Sectors in hard disks typically contain how many bytes?

A.

256

B.

512

C.

1024

D.

2048

In General, __________________ Involves the investigation of data that can be retrieved
from the hard disk or other disks of a computer by applying scientific methods to retrieve the data.

A.

Network Forensics

B.

Data Recovery

C.

Disaster Recovery

D.

Computer Forensics

The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

A.

Any data not yet flushed to the system will be lost

B.

All running processes will be lost

C.

The /tmp directory will be flushed

D.

Power interruption will corrupt the pagefile

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on
the drive.

A.

Master Boot Record (MBR)

B.

Master File Table (MFT)

C.

File Allocation Table (FAT)

D.

Disk Operating System (DOS)

The objective of this act was to protect consumers’ personal financial information held by financial institutions and their service providers.

A.

Gramm-Leach-Bliley Act

B.

Sarbanes-Oxley 2002

C.

California SB 1386

D.

HIPAA

What TCP/UDP port does the toolkit program netstat use?

A.

Port 7

B.

Port 15

C.

Port 23

D.

Port 69

You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

A.

The X509 Addre

B.

The SMTP reply Address

C.

The E-mail Header

D.

The Host Domain Name

You are working for a local police department that services a population of 1,000,000
people and you have been given the task of building a computer forensics lab. How many
law-enforcement computer investigators should you request to staff the lab?

A.

8

B.

1

C.

4

D.

2

Jim performed a vulnerability analysis on his network and found no potential problems. He
runs another utility that executes exploits against his system to verify the results of the vulnerability test.
The second utility executes five known exploits against his network in which the
vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?

A.

False negatives

B.

False positives

C.

True negatives

D.

True positives

You are working as an investigator for a corporation and you have just received instructions
from your manager to assist in the collection of 15 hard drives that are part of an ongoing
investigation.
Your job is to complete the required evidence custody forms to properly document each
piece of evidence as it is collected by other members of your team. Your manager instructs
you to complete one multi-evidence form for the entire case and a single-evidence form for
each hard drive. How will these forms be stored to help preserve the chain of custody of
the case?

A.

All forms should be placed in an approved secure container because they are now primary evidence in the case.

B.

The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.

C.

The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.

D.

All forms should be placed in the report file because they are now primary evidence in the case.

What is a good security method to prevent unauthorized users from "tailgating"?

A.

Man trap

B.

Electronic combination locks

C.

Pick-resistant locks

D.

Electronic key systems

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

A.

bench warrant

B.

wire tap

C.

subpoena

D.

search warrant