed to cover an issue raised during cross-examination of a witness.

Closing arguments

Opening statements

Rebuttal

Plaintiff

Answer 4

Rebuttal

Question 5

The ____ digital network, a faster version of GSM, is designed to deliver data.

TDMA

iDEN

EDGE

D-AMPS

Answer 5

EDGE

Question 6

During the Cold War, defense contractors were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. The U.S. Department of Defense calls this special computer-emission shielding ____.

NISPOM

TEMPEST

RAID

EMR

Answer 6

TEMPEST

Question 7

Under copyright laws, computer programs may be registered as ____.

Motion pictures

Literary works

Audiovisual works

Architectural works

Answer 7

Literary works

Question 8

On Mac OSs, the ____ stores any file information not in the MDB or Volume Control Block (VCB).

Extents overflow file

Catalog

Volume information block

Master directory block

Answer 8

Extents overflow file

Question 9

____ provide additional resource material not included in the body of the report.

Appendixes

Discussion

References

Conclusions

Answer 9

Appendixes

Question 10

The FBI ____ was formed in 1984 to handle the increasing number of cases involving digital evidence.

Computer Analysis and Response Team (CART)

Department of Defense Computer Forensics Laboratory (DCFL)

DIBS

Federal Rules of Evidence (FRE)

Answer 10

Computer Analysis and Response Team (CART)

Question 11

The SIM file structure begins with the root of the system (____).

MF

DF

DCS

EF

Answer 11

MF

Question 12

The ____ command creates a raw format file that most computer forensics analysis tools can read, which makes it useful for data acquisitions.

man

fdisk

dd

raw

Answer 12

dd

Question 13

Recovering fragments of a file is called ____.

Slacking

Rebuilding

Carving

Saving

Answer 13

Carving

Question 14

____, located in the root folder of the system partition, specifies the Windows XP path installation and contains options for selecting the Windows version.

Boot.ini

NTDetect.com

BootSec.dos

NTBootdd.sys

Answer 14

Boot.ini

Question 15

Marking bad clusters data-hiding technique is more common with ____ file systems.

HFS

NTFS

FAT

Ext2fs

Answer 15

FAT

Question 16

____ disks are commonly used with Sun Solaris systems.

FIRE IDE

SPARC

F.R.E.D.

DiskSpy

Answer 16

SPARC

Question 17

The ____ has stated that, unlike attorneys, expert witnesses do not owe a duty of loyalty to their clients.

HTCIA

ABA

IACIS

ISFCE

Answer 17

ABA

Question 18

____ is a layered network defense strategy developed by the National Security Agency (NSA).

Defense in Depth

Anti-Rootkit

PsShutdown

Order of volatility

Answer 18

Defense in Depth

Question 19

____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside.

/etc/sendmail.cf

/etc/syslog.conf

/etc/var/log/maillog

/etc/var/log/maillog

Answer 19

/etc/sendmail.cf

Question 20

In a prefetch file, the application’s last access date and time are at offset ____.

0xD4

0x80

0x90

0x88

Answer 20

0x90