Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

D431 - DIGITAL FORENSICS IN CYBERSECURITY > Pre-Assessment Deck > Flashcards

Pre-Assessment Deck Flashcards

1
Q

Which law requires both parties to consent to the recording of a conversation?
A. Electronic Communications Privacy Act (ECPA)
B. Communications Assistance to Law Enforcement Act (CALEA)
C. USA Patriot Act
D. Health Insurance Portability and Accountability Act (HIPAA)

A

A. Electronic Communications Privacy Act (ECPA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which law is related to the disclosure of personally identifiable protected health information (PHI)?
A. Federal Privacy Act of 1974
B. Electronic Communications Privacy Act
C. Health Insurance Portability and Accountability Act (HIPAA)
D. CAN-SPAM Act

A

C. Health Insurance Portability and Accountability Act (HIPAA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which U.S. law criminalizes the act of knowingly using a misleading domain name with the intent to deceive a minor into viewing harmful material?
A. 18 U.S.C. 2252B
B. CAN-SPAM Act
C. Children’s Online Privacy Protection Act (COPPA)
D. Communications Decency Act

A

A. 18 U.S.C. 2252B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which U.S. law protects journalists from turning over their work or sources to law enforcement before the information is shared with the public?
A. The Privacy Protection Act (PPA)
B. The Federal Privacy Act
C. The Communications Assistance to Law Enforcement Act (CALEA)
D. The Electronic Communications Privacy Act (ECPA)

A

A. The Privacy Protection Act (PPA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which law or guideline lists the four states a mobile device can be in when data is extracted from it?
A. NIST SP 800-72 Guidelines
B. The USA Patriot Act
C. NIST SP 101r1 Guidelines
D. The Electronic Communications Privacy Act (ECPA)

A

A. NIST SP 800-72 Guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which law includes a provision permitting the wiretapping of VoIP calls?
A. Communications Assistance to Law Enforcement Act (CALEA)
B. USA Patriot Act
C. Electronic Communications Privacy Act (ECPA)
D. Sarbanes-Oxley Act (SOX)

A

A. Communications Assistance to Law Enforcement Act (CALEA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which policy is included in the CAN-SPAM Act?
A. The email sender must provide some mechanism whereby the receiver can opt out of future emails and that method cannot require the receiver to pay in order to opt out.
B. Whoever knowingly uses a misleading domain name on the Internet with the intent to deceive a person into viewing material constituting obscenity shall be fined or imprisoned not more than 2 years, or both.
C. Law enforcement officers may now intercept communications to and from the computer trespasser if they have reasonable grounds to believe that the trespasser’s communications will be relevant to the investigation.
D. A business can claim the business extension exemption only for monitoring by certain types of equipment; the recording must occur in the ordinary course of business.

A

A. The email sender must provide some mechanism whereby the receiver can opt out of future emails and that method cannot require the receiver to pay in order to opt out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which United States law requires telecommunications equipment manufacturers to provide built-in surveillance capabilities for federal agencies?
A. Electronic Communication Privacy Act (ECPA)
B. Communication Assistance to Law Enforcement Act (CALEA)
C. Foreign Intelligence Surveillance Act (FISA)
D. USA Patriot Act

A

B. Communication Assistance to Law Enforcement Act (CALEA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which law requires a search warrant or one of the recognized exceptions to the search warrant requirements for searching email messages on a computer?
A. The CAN-SPAM Act
B. The Fourth Amendment to the U.S. Constitution
C. USC 2252B
D. The Communication Assistance to Law Enforcement Act

A

B. The Fourth Amendment to the U.S. Constitution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The chief information officer of an accounting firm believes sensitive data is being exposed on the local network. Which tool should the IT staff use to gather digital evidence about this security vulnerability?
A. Sniffer
B. Tracer
C. Disk analyzer
D. Virus scanner

A

A. Sniffer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A police detective investigating a threat traces the source to a house. The couple at the house shows the detective the only computer the family owns, which is in their son’s bedroom. The couple states that their son is presently in class at a local middle school.
How should the detective legally gain access to the computer?
A. Obtain consent to search from the parents
B. Seize the computer under the USA Patriot Act
C. Seize the computer under the Computer Security Act
D. Obtain a search warrant from the police

A

A. Obtain consent to search from the parents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The human resources manager of a small accounting firm believes he may have been a victim of a phishing scam. The manager clicked on a link in an email message that asked him to verify the logon credentials for the firm’s online bank account.
Which digital evidence should a forensic investigator collect to investigate this incident?
A. Browser cache
B. Security log
C. System log
D. Disk cache

A

A. Browser cache

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How should a forensic scientist obtain the network configuration from a Windows PC before seizing it from a crime scene?
A. By using the ipconfig command from a command prompt on the computer
B. By using the tracert command from a command prompt on the computer
C. By installing a network packet sniffer on the computer
D. By logging into the router to which the PC is connected

A

A. By using the ipconfig command from a command prompt on the computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

After a company’s single-purpose, dedicated messaging server is hacked by a cybercriminal, a forensics expert is hired to investigate the crime and collect evidence. Which digital evidence should be collected?
A. Firewall logs
B. Workstation logs
C. Phishing emails
D. Spam messages

A

A. Firewall logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Thomas received an email stating that he needed to follow a link and verify his bank account information to ensure it was secure. Shortly after following the instructions, Thomas noticed money was missing from his account.
Which digital evidence should be considered to determine how Thomas’ account information was compromised?
A. Flash drive contents
B. Social media accounts
C. Email messages
D. Router logs

A

C. Email messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The chief executive officer (CEO) of a small computer company has identified a potential hacking attack from an outside competitor. Which type of evidence should a forensics investigator use to identify the source of the hack?
A. Browser history
B. Email headers
C. Network transaction logs
D. Disk drive backups

A

C. Network transaction logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A forensic scientist arrives at a crime scene to begin collecting evidence. What is the first thing the forensic scientist should do?
A. Photograph all evidence in its original place
B. Unplug all network connections so data cannot be deleted remotely
C. Turn off the power to the entire area being examined
D. Gather up all physical evidence and move it out as quickly as possible

A

A. Photograph all evidence in its original place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which method of copying digital evidence ensures proper evidence collection?
A. Make the copy at the bit-level
B. Copy files using drag and drop
C. Make the copy using file transfer
D. Copy the logical partitions

A

A. Make the copy at the bit-level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A computer involved in a crime is infected with malware. The computer is on and connected to the company’s network. The forensic investigator arrives at the scene. Which action should be the investigator’s first step?
A. Unplug the computer’s Ethernet cable.
B. Unplug the computer’s power cord.
C. Remove the malware and secure the computer.
D. Label all the attachments and secure the computer.

A

A. Unplug the computer’s Ethernet cable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the three basic tasks that a systems forensic specialist must keep in mind when handling evidence during a cybercrime investigation? Answer options may be used more than once or not at all. Select your answers from the pull-down list.
A. Find evidence
B. Catalog evidence
C. Disseminate evidence
D. Preserve evidence
E. Prepare evidence
F. Prepare evidence report
G. Make multiple copies of evidence

A

A. Find evidence
D. Preserve evidence
E. Prepare evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How do forensic specialists show that digital evidence was handled in a protected, secure manner during the process of collecting and analyzing the evidence?
A. Forensic lab logbooks
B. Chain of custody
C. Forensic software logs
D. Chain of email messages

A

B. Chain of custody

20
Q

Which characteristic applies to magnetic drives compared to solid-state drives (SSDs)?
A. Lower cost
B. Lower capacity
C. Lower power consumption
D. Better durability

A

A. Lower cost

21
Q

Which characteristic applies to solid-state drives (SSDs) compared to magnetic drives?
A. They are less susceptible to damage.
B. They cost less.
C. They have slower start-up times.
D. They use more power.

A

A. They are less susceptible to damage.

22
Q

Which type of storage format should be transported in a special bag to reduce electrostatic interference?
A. Solid-state drives
B. Optical media
C. Digital audio tapes
D. Magnetic media

A

D. Magnetic media

22
Q

Which Windows component is responsible for reading the boot.ini file and displaying the boot loader menu on Windows XP during the boot process?
A. NTLDR
B. NTOSKRNL
C. Windows Registry
D. Win32 subsystem

A

A. NTLDR

23
Q

The following line of code is an example of how to make a forensic copy of a suspect drive: dd if=/dev/mem of=/evidence/image.memory1
Which operating system should be used to run this command?
A. Windows
B. Chrome
C. BlackBerry
D. Linux

A

D. Linux

24
Q

Which file system is supported by Mac?
A. Berkeley Fast File System (FFS)
B. Extended File System (Ext)
C. Reiser File System (ReiserFS)
D. Hierarchical File System Plus (HFS+)

A

D. Hierarchical File System Plus (HFS+)

25
Q

Where are local passwords stored for the Windows operating system?
A. SAM file in \Windows\System32\
B. SAM file in \Windows\Security\
C. In the registry key HKEY_LOCAL_MACHINE\SYSTEM
D. In the registry key HKEY_LOCAL_MAHCINE\SECURITY

A

A. SAM file in \Windows\System32\

26
Q

Where on a Windows system is the config folder located that contains the SAM file?
A.C:\Windows\System32
B.C:\Windows\SystemResources
C. C:\Program Files
D. C:\Users

A

A.C:\Windows\System32

27
Q

A forensic examiner wants to try to extract passwords for wireless networks to which a system was connected. Where should passwords for wireless networks be stored on a Windows XP system?
A. BIOS
B. Registry
C. Program Files
D. Bash

A

B. Registry

28
Q

Which Windows password cracking tool uses rainbow tables?
A. Ophcrack
B. ComputerCOP
C. Sleuth Kit
D. Digital Intelligence

A

A. Ophcrack

29
Q

How does a rainbow table work to crack a password?
A. It uses a table of all possible keyboard combinations and their hash values, then searches for a match.
B. It uses a table to store hash value for every character in the alphabet, then assembles them to create a match.
C. It starts with a hashed password and then decrypts each individual character.
D. It searches for passwords stored in RAM and startup files and then matches them to the predefined table.

A

A. It uses a table of all possible keyboard combinations and their hash values, then searches for a match.

30
Q

What should a forensic investigator use to gather the most reliable routing information for tracking an email message?
A. Email header
B. Email address
C. Tracert
D. Netstat

A

A. Email header

30
Q

A forensic examiner reviews a laptop running OS X which has been compromised. The examiner wants to know if there were any mounted volumes created from USB drives. Which digital evidence should be reviewed?
A. /var/log
B. /var/vm
C./Users/<user>/.bash_history
D./Users/<user>/Library/Preferences</user></user>

A

A. /var/log

30
Q

Which log or folder contains information about printed documents on a computer running Mac OS X?
A. /var/spool/cups
B. /var/log
C. /var/vm
D. /var/log/lpr.log

A

A. /var/spool/cups

31
Q

Which activity involves email tracing?
A. Determining the ownership of the source email server
B. Making bit-by-bit copies of each of the email servers involved
C. Performing nslookup on the recipient of the message
D. Removing email header information

A

A. Determining the ownership of the source email server

32
Q

Which Windows event log should be checked for evidence of invalid logon attempts?
A. Security
B. System
C. Application
D. ForwardedEvents

A

A. Security

33
Q

A cyber security organization has issued a warning about a cybercriminal who is using a known vulnerability to attack unpatched corporate Macintosh systems. A network administrator decides to examine the software updates logs on a Macintosh system to ensure the system has been patched.
Which folder contains the software updates logs?
A. /Library/Receipts
B. /var/spool/cups
C. /proc
D. /var/log

A

A. /Library/Receipts

34
Q

A forensic investigator wants to image an older BlackBerry smartphone running OS 7.0. Which tool should the investigator use?
A. BlackBerry Desktop Manager
B. BlackBerry Extractor
C. CopyQM Plus
D. The Sleuth Kit

A

A. BlackBerry Desktop Manager

35
Q

Which state is a device in if it is powered on, performing tasks, and able to be manipulated by the user?
A. Active
B. Nascent
C. Quiescent
D. Guest-mode

A

A. Active

35
Q

What is one purpose of steganography?
A. To deliver information secretly
B. To alter the color of a photo
C. To decipher encrypted messages
D. To prevent images from being edited

A

A. To deliver information secretly

36
Q

An investigator wants to extract information from a mobile device by connecting it to a computer. What should the investigator take great care to ensure?
A. That the mobile device does not synchronize with the computer
B. That the mobile device is updated with the latest operating system
C. That proper step information is written to the mobile device
D. That current time stamps of forensics activities are written to the device

A

A. That the mobile device does not synchronize with the computer

37
Q

The chief information security officer of a company believes that an attacker has infiltrated the company’s network and is using steganography to communicate with external sources. A security team is investigating the incident. They are told to start by focusing on the core elements of steganography.
What are the core elements of steganography?
A. Process, intelligence, mobility
B. Telemetry, cryptography, multiplexing
C. Payload, carrier, channel
D. Transport, network, data link

A

C. Payload, carrier, channel

37
Q

Which method is used to implement steganography through pictures?
A. LSB
B. MD5
C. 3DES
D. ROT13

A

A. LSB

38
Q

A system administrator believes data are being leaked from the organization. The administrator decides to use steganography to hide tracking information in the types of files he thinks are being leaked.
Which steganographic term describes this tracking information?
A. Payload
B. Carrier
C. Channel
D. Audit

A

A. Payload

39
Q

A criminal organization has compromised a third-party web server and is using it to control a botnet. The botnet server hides command and control messages through the DNS protocol.
Which steganographic component are the command and control messages?
A. Payload
B. Carrier
C. Channel
D. Dead drop

A

A. Payload

40
Q

Which method is commonly used to hide data via steganography?
A. LSB
B. AES
C. DES
D. RSA

A

A. LSB

41
Q

A system administrator believes an employee is leaking information to a competitor by hiding confidential data in images being attached to outgoing emails. The administrator has captured the outgoing emails.
Which tool should the forensic investigator use to search for the hidden data in the images?
A. Forensic Toolkit (FTK)
B. Snow
C. Data Doctor
D. Wolf

A

A. Forensic Toolkit (FTK) B

42
Q

A foreign government is communicating with its agents in the U.S. by hiding text messages in popular American songs, which are uploaded to the web. Which steganographic tool can be used to do this?
A. MP3Stego
B. QuickStego
C. Steganophony
D. Snow

A

A. MP3Stego

43
Q

During a cyber-forensics investigation, a USB drive was found that contained multiple pictures of the same flower. How should an investigator use properties of a file to detect steganography?
A. Compare the file extensions using a tool such as Windows Explorer
B. Process the file using SHA-1 to generate a new hash value to compare using a tool such as FTK
C. Review the properties log looking for changes compared to the original file using a tool such as EnCase
D. Review the hexadecimal code looking for anomalies in the file headers and endings using a tool such as EnCase

A

D. Review the hexadecimal code looking for anomalies in the file headers and endings using a tool such as EnCase

D431 - DIGITAL FORENSICS IN CYBERSECURITY (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions