Sett 2

Question 1

Which is not a formal position in a forensics lab?

Investigator, manager, analyst, legal manager

Answer 1

Legal manager

Question 2

What are the CERT standards for a forensic laboratory?

Answer 2

ASCLD (American Society of Crime Laboratory Directors) does the test and their process is based on ISO 17025:2005.

Question 3

Which role develops and forces lab policies?

Answer 3

lab manager

Question 4

What role is testifying the facts of data gathered?

Answer 4

Analyst

Question 5

Which is not a service offered by a forensics lab?

Answer 5

Adversary emulation

Question 6

Parking lot security and biometric authentication are what level security?

Answer 6

Lab level 4

Question 7

Physical control, neither, or tech control?

Fencing
ballards
identity management
firewalls
security
training
procedures

Answer 7

Fencing, ballards phys

identity management, firewalls, security tech

training, procedures neutral

Question 8

Cc television is what physical security control?

Preventative, detective, corrective, recovery, deterrent, or compensate

Answer 8

Detective

Question 9

George needs a forensics package that is free to use and can examine images of hard drives. What should he use?

Answer 9

Autopsy

Question 10

Ken is a lead investigator, he surveys a crime scene. What tool will not contaminate digital evidence?

Answer 10

Write Blocker

Question 11

Company is closing, highly sensitive data is on their systems what sanitization method must be used?

Answer 11

Destroy

Question 12

Which is not a santitization term?

Answer 12

Wipe

Question 13

Maintained by SANS to help with forensic issues?

Answer 13

SIFT

Question 14

What company does specification for data sanitization standards?

Answer 14

NIST (National Institute of Standards Technology)

Question 15

Which org certifies free tools to examine images on a hard drive?

Answer 15

CFTT (The Computer Forensics Tool Testing) Handbook

Question 16

Before you seize any evidence what must you have?

Answer 16

A warrant

Question 17

As a member of her organization’s IS team, Larissa is performing a data forensic investigation involving 3 members of the corporate finance team. Before Larissa can seize any evidence from the suspects employee’s computer, she must have an active warrant? True or False

Answer 17

False

Question 18

5th amendment is search and seizure? True or False

Answer 18

False/4th amendment is search and seizure

Question 19

Going to a judge with a request to seize digital evidence the request must provide what?

Answer 19

Probable cause

Question 20

Evidence may be seized without a warrant if people are in danger, these are called what?

Answer 20

Exigent circumstances

Question 21

Seize evidence if you see incriminating evidence?

Answer 21

Plain view doctrine

Question 22

Cyber policy employee system might be monitored, this policy is called what?

Answer 22

Login banner

Question 23

Michelle is completing an affidavit for review with a judge. Which of the following would she not include in the document?

Answer 23

A reference number to the approved warrant

Question 24

What does the dd command do? sudo dd command?

Answer 24

Used to make a forensic bit-by-bit copy of a drive to a number of locations.
Disk to disk
disk to image
disk to network

sudo runs that shit with admin priv maybe idk

Question 25

Which of the following is not considered an aspect used to define a crime scene?

Answer 25

Locations where witnesses are located

Question 26

Which of the following would not be considered an obligation to a first responder to a crime scene?

Answer 26

Allow all individuals to leave the scene

Question 27

Which is not considered a key to securely packaging evidence?

Answer 27

Contain arson evidence in a porous container

Question 28

Data forensic analyst who does not follow the appropriate evidence collection procedure can complete a statement of admissibility so any evidence that was potentially contaminated can still be considered admissible in a court of law? True or False

Answer 28

False

Question 29

Which of the following employee activities is considered most suspicious?

Answer 29

User appears to have connected to an FTP site in a residential ISP

Question 30

Which tool in windows can be used to create,delete, or manage disk volume?

Answer 30

Disk Part

Question 31

What could you use to prevent a running process on Linux from potentially destroying a corrupting digital evidence?

Answer 31

Pull the plug

Question 32

Command choice?

Answer 32

Halt

Question 33

Beau is a data forensic investigator for the FBI. A murder occurred in a large-scale office building in downtown Atlanta where Beau is called as a first responder. A suspect is at the scene with his laptop while Beau waits for a warrant to be approved by a judge. What steps could he take in order to seize and search the suspect’s laptop immediately?

Answer 33

Have the suspect sign a consent form

Question 34

When discussing numbered surveillance, which 2 layers of the OSI model contain addressing information which could be monitored and collected as metadata under various electronic surveillance laws?

Answer 34

Network and Transport

Question 35

Which of the following types of drives is not considered magnetic media?

Answer 35

Solid State

Question 36

Both flash memory such as SD cards, micro SD come with a switch that allows them to be place into read only mode to prevent corruption of evidence? True or False

Answer 36

True

Question 37

Which of the following systems would not be windows based?

Answer 37

Extension 4 (Linux)

Question 38

Two techniques used to compress graphics files?

Answer 38

Hoffman & LZW

Question 39

When a computer is first powered on the first phase which checks to ensure basic communication exist between critical parts of the system is called?

Answer 39

Post

Question 40

When referring to MACE properties, M means what?

Answer 40

Modified

Question 41

In a standard magnetic hard drive, concentric circles are written into platters and they’re referred to as?

Answer 41

Tracks

Question 42

Which of the following is not considered a standard interface for hard drives?

Answer 42

ISCA

Question 43

Which of the following raid configurations does not offer full tolerance?

Answer 43

Raid 0

Question 44

Which part of the sleuth kit commands could be used to recover deleted files from a hard drive?

Answer 44

iCat

Question 45

Which of the following processes is used by data forensic analyst to determine the presence of stenography in a file?

Answer 45

Steganalysis

Question 46

When using a tool such as autopsy or the sleuth kit to recover a deleted file from a hard drive you’re using a process known as?

Answer 46

File carving

Question 47

Which record in the MFT would have been damaged if I couldn’t tell you which file blocks were in use?

Answer 47

Spinning Rust

Question 48

A magnetic hard drive file system block is called a cluster. It is composed of a number of?

Answer 48

Sectors

Question 49

Which action is part of contingency planning for data acquisition?

Answer 49

Make a copy with two different tools

Question 50

Which of the following must be covered in a search warrant?

Answer 50

All of the above

Question 51

Which of the following is a characteristic that does not belong in a computer forensics lab?

Answer 51

Windows that open