Forensics and Network Intrusion- Exam Questions Answered Correctly Latest Version 2024
Which web application weakness allows sensitive data to be unintentionally revealed to an unauthorized
user? - Answers Information Leakage
Which situation leads to a civil investigation? - Answers Disputes between two parties that relate to a
contract violation
What is a benefit of forensic readiness? - Answers Establishes procedures for fast and efficient
investigations
What should be considered when creating a forensic readiness plan? - Answers Source of the evidence
Which rule does a forensic investigator need to follow? - Answers Use well-known standard procedures
What is the focus of Locard's exchange principle? - Answers Anyone entering a crime scene takes
something with them and leaves something behind.
What is the focus of the enterprise theory of investigation (ETI)? - Answers Solving one crime can tie it
back to a criminal organization's activities
What allows for a lawful search to be conducted without a warrant or probable cause? - Answers
Consent of person with authority
A forensic investigator is tasked with retrieving evidence where the primary server has been erased. The
investigator needs to rely on network logs and backup tapes to base their conclusions on while testifying
in court.
Which information found in rules of evidence, Rule 1001, helps determine if this testimony is acceptable
to the court? - Answers Definition of original evidence
When can a forensic investigator collect evidence without formal consent? - Answers When properly
worded banners are displayed on the computer screen
What do some states require before beginning a forensic investigation? - Answers License
Which law protects customers' sensitive data by requiring financial institutions to inform their
customers of their information-sharing practices? - Answers Gramm-Leach-Bliley Act (GLBA)
Who determines whether a forensic investigation should take place if a situation is undocumented in
the standard operating procedures? - Answers Decision Maker
What should a forensic lab do to maintain quality assurance during a digital forensic investigation? -
Answers Conduct validity testing on the tools
, What is a common task of a computer forensic investigator? - Answers Recovering deleted files, hidden
files, and temporary data that could be used as evidence
What is the process of live data acquisition? - Answers Acquiring volatile data from a working system
What is the least volatile source of information when collecting evidence? - Answers DVD-ROM
What is the type of analysis that a forensic investigator performs when running an application in a
sandbox environment? - Answers Dynamic
Which documentation should a forensic examiner prepare prior to a dynamic analysis? - Answers The
full path and location of the file being investigated
Which type of information can a forensic investigator find in a common metadata field for a file? -
Answers Network name
What is a forensic investigator analyzing when looking at the /var/log/crashreporter.log from a Mac? -
Answers Applications that stop working
A forensic investigator is tasked with finding out if a suspect recently accessed a specific folder on a
network. Which registry key should the investigator analyze to retrieve only the folder information? -
Answers BagMRU
Which category of storage systems is characterized as being an independent node having its own IP
address? - Answers Network-Attached Storage (NAS)
What is an example of volatile data? - Answers Command history
Where can evidence be found on routers? - Answers Configuration files
What is a characteristic of Unicode UTF-32? - Answers Fixed-Width Encoding
What is 4DD hexadecimal notation in binary? - Answers 10011011101
A forensic investigator is using a hex editor to view file signatures for graphics.
Which type of file is the investigator viewing when the first hexadecimal characters are 42 4D? - Answers
BMP
What is the maximum compression ratio for JPEG files? - Answers 90%
Where does MySQL - Answers Information Schema
Which file is the repository for records in MSSQL? - Answers Primary data file (MDF)
Which web application weakness allows sensitive data to be unintentionally revealed to an unauthorized
user? - Answers Information Leakage
Which situation leads to a civil investigation? - Answers Disputes between two parties that relate to a
contract violation
What is a benefit of forensic readiness? - Answers Establishes procedures for fast and efficient
investigations
What should be considered when creating a forensic readiness plan? - Answers Source of the evidence
Which rule does a forensic investigator need to follow? - Answers Use well-known standard procedures
What is the focus of Locard's exchange principle? - Answers Anyone entering a crime scene takes
something with them and leaves something behind.
What is the focus of the enterprise theory of investigation (ETI)? - Answers Solving one crime can tie it
back to a criminal organization's activities
What allows for a lawful search to be conducted without a warrant or probable cause? - Answers
Consent of person with authority
A forensic investigator is tasked with retrieving evidence where the primary server has been erased. The
investigator needs to rely on network logs and backup tapes to base their conclusions on while testifying
in court.
Which information found in rules of evidence, Rule 1001, helps determine if this testimony is acceptable
to the court? - Answers Definition of original evidence
When can a forensic investigator collect evidence without formal consent? - Answers When properly
worded banners are displayed on the computer screen
What do some states require before beginning a forensic investigation? - Answers License
Which law protects customers' sensitive data by requiring financial institutions to inform their
customers of their information-sharing practices? - Answers Gramm-Leach-Bliley Act (GLBA)
Who determines whether a forensic investigation should take place if a situation is undocumented in
the standard operating procedures? - Answers Decision Maker
What should a forensic lab do to maintain quality assurance during a digital forensic investigation? -
Answers Conduct validity testing on the tools
, What is a common task of a computer forensic investigator? - Answers Recovering deleted files, hidden
files, and temporary data that could be used as evidence
What is the process of live data acquisition? - Answers Acquiring volatile data from a working system
What is the least volatile source of information when collecting evidence? - Answers DVD-ROM
What is the type of analysis that a forensic investigator performs when running an application in a
sandbox environment? - Answers Dynamic
Which documentation should a forensic examiner prepare prior to a dynamic analysis? - Answers The
full path and location of the file being investigated
Which type of information can a forensic investigator find in a common metadata field for a file? -
Answers Network name
What is a forensic investigator analyzing when looking at the /var/log/crashreporter.log from a Mac? -
Answers Applications that stop working
A forensic investigator is tasked with finding out if a suspect recently accessed a specific folder on a
network. Which registry key should the investigator analyze to retrieve only the folder information? -
Answers BagMRU
Which category of storage systems is characterized as being an independent node having its own IP
address? - Answers Network-Attached Storage (NAS)
What is an example of volatile data? - Answers Command history
Where can evidence be found on routers? - Answers Configuration files
What is a characteristic of Unicode UTF-32? - Answers Fixed-Width Encoding
What is 4DD hexadecimal notation in binary? - Answers 10011011101
A forensic investigator is using a hex editor to view file signatures for graphics.
Which type of file is the investigator viewing when the first hexadecimal characters are 42 4D? - Answers
BMP
What is the maximum compression ratio for JPEG files? - Answers 90%
Where does MySQL - Answers Information Schema
Which file is the repository for records in MSSQL? - Answers Primary data file (MDF)
