UPDATED| REAL EXAM QUESTIONS AND ANSWERS | 100%
RATED CORRECT | 100% VERFIED | ALREADY GRADED A+
The most common computer hard drives today are __________. - (answer)SATA
A __________ is used to send a test packet, or echo packet, to a machine to determine if the
machine is reachable and how long the packet takes to reach the machine. - (answer)ping
Suspects often overwhelm forensic analysts with false positives and false leads. This is referred
to as__________. - (answer)data fabrication
Which of the following is the definition of the Daubert Standard? - (answer)The Daubert
Standard dictates that only methods and tools widely accepted in the scientific community can be
used in court.
The __________ protects journalists from being required to turn over to law enforcement any
work product and documentary material, including sources, before it is disseminated to the
public. - (answer)Privacy Protection Act of 1980
,It has been claimed that __________ of all computers connected to the Internet have spyware. -
(answer)80%
__________ is/are the cyber-equivalent of vandalism. - (answer)DoS attacks
Which of the following is the definition of logic bomb? - (answer)malware that executes damage
when a specific condition is met
Rules of evidence can be defined as __________. - (answer)rules that govern whether, when,
how, and why proof of a legal case can be placed before a judge or jury
Use of __________ tools enables an investigator to reconstruct file fragments if files have been
deleted or overwritten. - (answer)bit-level
Identification, preservation, collection, examination, analysis, and presentation are six classes in
the matrix of __________. - (answer)the DFRWS framework
What is meant by file slack? - (answer)the unused space between the logical end of file and the
physical end of file
,Information that has been processed and assembled so that it is relevant to an investigation and
supports a specific finding or determination is the definition of __________. - (answer)digital
evidence
__________ is a Linux Live CD that you use to boot a system and then use the tools. It is a free
Linux distribution, making it extremely attractive to schools teaching forensics or laboratories on
a strict budget. - (answer)BackTrack
What name is given to data that an operating system creates and overwrites without the computer
user taking a direct action to save this data? - (answer)temporary data
__________ is offline analysis conducted on an evidence disk or forensic duplicate after booting
from a CD or another system. - (answer)Physical analysis
What was designed as an area where computer vendors could store data that is shielded from
user activities and operating system utilities, such as delete and format? - (answer)host protected
area
A one-sided DVD (or digital video disc) can hold __________ gigabytes. - (answer)4.7
, What version of RAID are the following descriptors? Striped disks with dedicated parity
combine three or more disks in a way that protects data against loss of any one disk. Fault
tolerance is achieved by adding an extra disk to the array and dedicating it to storing parity
information. The storage capacity of the array is reduced by one disk. - (answer)RAID 3 or 4
The art and science of writing hidden messages is the definition of what? -
(answer)steganography
__________ is perhaps the most widely used public key cryptography algorithm in existence
today. - (answer)RSA
Windows 2000 and newer operating systems' file systems utilize __________. - (answer)NTFS
A port is a number that identifies a channel in which communication can occur. There are certain
ports a forensic analyst should know on sight. Which port uses IRC chat rooms? - (answer)Port
194 (which can use TCP or UDP. TCP guarantees delivery of data packets on port 194 in the
same order in which they were sent. UDP on port 194 provides an unreliable service and
datagrams may arrive duplicated, out of order, or missing without notice.)
What is grep? - (answer)a popular Linux/UNIX search tool