   Nguyen Bao An (K13_HCM)

  Home  My courses  FRS301_DinhMH  Midterm Test 1  Midterm Test 1

Started on Monday, 11 October 2021, 2:23 PM

State Finished
Completed on Monday, 11 October 2021, 2:37 PM
Time taken 13 mins 35 secs
Marks 47.00/50.00
Grade 9.40 out of 10.00 (94%)

Question 1 What is the First Step required in preparing a computer for forensics investigation?
Complete
Mark 1.00 out Select one:
of 1.00
a. Secure any relevant media
Flag
question
b. Do not turn the computer o or on, run any programs, or attempt to access data on a
computer
c. Suspend automated document destruction and recycling policies that may pertain to any
relevant media or users at Issue
d. Identify the type of data you are seeking, the Information you are looking for, and the urgency
level of the examination

Question 2 Network forensics can be de ned as the sni ng, recording, _________ and analysis of the network tra c
Complete and event logs in order to investigate a network security incident.
Mark 1.00 out
of 1.00 Select one:
Flag a. Attacking
question
b. Infecting
c. Cracking
d. Acquisition

Question 3 Which of the following statements does not support the case assessment?

Complete
Mark 1.00 out Select one:
of 1.00
a. Do not document the chain of custody
Flag
question b. Discuss whether other forensic processes need to be performed on the evidence
c. Review the case investigator's request for service
d. Identify the legal authority for the forensic examination request

Question 4
What is cold boot (hard boot)?
Complete
Mark 0.00 out Select one:
of 1.00
a. It is the process of shutting down a computer from a powered-on or on state
Flag
question
b. It is the process of restarting a computer that is already in sleep mode
c. It is the process of restarting a computer that is already turned on through the operating
system
d. It is the process of starting a computer from a powered-down or o state

Question 5 Which of the following would you consider an aspect of organizational security, especially focusing on
Complete IT security?
Mark 1.00 out
of 1.00 Select one:
Flag a. Application security
question
b. Information copyright security
c. Security from frauds
d. Biometric information security

Question 6 Which of the following approaches checks and compares all the elds systematically and intentionally
Complete for positive and negative correlation with each other to determine the correlation across one or
Mark 1.00 out multiple elds?
of 1.00

Flag Select one:

question
a. Graph-based approach
b. Rule-based approach
c. Neural network-based approach
d. Automated eld correlation approach

Question 7 Deposition enables opposing counsel to preview an expert witness’s testimony at trial. Which of the
Complete following deposition is not a standard practice? 
Mark 1.00 out
of 1.00 Select one:
Flag a. Only one attorney is present
question
b. No jury or judge
c. Both attorneys are present
d. Opposing counsel asks questions

Question 8 What should you do?

Complete
Mark 1.00 out Select one:
of 1.00
a. Use Norton Ghost to mirror the old disk to a new hard disk.
Flag
question
b. Create a simple volume and get les back.
c. Migrate the deleted partition to a new hard disk.
d. Evaluate and extract the deleted partitions.

Question 9 During the rst responder procedure you should follow all laws while collecting the evidence, and
Complete contact a computer forensic ___________ as soon as possible.
Mark 1.00 out
of 1.00 Select one:
Flag a. Examiner
question
b. Professor
c. Tester
d. Dumper

Question 10 Which one of the following is not a consideration in a forensic readiness planning checklist?
Complete
Mark 1.00 out Select one:
of 1.00
a. Take permission from all employees of the organization.
Flag
question b. Decide the procedure for securely collecting the evidence that meets the requirements in a
forensically sound manner.
c. Identify the potential evidence available.
d. De ne the business states that need digital evidence.

Question 11
Which of the following commands shows you all of the network services running on Windows based
Complete servers?
Mark 1.00 out
of 1.00 Select one:
Flag a. Net share
question
b. Net use
c. Net start
d. Net Session

Question 12 Email archiving is a systematic approach to save and protect the data contained in emails so that
Complete hackers can exploit and easily access to read the victim’s email. Which of the following protect the
Mark 1.00 out email system?   
of 1.00

Flag Select one:

question
a. Use email client to download email from Server mailbox.
b. Use SSL to sign and encrypt email.
c. Use webmail to prevent hacker get email.
d. Use VPN connection before read email.

Question 13 In which step of the computer forensics investigation methodology would you run MD5 checksum on
Complete the evidence?
Mark 1.00 out
of 1.00 Select one:
Flag a. Obtain search warrant
question
b. Collect the evidence.
c. Acquire the data.
d. Evaluate and secure the scene.

Question 14
Which of the following commands will you use to look at which sessions the machine has opened with
Complete other systems?
Mark 1.00 out
of 1.00 Select one:
Flag a. Net sessions
question
b. Net use
c. Net share
d. Net con g

Question 15 Which table is used to convert huge word lists (i .e. dictionary les and brute-force lists) into password
Complete hashes?
Mark 1.00 out
of 1.00 Select one:
Flag a. Hash tables
question
b. Database tables
c. Rainbow tables
d. Master le tables

Question 16 Which of the following task list commands provides information about the listed processes, including
Complete the image name, PID, name, and number of the session for the process?
Mark 1.00 out
of 1.00 Select one:
Flag a. tasklist /s
question
b. tasklist /u
c. tasklist /V
d. tasklist /p

Question 17 Windows Security Event Log contains records of login/logout activity or other security related events
Complete speci ed by the system’s audit policy. What does event ID 531 in Windows Security Event Log indicates?
Mark 0.00 out
of 1.00 Select one:
Flag a. A user successfully logged on to a computer.
question
b. The logon attempt was made with an unknown username or a known username with a bad
password.
c. A logon attempt was made using a disabled account.
d. An attempt was made to log on with the user account outside of the allowed time.

Question 18 Volatile information can be easily modi ed or lost when the system is shutdown or rebooted. Which of
Complete the following help you to determine at a logical timeline?
Mark 1.00 out
of 1.00 Select one:
Flag a. The processes are running.
question
b. The registry information.
c. The virtual memory in the hard disk.
d. The security incident and the users who would be responsible.

Question 19 You can nd the SIDs in Windows registry editor at the following location:
Complete
Mark 1.00 out Select one:
of 1.00
a. HKEY_USER\SOFTWARE\Microsoft\Windows NT\Currentversion \Pro leList
Flag
question
b. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion \Pro leList
c. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\Currentversion \Pro leList
d. HKEY_CURRENT_CONFIG\SOFTWARE\Microsoft\Windows NT\Currentversion \Pro leList

Question 20 A technique used to make a person reveal con dential information such as passwords through
Complete manipulation.
Mark 1.00 out
of 1.00 Select one:
Flag a. File Slack
question
b. Incident
c. Bandwidth
d. Social Engineering

Question 21
The measure of how perishable electronically stored data are.
Complete
Mark 1.00 out Select one:
of 1.00
a. Volatility
Flag
question
b. Bandwidth
c. DriveSpy
d. File Slack

Question 22 The art and science of hiding information by embedding messages in other, semmingly harmless
Complete messages.
Mark 1.00 out
of 1.00 Select one:
Flag a. Amperage
question
b. Bandwidth
c. Steganography
d. Bookrack

Question 23 Which of the following attacks allows attacker to acquire access to the communication channels
Complete between the victim and server to extract the information?
Mark 1.00 out
of 1.00 Select one:
Flag a. Social Engineering attack
question
b. Brute-Force attack
c. Man-in-the-middle (MITM) attack
d. Denial of Service (DoS)

Question 24
During private investigations, what do you search for?
Complete

Mark 1.00 out Select one:

of 1.00
a. Computer forensics analysis tool
Flag
question
b. Vulnerability Threat Assessment and Risk Management
c. Organization's internet proxy server logs
d. Evidence to support allegations of violations of a company's rules or an attack on its assets

Question 25 What is Digital Forensic?

Complete
Mark 1.00 out Select one:
of 1.00
a. Process of using scienti c knowledge in analysis and presentation of evidence in court.
Flag
question
b. A process where we develop and test hypotheses that answer questions about digital events.
c. Use of science or technology in the investigation and establishment of the facts or evidence in
a court of law.
d. The application of computer science and investigative procedures for a legal purpose involving
the analysis of digital evidence after proper search authority, chain of custody, validation with
mathematics, use of validated tools, repeatability, reporting, and possible expert presentation.

Question 26 Which of the following is NOT focus of digital forensic analysis?

Complete
Mark 1.00 out Select one:
of 1.00
a. Enhancement.
Flag
question
b. Comparison.
c. Proving.
d. Authenticity.

Question 27 What is the Primary Objectives of Digital Forensic for Business and Industry?
Complete
Mark 1.00 out Select one:
of 1.00
a. Prosecution.
Flag
question b. Security.
c. Continuity of operation.
d. Availability of service.

Question 28
Which of the following hold the highest value of evidence in the court?
Complete
Mark 0.00 out Select one:
of 1.00
a. Testimonial.
Flag
question
b. Real.
c. Demonstrative.
d. Documentary.

Next page ►

PREVIOUS ACTIVITY
 Announcements

Jump to...