Forensics and Network Intrusion Exam Study Guide Questions and Answers Graded A 2024

Which web application weakness allows sensitive data to be unintentionally revealed to an unauthorized user? - Information Leakage Which situation leads to a civil investigation? - Disputes between two parties that relate to a contract violation What is a benefit of forensic readiness? - Establishes procedures for fast and efficient investigations What should be considered when creating a forensic readiness plan? - Source of the evidence Which rule does a forensic investigator need to follow? - Use well-known standard procedures What is the focus of Locard's exchange principle? - Anyone entering a crime scene takes something with them and leaves something behind. What is the focus of the enterprise theory of investigation (ETI)? - Solving one crime can tie it back to a criminal organization's activities What allows for a lawful search to be conducted without a warrant or probable cause? - Consent of person with authority A forensic investigator is tasked with retrieving evidence where the primary server has been erased. The investigator needs to rely on network logs and backup tapes to base their conclusions on while testifying in court. Which information found in rules of evidence, Rule 1001, helps determine if this testimony is acceptable to the court? - Definition of original evidence When can a forensic investigator collect evidence without formal consent? - When properly worded banners are displayed on the computer screen What do some states require before beginning a forensic investigation? - License Which law protects customers' sensitive data by requiring financial institutions to inform their customers of their information-sharing practices? - Gramm-Leach-Bliley Act (GLBA) Who determines whether a forensic investigation should take place if a situation is undocumented in the standard operating procedures? - Decision Maker What should a forensic lab do to maintain quality assurance during a digital forensic investigation? - Conduct validity testing on the tools What is a common task of a computer forensic investigator? - Recovering deleted files, hidden files, and temporary data that could be used as evidence What is the process of live data acquisition? - Acquiring volatile data from a working system What is the least volatile source of information when collecting evidence? - DVD-ROM What is the type of analysis that a forensic investigator performs when running an application in a sandbox environment? - Dynamic Which documentation should a forensic examiner prepare prior to a dynamic analysis? - The full path and location of the file being investigated Which type of information can a forensic investigator find in a common metadata field for a file? - Network name What is a forensic investigator analyzing when looking at the /var/log/ from a Mac? - Applications that stop working A forensic investigator is tasked with finding out if a suspect recently accessed a specific folder on a network. Which registry key should the investigator analyze to retrieve only the folder information? - BagMRU Which category of storage systems is characterized as being an independent node having its own IP address? - Network-Attached Storage (NAS)