Udemy Test 3 Flashcards
1
Q
This law subsection covers child pornography.
A
2252A
2
Q
Intel is to EFI as PowerPC is to
A
Open Firmware
3
Q
Which is a file system for Linux OS?
A
CDFS
4
Q
In FHS, essential user command binaries are in this.
A
/bin
5
Q
The Microsoft Exchange archive data file that stores public folder hierarchies and contents is:
A
PUB.EDB
6
Q
This requires Federal agencies to develop, document, and implement information security programs.
A
FISMA
7
Q
Which of the following is true regarding digital evidence?
A
A duplicate copy should be made for analysis
8
Q
ETI allows the investigator to:
A
take down an entire criminal organization
9
Q
Show active network connections with this:
A
netstat
10
Q
This carries out data duplication AND acquisition:
A
Drivespy
11
Q
All of the following can be used to determine logged on users EXCEPT
A
LogonUsers
12
Q
CD-ROM/DVD standard.
A
ISO 9660
13
Q
Stacey wants to obtain data from social media websites. Which tool can she NOT use for this?
A
DiskDigger
14
Q
In Ubuntu Linux, Apache error logs are stored at:
A
/var/log/apache2/error.log
15
Q
Richard wants to look for unusual network services. What command should he use?
A
net start
16
Q
The collection of the system time is the ____ step in investigating an incident.
A
1st
17
Q
Tasha arrives on scene and notices the suspect computer is still on. She begins the data acquisition. What best describes the type of data acquisition she is doing?
A
Volatile Memory Collection
18
Q
Tasha arrives on scene and notices the suspect computer is still on. She begins the data acquisition. What best describes the type of data acquisition she is doing?
A
Live data acquisition
19
Q
Phil has been called to testify on the scientific techniques used in the investigation. What standard would his testimony fall under?
A
Frye
20
Q
In exhibit numbering, the zz is for:
A
Sequence number of parts of the same exhibit
21
Q
In ISO 9660, what two file systems add more descriptors to the sequence?
A
Joliet and UDF
22
Q
Julie wants to use an open-source format. What should she choose?
A
AFF
23
Q
The General Query Log file is for:
A
MySQL
24
Q
MIME stream is found:
A
PRIV.STM
25
An investigator should use ______ imaging for copying data.
Bit Stream
26
Opposing attorney, that did not call the witness to the stand, is doing this:
Cross-Examination
27
This stores information about the current hardware profile of the system.
HKEY_CURRENT_CONFIG
28
Jamie is analyzing malware, but not executing it on his computer. What best describes the type of analysis he is doing?
Static Analysis
29
This is the starting point of a database.
MDF
30
What determines the sector addressing for individual sectors on a disk?
CHS
31
This type of event correlation stores sets of events in codes.
Standards-Based
32
This type of event correlation stores sets of events in codes.
Codebook-Based
33
All of the following are Android rooting tools EXCEPT
RedSn0w
34
Stacey needs to crack a Windows password. She can use which tool to do this?
Cain & Abel
35
Deleted files are found here in Windows 7 and later.
C:\$Recycle.Bin
36
Jenny is a software developer that took shortcuts. As such, the application does not perform proper bounds checking. What type of vulnerability is the application she wrote most susceptible to?
SQL Injection
37
Jenny is a software developer that took shortcuts. As such, the application does not perform proper bounds checking. What type of vulnerability is the application she wrote most susceptible to?
Buffer Overflow
38
This requires financial institutions to protect their customers' information against security threats.
GLBA
39
This was designed to replace ISO 9660 on optical media.
ISO
40
This was designed to replace ISO 9660 on optical media.
UDF
41
POP3 is used for:
Retreiving emails
42
In a deposition, the following is true:
Both attorneys are present
43
A 32 bit number placed on the chip by the manufacturer is called.
ESN
44
A warrantless seizure can be used when
The destruction of the evidence is imminent
45
This command can be used to see the names of all open shared files and the number of file locks.
net file
46
This file is found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management.
Page File
47
This tool can be used to restore emails.
Data Recovery Pro
48
Mila wants to boot with either BIOS-MBR or UEFI-GPT. Which Windows OS should she use?
Win 10
49
What is not a challenge of log management?
log generation
50
Registry Editor
RegEdit
51
If the INFO2 file is deleted, it can be recovered by:
Using a digital forensics tool
52
This is a tool used for monitoring log files, produced by UNIX syslog facility.
Swatch
53
The TSK command used to display general details about a file system is:
fsstat
54
The attacker uses exploits to access other directories. This is known as:
Directory Traversal Attack
55
A file system used by Sun Microsystems is:
ZFS
56
This is a sequence of bytes, organized into blocks understandable by the system's Linker.
Object File
57
This can be used to detect Trojans.
Capsa
58
Fred needs to recover a RAID drive. Which tool can he use?
Total Recall
59
This is an abstract layer that resides on top of a complete file system and allows the client to access various file systems.
VFS
60
____ launched the CFTT.
NIST
61
This command can be used to take a backup of the database.
This command can be used to take a backup of the database.
62
This file type is device independent.
PDF
63
Tracked user activities can be found in this file:
NTUSER.DAT
64
All of the following are Registry tools EXCEPT:
jv22
65
UNIX uses this file system:
UFS
66
A first responder secures the scene perimeter. This is:
Pre-investigation
67
This transaction log file holds the entire log information for the database.
LDF
68
The dd command dd if=/dev/xxx of=mbr.backupbs=512 count=1 can be used to:
Backup the MBR
69
Windows Event Log text file output format is:
EVTX
70
This is one of the Disk Editor tools for file headers:
DiskEdit
71
This type of attack is a combination of both a brute force attack and dictionary attack.
Syllable
72
Lenny needs to reset an Administrator password in order to access a device during an investigation. He knows that this tool can be used (choose the BEST answer).
Active@ Password Changer
73
This is a library and collection of command line tools for investigating disk images.
TSK
74
This level of RAID does not even implement even one of the standard techniques of parity, mirroring, or striping.
RAID 2
75
David has been called to the stand to offer scientific testimony. This is an example of:
Frye
76
Object Linking and Embedding is not used by:
PDF
77
The first file system developed for Linux in 1992 was:
EXT
78
This command can be used to analyze NetBIOS over TCP/IP activity.
nbstat -S
79
A hacker sets up an AP to mimick the local Starbuck's AP. What is this?
honeyspot
80
BigCHFIDog.com is an e-Commerce business with $500,000 in annual revenue. Last night, for about 4 hours, their customers were unable to access the website for shopping. What type of attack did they most likely experience?
DDoS
81
Network sniffing tools include all of the following EXCEPT:
EaseUS
82
What is not a recovery tool for Windows?
File Savage
83
Rob wants to discover potential hidden information in an image file. He would use this to see it.
Steganalysis
84
The Scientific Working Group on Digital Evidence (SWGDE) standard that states SOPs must generally be accepted is:
1.3
85
The Daubert standard pertains to:
Expert Witness Testimony
86
This standard defines the use for file systems of CD-ROM and DVD media.
ISO 9660
87
This tool can be used to recover from partition loss.
EaseUS
88
This tool can recover all types of lost files from disk or removable media.
Recuva
89
Misuse of a work computer generally can lead to this type of investigation.
Administrative
90
Internal server error is error code:
500
91
This file system uses journaling.
NTFS
92
Google Drive logs are:
sync_log.log
93
Which is not a requirement under the CAN-SPAM act?
honoring opt-out within 30 days
94
This Tasklist command is used to run the command with the account permissions of the user specified.
/u
95
This mobile API provides telephony services, like making calls, receiving calls, and SMS.
Phone API
96
This contains information about all the currently active user profiles on the computer.
HKEY_USERS
97
The ICCID is 89254245252001451548. What does the 254 represent?
The country code
98
This RAID level uses byte-level striping, with a dedicated parity disk and stores checksums.
RAID 3
99
This contains the configuration information related to the user currently logged on (i.e.- wallpaper, display settings, etc...)
HKEY_CURRENT_USER
100
This TSK command lists file and directory names in a disk image.
fls
101
The attorney that called the witness to the stand is asking the questions, this would be called:
direct examination
102
RAID 10 requires this number of drives to implement.
4
103
All of the following are Windows file recovery tools EXCEPT:
File Salvage
104
A boot from restarting the OS is considered:
Warm Boot
105
This type of warrant is used to get records from service providers.
Service Provider Search Warrent
106
This saves data about programs, so programs load faster at boot:
Prefetch Folder
107
The IMEI is obtained with:
*#06#
108
Johnny has been caught with child porn. This investigation would be:
Criminal
109
An attacker has used the cloud to commit a DDoS attack against the CSP. This is:
Cloud as an Object
110
This type of event correlation extracts the attack route information to single out other attack data.
Route
111
The Superblock in UFS has:
Magic Number
112
The MBR partition table structure is ____ bytes.
64 bytes
113
PNG files start with a hex value of:
89 50 4f
114
The max single file size in EXT3 is
2TB
115
These commands can be used in Linux.
dd and dcfldd
116
Jonathan is an investigator, but he is not the first one on the scene. He wants to show the path of evidence collected from the scene to the forensic lab. What should he use?
Chain of Custody
117
In Windows 7, deleted files are named $Ry.ext, where the y stands for the:
Sequence Number
118
This type of analysis is ongoing and returns simultaneously, so that attacks can be responded to immediately.
Real-time analysis
119
Which of the following is not a benefit of cloud computing?
Less Security Risk
120
Scientific testimony.
Frye
121
SMTP normally runs on this port:
25
122
An investigator needs to jailbreak an iOS phone.
Redsn0w
123
UTC stands for which of the following:
Coordinated Universal Time
124
$Bitmap is in:
NTFS
125
Which of the following is a starting hex value of an image file:
ff d8 ff
126
An attacker is using every possible combination of characters to crack a password. This method is known as:
Brute force
127
This is used to render 2D (SGL) or 3D graphics to the screen.
OPenGL/ES and SGL
128
Used for registry and not malware installation file analysis.
jv16
129
A lossless image format that is designed to replace older formats and that is copyright free.
PNG
130
This can be used for Last access time change in Windows 10.
fsutil
131
Which is not a file system?
EVT4
132
A report, presented orally, to a board of directors, jury, or managers would be called.
Formal Verbal Report
133
Tools designated as software tools include all of the following EXCEPT
Parabans Phone Recovery Stick
134
This is the Amendment that protects against unlawful search and seizure.
4th
135
This RAID level uses byte-level data striping across multiple drives and distributes parity information among all member drives.
RAID 5
136
18 USC § 2252A covers
Child Porn
137
MySQL server start and stop can be found in which log file?
general query log file
138
What is not one of the MS Exchange archive data files?
PUB.STM
139
These are bootloaders for Linux.
LILO and GRUB
140
This event correlation approach monitors computer and user behavior for anomalies.
Role-Based Approach
141
This Android library is used to render 2D (SGL) or 3D (OpenGL/ES) graphics to the screen.
Open GL/ES and SGL
142
This is the person initiating a lawsuit.
Plantiff
143
This is a two-digit network ID number that is used along with the MCC (Mobile Country Code) printed on SIM, that is used to identify the SIM user on a mobile network.
MNC
144
Bob arrives on the scene of a large corporation after an attack. His analysis of the affected devices is considered:
Post-Mortem-Analysis
145
Bob arrives on the scene of a large corporation after an attack. His analysis of the affected devices is considered:
47 49 46
146
The img_stat command:
displays details of an image file
147
How many bits per pixel does GIF contain?
8
148
This command can be used to check if sessions have been opened with other systems.
net use
149
Cisco shows this: %SEC-6-IPACCESSLOGP
Packet matching log criteria for the given access list has been detected (TCP or UDP)
150
This rule covers evidence of character and the conduct of the witness.
Rule 608
