CSCI 411 Final Exam Questions With
100% Verified Answers
A jump kit contains everything a CSIRT team would need for a field
investigation. -
correct answer ✅true
the forensics lab doesn't need string physical security -
correct answer ✅false
evidence doesnt need to be of consequence to the proceedings -
correct answer ✅false
Locard's Exchange Principle works in digital forensics -
correct answer ✅true
what does CSIRT stand for? -
correct answer ✅Computer Security Incident Response Team
Forensics science can be defined as the application of scientific
principles in legal matters -
correct answer ✅true
if a write blocker is used, evidence can never be destroyed -
correct answer ✅false
, CSCI 411 Final Exam Questions With
100% Verified Answers
bootable drive images can be good for triage -
correct answer ✅true
evidence should be collected from the least to the most volatile -
correct answer ✅false
what is the difference between an incident and an event? -
correct answer ✅an event is anything taking place on a machine
and an incident is something of consequence that can be negative
how should an incident response plan be tested -
correct answer ✅the incident response plan can be tested by using
pen testing or mock cyber attacks or even table top exercises.
name and discuses two containment strategies -
correct answer ✅one of them is that you simply unplug the
machine because it is a surefire way of preventing it from
spreading. the other one is disabling the network so that it cant
connect to the network and spread via internet.
100% Verified Answers
A jump kit contains everything a CSIRT team would need for a field
investigation. -
correct answer ✅true
the forensics lab doesn't need string physical security -
correct answer ✅false
evidence doesnt need to be of consequence to the proceedings -
correct answer ✅false
Locard's Exchange Principle works in digital forensics -
correct answer ✅true
what does CSIRT stand for? -
correct answer ✅Computer Security Incident Response Team
Forensics science can be defined as the application of scientific
principles in legal matters -
correct answer ✅true
if a write blocker is used, evidence can never be destroyed -
correct answer ✅false
, CSCI 411 Final Exam Questions With
100% Verified Answers
bootable drive images can be good for triage -
correct answer ✅true
evidence should be collected from the least to the most volatile -
correct answer ✅false
what is the difference between an incident and an event? -
correct answer ✅an event is anything taking place on a machine
and an incident is something of consequence that can be negative
how should an incident response plan be tested -
correct answer ✅the incident response plan can be tested by using
pen testing or mock cyber attacks or even table top exercises.
name and discuses two containment strategies -
correct answer ✅one of them is that you simply unplug the
machine because it is a surefire way of preventing it from
spreading. the other one is disabling the network so that it cant
connect to the network and spread via internet.
