complete solutions: Accuracy-Checked and Up-To-
Date for 2025/2026
A computer forensic report is a report which provides detailed information on the
complete forensics’ investigation process.
A. True
B. False - correct answer: A
When collecting evidence from the RAM, where do you look for data?
A. Swap file
B. SAM file
C. Data file
D. Log file - correct answer: A
Which of the following Steganography techniques allows you to encode information that
ensures creation of cover for secret communication?
A. Substitution techniques
B. Transform domain techniques
C. Cover generation techniques
D. Spread spectrum techniques - correct answer: C
Router log files provide detailed Information about the network traffic on the Internet. It
gives information about the attacks to and from the networks. The router stores log files
in the____________.
A. Router cache
B. Application logs
C. IDS logs
D. Audit logs - correct answer: A
,When NTFS Is formatted, the format program assigns the __________ sectors to the
boot sectors and to the bootstrap code.
A. First 12
B. First 16
C. First 22
D. First 24 - correct answer: B
Smith, as a part his forensic investigation assignment, has seized a mobile device. He
was asked to recover the Subscriber Identity Module (SIM card) data the mobile device.
Smith found that the SIM was protected by a Personal identification Number (PIN) code
but he was also aware that people generally leave the PIN numbers to the defaults or
use easily guessable numbers such as 1234. He unsuccessfully tried three PIN
numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN
and access SIM data?
A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to
gain access to the SIM
B. He cannot access the SIM data in this scenario as the network operators or device
manufacturers have no idea about a device PIN
C. He should again attempt PIN guesses after a time of 24 hours
D. He should ask the network operator for Personal Unlock Number (PUK) to gain
access to the SIM - correct answer: D
Injection flaws are web application vulnerabilities that allow untrusted data to be
Interpreted and executed as part of a command or query. Attackers exploit injection
flaws by constructing malicious commands or queries that result in data loss or
corruption, lack of accountability, or denial of access. Which of the following injection
flaws involves the injection of malicious code through a web application?
A. SQL Injection
B. Password brute force
C. Nmap Scanning
D. Footprinting - correct answer: A
,How do you define Technical Steganography?
A. Steganography that uses physical or chemical means to hide the existence of a
message
B. Steganography that utilizes written natural language to hide the message in the
carrier in some non-obvious ways
C. Steganography that utilizes written JAVA language to hide the message in the carrier
in some non-obvious ways
D. Steganography that utilizes visual symbols or signs to hide secret messages -
correct answer: A
Which of the following statements is not a part of securing and evaluating electronic
crime scene checklist?
A. Locate and help the victim
B. Transmit additional flash messages to other responding units
C. Request additional help at the scene if needed
D. Blog about the incident on the internet - correct answer: D
BMP (Bitmap) is a standard file format for computers running the Windows operating
system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color
(16.7 million colors). Each bitmap file contains header, the RGBQUAD array,
information header, and image data. Which of the following element specifies the
dimensions, compression type, and color format for the bitmap?
A. Header
B. The RGBQUAD array
C. Information header
D. Image data - correct answer: B
Data files from original evidence should be used for forensics analysis
A. True
B. False - correct answer: B
, Event correlation is a procedure that is assigned with a new meaning for a set of events
that occur in a predefined interval of time. Which type of correlation will you use if your
organization wants to use different OS and network hardware platforms throughout the
network?
A. Same-platform correlation
B. Cross-platform correlation
C. Multiple-platform correlation
D. Network-platform correlation - correct answer: B
Which of the following steganography types hides the secret message in a specifically
designed pattern on the document that is unclear to the average reader?
A. Open code steganography
B. Visual semagrams steganography
C. Text semagrams steganography
D. Technical steganography - correct answer: A
Network forensics allows Investigators to inspect network traffic and logs to identify and
locate the attack system. Network forensics can reveal: (Select three answers)
A. Source of security incidents and network attacks
B. Path of the attack
C. Intrusion techniques used by attackers
D. Hardware configuration of the attacker's system - correct answer: A,B,C
Windows Security Accounts Manager (SAM) is a registry file which stores passwords in
a hashed format. SAM file in Windows is located at:
A. C:\windows\system32\config\SAM
B. C:\windows\system32\con\SAM
C. C:\windows\system32\Boot\SAM
D. C:\windows\system32\drivers\SAM - correct answer: A