Scribd Logo
Upload

Welcome to Scribd!

  • 4K views

    CHFI v3 Sample Test Questions

    Uploaded by

    mauli_k
    The document contains sample test questions for the CHFI v3 certification. It includes 39 multiple choice questions testing knowledge of topics in computer forensics, such as who conducted the first study of fingerprints, appropriate uses of computer forensics, common computer crimes, and forensic investigation procedures. The questions cover subject areas like data types in computer forensics, laws around searches and seizures, software copyright protection, and forensic report writing standards.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd

    CHFI v3 Sample Test Questions

    Uploaded by

    mauli_k
    4K views7 pages
    The document contains sample test questions for the CHFI v3 certification. It includes 39 multiple choice questions testing knowledge of topics in computer forensics, such as who conducted the first study of fingerprints, appropriate uses of computer forensics, common computer crimes, and forensic investigation procedures. The questions cover subject areas like data types in computer forensics, laws around searches and seizures, software copyright protection, and forensic report writing standards.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document contains sample test questions for the CHFI v3 certification. It includes 39 multiple choice questions testing knowledge of topics in computer forensics, such as who conducted the first study of fingerprints, appropriate uses of computer forensics, common computer crimes, and forensic investigation procedures. The questions cover subject areas like data types in computer forensics, laws around searches and seizures, software copyright protection, and forensic report writing standards.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    4K views7 pages

    CHFI v3 Sample Test Questions

    Uploaded by

    mauli_k
    The document contains sample test questions for the CHFI v3 certification. It includes 39 multiple choice questions testing knowledge of topics in computer forensics, such as who conducted the first study of fingerprints, appropriate uses of computer forensics, common computer crimes, and forensic investigation procedures. The questions cover subject areas like data types in computer forensics, laws around searches and seizures, software copyright protection, and forensic report writing standards.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    You are on page 1of 7

    CHFI v3 Sample Test Questions

    1. Who made the first recorded study of fingerprints?

    A. Francis Galton *
    B. Hans Gross
    C. Benjamin Franklin
    D. Francis Eghart

    2. Computer Forensics focuses on which three categories of data? (Select 3)

    A. Latent Data *
    B. Archival Data *
    C. Active Data *
    D. Passive Data
    E. Inactive Data

    3. When is it appropriate to use computer forensics?

    A. If copyright and intellectual property theft/misuse has occurred *


    B. If employees do not care for their boss’ management techniques
    C. If sales drop off for no apparent reason for an extended period of time
    D. If a financial institution is burglarized by robbers

    4. In corporate investigations, what is the most common type of crime found?

    A. Industrial espionage *
    B. Copyright infringement
    C. Physical theft
    D. Denial of Service attacks

    5. Which Amendment in the US Constitution protects every person from unreasonable


    searches and seizures by government officials?

    A. The 4th Amendment *


    B. The 5th Amendment
    C. The 1st Amendment
    D. The 10th Amendment

    6. Under United States Penal Code 18 U.S.C 1831 for Economic Espionage, what is the
    maximum fine allowed by law?

    A. $10,000,000 USD *
    B. $1,000,000 USD
    C. $100,000 USD
    D. $5,000,000 USD

    7. What prompted the US Patriot Act to be created?

    A. World Trade Center attack in 2001 *


    B. Oklahoma City bombing in 1995
    C. World Trade Center attack in 1993
    D. Iraqi invasion of Kuwait in 1990

    8. For computer crimes in the United States, which two agencies share jurisdiction for
    computer crimes that cross state lines? (Select 2)

    A. FBI *
    B. Secret Service *
    C. ATF
    D. NSA

    9. What must be obtained before an investigation is carried out at a location?

    A. Search warrant *
    B. Subpoena
    C. Habeas corpus
    D. Modus operandi

    10. What command can be used to view the current network connections on a computer?

    A. Netstat *
    B. Arp
    C. Dir /p
    D. Finger

    11. What method of copying should always be performed first before carrying out an
    investigation?

    A. Bit-stream copy *
    B. Parity-bit copy
    C. Parity-stream copy
    D. Xcopy

    12. Why should you never power on a computer that you need to acquire digital evidence
    from?

    A. When the computer boots up, files are written to the computer rendering the data
    “unclean” *
    B. When the computer boots up, the system cache is cleared which could destroy
    evidence
    C. When the computer boots up, data in the memory’s buffer is cleared which could
    destroy evidence
    D. Powering on a computer has no affect when needing to acquire digital evidence from
    it

    13. Why would a company issue a dongle with the software they sell?

    A. To provide copyright protection *


    B. To provide wireless functionality with the software
    C. To provide source code protection
    D. To ensure that keyloggers cannot be used

    14. What is the first step taken in an investigation for laboratory forensic staff members?

    A. Securing and evaluating the electronic crime scene *


    B. Packaging the electronic evidence
    C. Conducting preliminary interviews
    D. Transporting the electronic evidence

    15. When marking evidence that has been collected with the “aaa/ddmmyy/nnnn/zz”
    format, what does the “nnnn” denote?

    A. The sequential number of the exhibits seized *


    B. The sequence number for the parts of the same exhibit
    C. The initials of the forensics analyst
    D. The year the evidence was taken

    16. When discussing the chain of custody in an investigation, what does a “link” refer to?

    A. Someone that takes possession of a piece of evidence *


    B. Evidence that links one piece of evidence to another, like a usb cable
    C. The most critical piece of evidence in an investigation
    D. The transportation used when moving evidence

    17. What is one method of detecting a computer-related incident?

    A. Gaps in the firewall log with no activity, when there is normally activity *
    B. Numerous successful login attempts
    C. Seeing spikes in network activity throughout the workday
    D. Hard drive failure on a SQL server machine

    18. In handling computer-related incidents, which IT role should be responsible for


    recovery, containment, and prevention to constituents?

    A. Network Administrator *
    B. Security Administrator
    C. Director of Information Technology
    D. Director of Administration

    19. What stage of the incident handling process involves reporting events?

    A. Identification *
    B. Follow-up
    C. Containment
    D. Recovery

    20. Which category of incidents can be handled within one working day?

    A. Low level incident *


    B. Mid level incident
    C. High level incident
    D. All incidents should be handled immediately after their detection

    21. How many entrances are recommended for a computer forensics lab?

    A. One *
    B. Three
    C. Two
    D. Four

    22. What is stored in a StrongHold bag?

    A. Wireless cards *
    B. Backup tapes
    C. Hard drives
    D. PDA’s

    23. Paraben’s Lockdown device uses which operating system to write hard drive data?

    A. Windows *
    B. Red Hat
    C. Unix
    D. Mac OS

    24. Why does Computer Forensic Labs, Inc. not recommend that companies search for
    evidence themselves?

    A. Searching can change date/time stamps *


    B. Searching could possibly crash the machine or device
    C. Searching creates cache files which would hinder the investigation
    D. Computer Forensic Labs, Inc. does not make this recommendation
    25. What is the smallest physical storage unit on a hard drive?

    A. Sector *
    B. Cluster
    C. Track
    D. Platter

    26. When operating systems mark a cluster as used but not allocated, the cluster is
    considered what?

    A. Lost *
    B. Bad
    C. Corrupt
    D. Unallocated

    27. Given the drive dimensions as follows and assuming a sector has 512 bytes, what is
    the capacity of the described hard drive?

    22,164 cylinders/disk
    80 heads/cylinder
    63 sectors/track

    A. 53.26 GB *
    B. 57.19 GB
    C. 11.17 GB
    D. .10 GB

    28. What will the following command accomplish?

    dd if=/dev/xxx of=mbr.backup bs=512 count=1


    A. Back up the master boot record *
    B. Restore the master boot record
    C. Mount the master boot record on the first partition of the hard drive
    D. Restore the first 512 bytes of the first partition of the hard drive

    29. A standard 120 mm CD-ROM will hold up to how much data?

    A. 700 MB *
    B. 850 MB
    C. 1.44 GB
    D. 550 MB

    30. What is the maximum capacity of a dual-layer blu-ray disc?

    A. 50 GB *
    B. 27 GB
    C. 40 GB
    D. 75 GB

    31. What hashing method is used to password protect Blackberry devices?

    A. SHA-1 *
    B. RC5
    C. MD5
    D. AES

    32. When preparing an investigative report, what sources provide examples of expert
    witnesses’ previous testimonies?

    A. Deposition banks *
    B. Testimony banks
    C. Subpoena banks
    D. Court docket banks

    33. For forensic investigative reports, what electronic format should reports be sent in?

    A. PDF *
    B. DOC
    C. WPD
    D. TIFF

    34. This type of witness is not considered an expert in a particular field?

    A. Lay witness *
    B. Material witness
    C. Clerk-appointed witness
    D. Bonded witness

    35. What type of numbering system in an investigative report is used in pleadings?

    A. Legal-sequential numbering *
    B. Decimal numbering structure
    C. Forensic-sequential numbering
    D. Binary-sequential numbering

    36. In a court of law, who is qualified by the court to address the behavior of the
    defendant or characteristics of a crime?

    A. Victim advocate *
    B. Legal counsel for defendant
    C. Legal counsel for prosecution
    D. No one is qualified

    37. This type of testimony is presented by someone who does the actual fieldwork and
    does not offer a view in court.

    A. Technical testimony *
    B. Expert testimony
    C. Victim advocate testimony
    D. Civil litigation testimony

    38. When should an MD5 hash check be performed when processing evidence?

    A. Before and after evidence examination *


    B. On an hourly basis during the evidence examination
    C. After the evidence examination has been completed
    D. Before the evidence examination has been completed

    39. When is it appropriate to use a formal checklist in a final report of an investigation?

    A. It is never appropriate to use a formal checklist in a final report *


    B. It is only appropriate to use a formal checklist in a final report in felony cases
    C. It is only appropriate to use a formal checklist in a final report in misdemeanor cases
    D. It is always suggested to use a formal checklist in a final report

    You might also like