2024 C702 - FORENSICS AND
NETWORK INTRUSION EXAM WITH
CORRECT ANSWERS
What is a benefit of forensic readiness?
Establishes procedures for fast and efficient investigations
Reduces the need for interface with law enforcement
Eliminates the need to follow regulatory requirements
Ensures maximum regulatory fines for data disclosure - CORRECT-
ANSWERSEstablishes procedures for fast and efficient investigations
What should be considered when creating a forensic readiness plan?
Source of the evidence
Pertinence of the evidence
Problems that the evidence might cause in court
Which Windows event ID gets logged when a new process is started?
4660
4688
5156
7036 - CORRECT-ANSWERS4688
Which Tor network relay allows a client IP address to be read?
Entry relay
Middle relay
Exit relay
,Frame relay - CORRECT-ANSWERSEntry relay
Which Open Web Application Security Project (OWASP) Top 10 IoT
vulnerability refers to sensitive information in the ecosystem not being
encrypted?
Insecure data transfer and storage
Insufficient privacy protection
Lack of device management
Use of insecure or outdated components - CORRECT-ANSWERSInsecure data
transfer and storage
Company A is using Company B to host data. Company A lets Company B
perform all the daily activities of managing the data. Company A's customers
are unaware of the security procedures Company B uses to host the data.
Which threat does this depict?
Abuse of cloud services
Unknown risk profile
Insufficient due diligence
Malicious insider - CORRECT-ANSWERSUnknown risk profile
What should a forensic investigator collect to analyze the email artifacts of a
Tor Browser session?
Memory dump
Storage device dump
Registry dump
User profile dump - CORRECT-ANSWERSMemory dump
A forensic investigator is investigating an attack on a WordPress database.
The investigator has already made a backup of the database from the MySQL
server and needs to restore the data on the forensic investigator's laptop.
Which command creates a database named wordpress?
Create database wordpress;
, Create database wordpress
Create database wordpress:
Create database wordpress\ - CORRECT-ANSWERSCreate database
wordpress;
Which utility should be used to acquire Mozilla Thunderbird data?
SysTools MailPro+
Recovery Toolbox
RStudio
EaseUS Email Recovery - CORRECT-ANSWERSSysTools MailPro+
Which tool should a forensic investigator use to collect the API call history for
Amazon Web Service (AWS) accounts?
CloudTrail
CloudWatch
ZyLAB eDiscovery
Lexbe eDiscovery - CORRECT-ANSWERSCloudTrail
Which command should a forensic investigator use to extract the device
activity from an Amazon Alexa while using the investigator's laptop?
adb pull
adb push
adb shell
adb logcat - CORRECT-ANSWERSadb pull
Where should a forensic investigator look for the Integrated Circuit Card ID
(ICCID) when collecting cellular evidence?
Mobile phone device
Mobile switching center
NETWORK INTRUSION EXAM WITH
CORRECT ANSWERS
What is a benefit of forensic readiness?
Establishes procedures for fast and efficient investigations
Reduces the need for interface with law enforcement
Eliminates the need to follow regulatory requirements
Ensures maximum regulatory fines for data disclosure - CORRECT-
ANSWERSEstablishes procedures for fast and efficient investigations
What should be considered when creating a forensic readiness plan?
Source of the evidence
Pertinence of the evidence
Problems that the evidence might cause in court
Which Windows event ID gets logged when a new process is started?
4660
4688
5156
7036 - CORRECT-ANSWERS4688
Which Tor network relay allows a client IP address to be read?
Entry relay
Middle relay
Exit relay
,Frame relay - CORRECT-ANSWERSEntry relay
Which Open Web Application Security Project (OWASP) Top 10 IoT
vulnerability refers to sensitive information in the ecosystem not being
encrypted?
Insecure data transfer and storage
Insufficient privacy protection
Lack of device management
Use of insecure or outdated components - CORRECT-ANSWERSInsecure data
transfer and storage
Company A is using Company B to host data. Company A lets Company B
perform all the daily activities of managing the data. Company A's customers
are unaware of the security procedures Company B uses to host the data.
Which threat does this depict?
Abuse of cloud services
Unknown risk profile
Insufficient due diligence
Malicious insider - CORRECT-ANSWERSUnknown risk profile
What should a forensic investigator collect to analyze the email artifacts of a
Tor Browser session?
Memory dump
Storage device dump
Registry dump
User profile dump - CORRECT-ANSWERSMemory dump
A forensic investigator is investigating an attack on a WordPress database.
The investigator has already made a backup of the database from the MySQL
server and needs to restore the data on the forensic investigator's laptop.
Which command creates a database named wordpress?
Create database wordpress;
, Create database wordpress
Create database wordpress:
Create database wordpress\ - CORRECT-ANSWERSCreate database
wordpress;
Which utility should be used to acquire Mozilla Thunderbird data?
SysTools MailPro+
Recovery Toolbox
RStudio
EaseUS Email Recovery - CORRECT-ANSWERSSysTools MailPro+
Which tool should a forensic investigator use to collect the API call history for
Amazon Web Service (AWS) accounts?
CloudTrail
CloudWatch
ZyLAB eDiscovery
Lexbe eDiscovery - CORRECT-ANSWERSCloudTrail
Which command should a forensic investigator use to extract the device
activity from an Amazon Alexa while using the investigator's laptop?
adb pull
adb push
adb shell
adb logcat - CORRECT-ANSWERSadb pull
Where should a forensic investigator look for the Integrated Circuit Card ID
(ICCID) when collecting cellular evidence?
Mobile phone device
Mobile switching center
