SWAMI RAMANANDA TIRTHA INSTITUTE OF SCIENCE & TECHNOLOGY

Subject: COMPUTER FORENSICS IV -YEAR Date: 05-05-2021(A.N)

Name: ____K.maneesha_______________ H.T.NO:

_______17141A0525__________ Branch: CSE (A&B)

OBJECTIVE

Answer All Questions. All Questions Carry Equal Marks. Time: 20 Min. Marks: 20.

A. Choose the correct alternative:

1. A crime that involves a computer and a network is [ a]

a) Cyber Crime b) Hi-tech Crime c) Cyber Crime Against Person d)NOTA

2. Encase queries the information in how many ways [ d]

a) 2 b) 6 c) 7 d) 9

3. Salami Attack falls under which category of cyber crime? [ d ]

a) Cyber Crime against Person b) Cyber Cime Against Organization

c) Cyber Crime Against Property d) Cyber Crime Against Society

4. The tools that are responsible for creating forensic duplicate are [ d]

a) Unix dd command b) dfc/dd command c) open source open data duplicator d) All the above

5. Which of the following is not a data hiding technique? [ c]

a) Hiding Partition and Encryption b) Steganography and Bit Stuffing c) Live Search d) NOTA

6. Which of the following is not the characteristic of Computer Forensics? [ d]

a) Identifying b) Preserving c) Analyzing d) NOTA

7. The ________ file allowing accessibility using last utility [ b]

a) utmp b) wtmp c) lastlog d)NOTA

8. _____falls under Voilent Cybercrimes [ a]

a) Cyber Stalking b) Cyber tresspass c) Cyber Terrorism d)Both a & c

9. _________ is a built-in system tool that manages all listening ports along with their current
connection [ c]

a) rasusers b) netstat c) nbstat d) Fport

10. It is a type of attack in which the words are commonly found in the dictionary are used a
passwords in the program [ d]

a) Brute-Force attack b) Steganography c) Encryption d) Dictionary Attack

11. _____steps are necessary to resolve an incident [ d]

a) 4 b) 8 c) 10 d) 6

12. ______ is system utility offered by foundtone.com for identifying successful and failed
logons [ a]

a) NTLast b) Sfind c) dumpel d) reg

13. Which of the following is the activity of initial response [ c]

a) Performing Traditional Investigation Steps b) Assembling the CSIRT

c) Developing a Response Strategy d) All the Above e) NOTA

14. _____ function responsible for verifying the values of checksum in an image file [ a]

a) Verify b) Copy c) Restore d) Backup

15. How many methoda are used to validate forensic data [ b]

a) 5 b) 3 c) 2 d) 1

16. ---------------- phase determines “who,what,when,how,where and why” analysis

corresponding to an incident [ c]

a) Traditional Investigation Steps b) Assembling the Computer Security Incident Response Team
c) Incident Declaration d) Conducting Interview

17. Which of the following is not a NT System Process [ a]

a) RPCSS b) SPOOLOSS c) SMSS d) CSRSS

18. The main task is to generate reports in which incident details are defined [ a ]

a) Reporting b) Resolution d) Formulate the Response Strategy d) Investigate incident

19. ______ is a built-in tool of Windows Operating System which offers a command based
interface [c ]

a) Fport b) md5sum c) cmd.exe d) Netcat

20. ________ search can search for alphanumeric and hexadecimal values on the evidence drive

[ a ]

a) Indexed Search b) Live search c) Hidden Partition d) Encryption