Certified Cyber Crime Investigator
(CCCI) Exam QUESTIONS AND
VERIFIED ANSWERS WITH
RATIONALES.pdf
SECTION 1: CYBERCRIME INVESTIGATION
FUNDAMENTALS & DIGITAL EVIDENCE HANDLING ()
Question 1
Which of the following best defines cybercrime?
• A) Any crime involving computers
• B) Crimes committed only on the internet
• C) Illegal activities where a computer is the target, tool, or place of
crime
• D) Crimes involving software piracy only
Correct ,,answer,,,: C
Rationale: Cybercrime includes offenses where computers or networks
are used as tools, targets, or environments for criminal activity. Option
A is too broad, B is too narrow, and D represents only a subset.
,Question 2
Which law enforcement principle focuses on maintaining the
integrity of digital evidence?
• A) Least privilege
• B) Chain of custody
• C) Due diligence
• D) Defense in depth
Correct ,,answer,,,: B
Rationale: Chain of custody ensures evidence is properly handled,
documented, and preserved from collection to court presentation. It
establishes the evidence's authenticity and prevents tampering.
Question 3
What is the primary goal of a cybercrime investigation?
• A) Recover stolen funds
• B) Punish offenders
• C) Identify, collect, and present admissible digital evidence
• D) Restore compromised systems
Correct ,,answer,,,: C
Rationale: Investigations focus on evidence collection and legal
presentation rather than system recovery or punishment alone. The
ultimate goal is to support prosecution through legally admissible
evidence.
,Question 4
Which type of malware encrypts files and demands payment for
decryption?
• A) Spyware
• B) Worm
• C) Trojan
• D) Ransomware
Correct ,,answer,,,: D
Rationale: Ransomware encrypts data and demands ransom, typically in
cryptocurrency, for restoration. This distinguishes it from other malware
types that have different objectives.
Question 5
What is phishing primarily designed to accomplish?
• A) Denial of service
• B) Data encryption
• C) Credential theft through deception
• D) Network scanning
Correct ,,answer,,,: C
, Rationale: Phishing uses social engineering to trick users into revealing
sensitive information such as usernames, passwords, and financial
details.
Question 6
Which of the following best describes volatile data in the context of
digital forensics?
• A) Data that is encrypted and requires a decryption key to access
• B) Data stored in the cloud that can change based on user activity
• C) Data that is lost when the power is removed from the system,
such as RAM contents
• D) Data that is archived and stored on backup tapes
Correct ,,answer,,,: C
Rationale: Volatile data refers to information that disappears when a
system is powered off, such as data stored in Random Access Memory
(RAM), network connections, and running processes. This data is highly
fragile and must be collected as a priority during investigations.
Question 7
What is the purpose of a forensic disk image?
• A) Increase disk speed
• B) Repair corrupted files
(CCCI) Exam QUESTIONS AND
VERIFIED ANSWERS WITH
RATIONALES.pdf
SECTION 1: CYBERCRIME INVESTIGATION
FUNDAMENTALS & DIGITAL EVIDENCE HANDLING ()
Question 1
Which of the following best defines cybercrime?
• A) Any crime involving computers
• B) Crimes committed only on the internet
• C) Illegal activities where a computer is the target, tool, or place of
crime
• D) Crimes involving software piracy only
Correct ,,answer,,,: C
Rationale: Cybercrime includes offenses where computers or networks
are used as tools, targets, or environments for criminal activity. Option
A is too broad, B is too narrow, and D represents only a subset.
,Question 2
Which law enforcement principle focuses on maintaining the
integrity of digital evidence?
• A) Least privilege
• B) Chain of custody
• C) Due diligence
• D) Defense in depth
Correct ,,answer,,,: B
Rationale: Chain of custody ensures evidence is properly handled,
documented, and preserved from collection to court presentation. It
establishes the evidence's authenticity and prevents tampering.
Question 3
What is the primary goal of a cybercrime investigation?
• A) Recover stolen funds
• B) Punish offenders
• C) Identify, collect, and present admissible digital evidence
• D) Restore compromised systems
Correct ,,answer,,,: C
Rationale: Investigations focus on evidence collection and legal
presentation rather than system recovery or punishment alone. The
ultimate goal is to support prosecution through legally admissible
evidence.
,Question 4
Which type of malware encrypts files and demands payment for
decryption?
• A) Spyware
• B) Worm
• C) Trojan
• D) Ransomware
Correct ,,answer,,,: D
Rationale: Ransomware encrypts data and demands ransom, typically in
cryptocurrency, for restoration. This distinguishes it from other malware
types that have different objectives.
Question 5
What is phishing primarily designed to accomplish?
• A) Denial of service
• B) Data encryption
• C) Credential theft through deception
• D) Network scanning
Correct ,,answer,,,: C
, Rationale: Phishing uses social engineering to trick users into revealing
sensitive information such as usernames, passwords, and financial
details.
Question 6
Which of the following best describes volatile data in the context of
digital forensics?
• A) Data that is encrypted and requires a decryption key to access
• B) Data stored in the cloud that can change based on user activity
• C) Data that is lost when the power is removed from the system,
such as RAM contents
• D) Data that is archived and stored on backup tapes
Correct ,,answer,,,: C
Rationale: Volatile data refers to information that disappears when a
system is powered off, such as data stored in Random Access Memory
(RAM), network connections, and running processes. This data is highly
fragile and must be collected as a priority during investigations.
Question 7
What is the purpose of a forensic disk image?
• A) Increase disk speed
• B) Repair corrupted files