1) When the Federal Bureau of investigation was created?

A) LC3 B) LC4 C) Network Stumbler D) Maltego Ans [d]

2) What is The Full form of CART

A) Computer Analysis and Response Team B) Cathode Analog Ray Tube C)
Computer Accessories Repairing team D) Computer Acceptance Repairing team
Ans [a]

3) When IOCE is Formed___________

A) cross-site scripting B) directory traversal C) parameter injection D)
injecting shell code Ans [d]

4) Full Form Of IOCE___________________

A) International Organization on Computer Evidence B) Internet of
Computer Education C) Internet of Computer Evidence D) Information of
Computer Education Ans [a]

5) When was the first FBI Regional Computer Forensic laboratory was
Recognize?.
A) 1992 B) 1980 C) 1949 D) 2000 Ans [d]

6) How Many Rules in Digital forensic____

A) 12 B) 19 C) 10 D) 6 Ans [d]

7) What is the Long form of DFI________

A) Digital Forensic Investigation B) Digital Fraud Industry C) Defining
Form In D) Digital Front Industry Ans [a]

8) How Many Phases in RDMDFR___________

A) 12 B) 19 C) 10 D) 6 Ans [d]

9) Investigator should satisfy the following point: 1. Contribute to the

society and human being2. Avoid harm to others3. honest and trustworthy
A) Only 1 B) Both 1 and 2 C) Both 3 and 1 D) 1,2 and 3 Ans [d]

10) Who proposed Road Map Model_________

A) G. Gunsh B) S. Ciardhuain C) J. Korn D) G. Palmar Ans [d]

11) Digital Evidence in the form of the: 1. Office File2. E-mail

Messages
A) Office File B) E-mail Messages C) Either A or B D) Both A and B Ans
[d]

12) In Computer intrusions the attacker will be leave multiple traces of

there presence in: 1) File System2) Registry3) System Logs
A) Only 1 B) Both 1 and 2 C) Both 3 and 1 D) 1,2 and 3 Ans [d]

13) What are the Form of Electronic Evidence:

A) Hard Drive B) E-mail C) Either A or B D) Both A and B Ans [d]

14) An attacker can create an .. attack by sending hundreds or thousands

of emails with very large attachment
A) Attachment Overloading Attack B) Connection Attack C) Auto Responder
Attack D) honest and trustworthy Ans [a]

15) What is an grey hat hacker

A) Black Hat Hacker B) White Hat Hacker C) Combination of White and
black hat hackers D) Green Hat Hacker Ans [b]
16) Which of the following is not type of volatile evidence:
A) Routing Tables B) Main Memory C) Log Files D) Cached Data Ans [d]

17) Having individuals provide personal information to obtain a free

offer provided through theInternet is considered what type of social
engineering? Having individuals provide personal information to obtain a
free offer provided through theInternet is considered what type of social
engineering? Having individuals provide personal information to obtain a
free offer provided through the Internet is considered what type of
social engineering?
A) Web-based B) Human-based C) User-based D) Computer-based Ans [d]

18) What is the best statement for taking advantage of a weakness in the
security of anIT system? What is the best statement for taking advantage
of a weakness in the security of anIT system? What is the best statement
for taking advantage of a weakness in the security of anIT system? What
is the best statement for taking advantage of a weakness in the security
of an IT system?
A) Threat B) Attack C) Exploit D) Vulnerability Ans [c]

19) Which form of encryption does WPA use?

A) Shared key B) An attempt to crack passwords by replacing characters
of a dictionary word with numbers and C) symbols. D) LEAP Ans [c]

20) What are hybrid attacks?

A) An attempt to crack passwords using words that can be found in
dictionary. B) An attempt to crack passwords by replacing characters of a
dictionary word with numbers and C) symbols. D) An attempt to crack
passwords by replacing characters of a dictionary word with numbers
andsymbols. Ans [b]

21) The Digital evidence are used to established a credible link

between______
A) Attacker and victim and the crime scene B) Attacker And information
C) Either A or B D) Both A and B Ans [a]

22) Enumeration is part of what phase of ethical hacking?

A) Reconnaissance B) Maintaining Access C) Gaining Access D) Scanning
Ans [c]

23) An Artificial Intelligence system developed by Terry A. Winograd to

permit an interactive dialogue about a domain he called blocks-world.
A) SIMD B) STUDENT C) SHRDLU D) BACON Ans [c]

24) A valid definition of digital evidence is

A) Data stored or transmitted using a computer B) Information of
probative value C) Digital data of probative value D) Any digital
evidence on a computer Ans [c]

25) What are the three general categories of computer systems that can
contain digital evidence?
A) Desktop, laptop, server B) Personal computer, Internet, mobile
telephone C) Hardware, software, networks D) Open computer systems,
communication systems, embedded systems Ans [d]

26) Cybertrails are advantageous because_______

 A) They are not connected to the physical world. B) Nobody can be harmed
by crime on the Internet. C) They are easy to follow. D) Offenders who
are unaware of them leave behind more clues than they otherwise Ans [d]

27) Private networks can be a richer source of evidence than the

Internet because
A) They retain data for longer periods of time. B) Owners of private
networks are more cooperative with law enforcement. C) Private networks
contain a higher concentration of digital evidence. D) Cracking passwords
Ans [c]

28) Which of the following statements best describes a white-hat hacker?

A) Security professional B) Former black hat C) Former grey hat D)
Malicious hacker Ans [a]

29) Sniffing is used to perform ______________ fingerprinting.

A) A.Passive stack B) Active stack C) Passive banner grabbing D) Scanned
Ans [a]

30) A packet with no flags set is which type of scan?

A) TCP B) XMAS C) IDLE D) NULL Ans [d]

31) What is the most important activity in system hacking?.

A) Information gathering B) Cracking passwords C) Escalating privileges
D) Covering tracks Ans [b]

32) Performing hacking activities with the intent on gaining visibility

for an unfair situation is called ________.
A) Cracking B) Analysis C) Hacktivism D) Exploitation Ans [c]

33) Which of the following will allow footprinting to be conducted

without detection?
A) PingSweep B) Traceroute C) War Dialers D) ARIN Ans [d]

34) In the past, the method for expressing an opinion has been to frame
a ____ question based on available factual evidence.
A) Hypothetical B) Nested C) Challenging D) Contradictory Ans [a]

35) More subtle because you are not aware that you are running these
macros (the document opens and the application automatically runs);
spread via email
A) The purpose of copyright B) Danger of macro viruses C) Derivative
works D) computer-specific crime Ans [b]

36) Why would a ping sweep be used?

A) To identify live systems B) To locate live systems C) To identify
open ports D) To locate firewalls Ans [a]

37) How is IP address spoofing detected?

A) Installing and configuring a IDS that can read the IP header B)
Comparing the TTL values of the actual and spoofed addresses C)
Implementing a firewall to the network D) Identify all TCP sessions that
are initiated but does not complete successfully Ans [b]

38) The first phase of hacking an IT system is compromise of which

foundation of security?.
A) Availability B) Confidentiality C) Integrity D) Authentication Ans
[b]
39) Which of the following are TRUE? 1. Port 139 is the NetBIOS Session
port typically can provide large amounts of information using APIs to
connect to the system 2. RIN is a publicly accessible database, which has
information that could be valuable
A) 1- True and 2-True B) 1- False and 2-True C) 1- True and 2-False D)
1- False and 2-False Ans [a]

40) Which ports should be blocked to prevent null session enumeration?

A) Ports 120 and 445 B) Ports 135 and 136 C) Ports 110 and 137 D) Ports
135 and 139 Ans [d]

41) What tool can be used to perform SNMP enumeration? 1. Whois 2.

DNSlookup 3. IP Network Browse
A) 1only B) 1and3 C) 4only D) 1 and 2 Ans [c]

42) Which of the statements are true? 1. Linux is an open source code
and considered to have greater security than the commercial Windows
environment. 2. Manufacturer settings, or default settings, may provide
basic protection against hacking threats, but need to change to provide
advance support.
A) Only statement 1 is true B) Only statement 2 is true C) Both
statements 1 and 2 are true D) Both statements 1 and 2 are false Ans [c]

43) These types of hackers are the most skilled hackers in the hackers
community. Who are they referred to?
A) White hat Hackers B) Elite Hackers C) Licensed Penetration Testers D)
Red Hat Hackers Ans [b]

44) What are some of the most common vulnerabilities that exist in a
network or system?
A) Changing manufacturer, or recommended, settings of a newly installed
application. B) Additional unused features on commercial software
packages. C) Utilizing open source application code D) Balancing security
concerns with functionality and ease of use of a system. Ans [b]

45) What is the purpose of a Denial of Service attack?

A) Exploit a weakness in the TCP/IP stack B) To execute a Trojan on a
system C) To overload a system so it is no longer operational D) To
shutdown services by turning them off Ans [c]

46) What type of rootkit will patch, hook, or replace the version of
system call in order to hide information?
A) Library level rootkits B) Kernel level rootkits C) System level
rootkits D) Application level rootkits Ans [a]

47) _________ are those individuals who maintain and handles IT security
in any firm or organization.
A) IT Security Engineer B) Cyber Security Interns C) Software Security
Specialist D) Security Auditor Ans [a]

48) Governments hired some highly skilled hackers. These types of

hackers are termed as _______
A) Special Hackers B) Government Hackers C) Cyber Intelligence Agents D)
Nation / State sponsored hackers Ans [d]
49) __________ security consultants uses database security monitoring
& scanning tools to maintain security to different data residing in
the database / servers / cloud.
A) Database B) Network C) System D) Hardware Ans [a]

50) Liveness detection in biometric is ______ is the ability of a system

to detect the heartbeat of the person b) is the ability of a system to
detect if the biometric belongs to a live person present at the point of
capture is the ability of a system to detect the heartbeat of the person
b) is the ability of a system to detect if the biometric belongs to a
live person present at the point of capture is the ability of a system to
detect the heartbeat of the person b) is the ability of a system to
detect if the biometric belongs to a live person present at the point of
capture is the ability of a system to detect the heartbeat of the person
b) is the ability of a system to detect if the biometric belongs to a
live person present at the point of capture 1) is the ability of a system
to detect the heartbeat of the person 2) is the ability of a system to
detect if the biometric belongs to a live person present at the point of
capture 3) Core area of focus for forensics of a Computer
A) Only 1 B) Both 2 and 1 C) Only 2 D) 1,2 and 3 Ans [c]

51) A fingerprint scanner scans the supplicants finger and compares it

to the template in a watch list. For a watch list that is a terrorist
black list at an airport to prevent a terrorist from boarding a plane, a
false acceptance (match) would be A fingerprint scanner scans the
supplicants finger and compares it to the template in a watch list. For a
watch list that is a terrorist black list at an airport to prevent a
terrorist from boarding a plane, a false acceptance (match) would be A
fingerprint scanner scans the supplicants finger and compares it to the
template in awatch list. For a watch list that is a terrorist black list
at an airport to prevent a terrorist fromboarding a plane, a false
acceptance (match) would be
A) security breach B) an inconvenience to an innocent party C) failure
to enroll D) Posting links to a victim Ans [b]

52) What does CoC concept refers to, in computer forensics?

A) Central access to data B) Core area of focus for forensics of a
Computer C) Core competencies of forensic team D) Chronological
Documentation Ans [d]

53) A fingerprint scanner scans the supplicants finger and compares it

to the template in a watch list. For a watch list that is a white list of
employees allowed into a data center. A false acceptance would b A
fingerprint scanner scans the supplicants finger and compares it to the
template in a watch list. For a watch list that is a white list of
employees allowed into a data center. A false acceptance would b A
fingerprint scanner scans the supplicants finger and compares it to the
template in awatch list. For a watch list that is a white list of
employees allowed into a data center. A falseacceptance would be
A) a security breach B) an inconvenience to an innocence party C)
failure to enroll D) non Ans [a]

54) A high resolution selfie of a person on a social network can be used

to extract
A) the template for their iris B) the template for their retina C) the
template for their DNA D) all of the above Ans [a]

55) How is social networking site frauds propagated?

 A) Checking email continuously B) Linking advertisements to current
events C) Posting links to a victim D) A,B and C Ans [d]

56) The FBIs __________________became the first ASCLD-LAB accredited

digital forensic laboratory.
A) North Texas Regional Computer Forensic Laboratory B) Central Defense
Computer Forensic Laboratory (DCFL) C) Regional Computer Forensic
Laboratories (RCFLs) D) The American Society of Testing Materials (ASTM)
Ans [a]

57) ____ increases the time and resources needed to extract,analyze,and

present evidence
A) Investigation plan B) Litigation path C) Scope creep D) Court order
for discovery Ans [c]

58) You begin any computer forensics case by creating a(n) ____.
A) Investigation plan B) Evidence custody form C) Risk assessment report
D) Investigation report Ans [a]

59) In civil and criminal cases, the scope is often defined by search
warrants or ____, which specify what data you can recover.
A) Risk assessment reports B) Scope creeps C) Investigation plans D)
Subpoena Ans [d]

60) ____ Search can locate items such as text hidden in unallocated
space that might not turn up in an indexed search.
A) Online B) Active C) Inline D) Live Ans [d]

61) ______________ is an open standard that allows identity providers

(IdP) to pass authorization credentials to service providers (SP).
___________ use __________ for standardized communications between the
identity provider and service providers ______________ is an open
standard that allows identity providers (IdP) to passauthorization
credentials to service providers (SP). ___________ use __________
forstandardized communications between the identity provider and service
providers
A) SAML, SSO, XML B) SAML, SAML, XML C) XML, XML, SAML D) SSO, SSO, XML
Ans [b]

62) ____ Recovery is a fairly easy task in computer forensic analysis.

A) Data B) Password C) Partition D) Image Ans [b]

63) ____ are handy when you need to image the drive of a computer far
away from your location or when you dont want a suspect to be aware of an
ongoing investigation.
A) Scope creeps B) Password recovery tools C) Remote acquisitions D) Key
escrow utilities Ans [d]

64) ____ is a remote access program for communication between two

computers. The connection is established by using the DiskExplorer
program (FAT or NTFS) corresponding to the suspect (remote) computers
file system
A) HDHOST B) DiskEdit C) DiskHost D) HostEditor Ans [a]

65) The term ____ comes from the Greek word for hidden writing.
A) Creep B) Escrow C) Steganography D) Hashing Ans [c]
66) ____ is defined as the art and science of hiding messages in such a
way that only the intended recipient knows the message is there.
A) Bit shifting B) Marking bad clusters C) Encryption D) Steganography
Ans [d]

67) LDAP is used to communicate between______

A) authentication servers B) a directory server and an authentication
server C) domain controllers D) clients Ans [b]

68) There are three c &#39s in computer forensics. Which is one of the
three?
A) Control B) Chance C) Chairs D) 1,2 and 3 Ans [a]

69) You are supposed to maintain three types of records. Which answer is
not a record?
A) Chain of custody B) Documentation of the crime scene C) Searching the
crime scene D) Document your actions Ans [a]

70) What is Digital Forensic?

A) Process of using scientific knowledge in analysis and presentation of
evidence in court B) The application of computer science and
investigative procedures for a legal purpose involving the analysis of
digital evidence after proper search authority, chain of custody,
validation with mathematics, use of validated tools, repeatability,
reporting, and possible expert presentation C) A process where we develop
and test hypotheses that answer questions about digital events D) Use of
science or technology in the investigation and establishment of the facts
or evidence in a court of law Ans [b]

71) Which of the following are elements of Information Security Policy?

1. Network forensics is a branch that deals with capturing, recording and
analysis the data packers to find out the source of network security
attacks. 2. The seven-layer OSI model benefits this because it helps in
communicating between two endpoints in a network.3. The OSI or the Open
System Interconnect Model includes 7 protocol layers. Each layer has a
specific task and thus supporting network forensics.
A) 1 only B) 2 and 3 only C) 1 and 2 only D) 1,2 and 3 Ans [d]

72) Which of the following are TRUE? 1. Network forensics is a branch of

digital forensics2. In fact, a case where disk forensics is not used in
an investigation could be considered equivalent to a conventional case
where CCTV evidence has been overlooked.
A) 1- True and 2-True B) 1- False and 2-True C) 1- True and 2-False D)
1- False and 2-False Ans [a]

73) A generic Network forensic examination includes the following steps?

1. Dentification, 2. Preservation,3. Collection,4. Examination,
A) Both 1 and 2 B) 1,2,and 3 C) Only 4 D) 1,2,3,4 Ans [d]

74) ____________is capture, recording and analysis of network packets in

order to determine the source of network security attacks.
A) Computer forensics B) Network forensics C) Security forensics D) Data
forensics Ans [b]

75) Which of the following statements are true? 1. Network forensics

ensures a slower incident response to an attack2. Network forensics
provides methods to predict future attacks by correlating attack patterns
from previous records of intrusion traffic data.
 A) 1- True and 2-True B) 1- False and 2-True C) 1- True and 2-False D)
1- False and 2-False Ans [b]

76) General purpose tools used in network forensics is _____________

A) Fingerprinting B) Intrusion detection C) Sniffers D) Extract SSL
information Ans [c]

77) Upon discovering a potential fraud involving computer systems, the

organization should _____
A) ask the subject of the investigation to remove all personal
information from the device and notify the company when the task is
complete B) take no immediate action until there is adequate proof of
misconduct C) use a magnet to physically destroy all information on the
hard drive that belonged to the subject &#39s computer D) take physical
custody of the device itself and suspend the user &#39s access to all
information systems Ans [d]

78) Attempting to gain access to a network using an employees

credentials is called the _____________mode of ethical hacking.
A) Local networking B) Social engineering C) Physical entry D) Remote
networking. Ans [a]

79) Which ports should be blocked to prevent null session enumeration?

A) Ports 120 and 445 B) Ports 135 and 136 C) Ports 110 and 137 D) Ports
135 and 139 Ans [d]

80) The first phase of hacking an IT system is compromise of which

foundation of security?
A) Availability B) Confidentiality C) Integrity D) Authentication Ans
[b]

81) How is IP address spoofing detected? ________________

A) Installing and configuring a IDS that can read the IP header B)
Comparing the TTL values of the actual and spoofed addresses C) Identify
all TCP sessions that are initiated but does not complete successfully D)
Installing IDS that can read the IP header Ans [b]

82) Which of the following statements are true? 1. Social network

forensics is nothing more than the application of computer investigation
and analysis techniques,. 2. Social network forensics will be a question
of finding where the evidence lies and collecting it without violating
any law.
A) 1- True and 2-True B) 1- False and 2-True C) 1- True and 2-False D)
1- False and 2-False Ans [a]

83) Having individuals provide personal information to obtain a free

offer provided through the Internet isconsidered what type of social
engineering?
A) Web-based B) Human-based C) User-based D) Computer-based Ans [d]

84) E-mail messages are distributed from one central server to many
connected client computers, a configuration called ____.
A) client/server architecture B) client architecture C) central
distribution architecture D) peer-to-peer architecture Ans [a]

85) A written report is frequently a(n) ____ or a declaration.

A) Subpoena B) Deposition C) Affidavit D) Perjury Ans [c]
86) Paraben Software is a leader in mobile forensics software and offers
several tools, including ____, which can be used to acquire data from a
variety of phone models.
A) BitPim B) MOBILedit! C) DataPilot D) Device Seizure Ans [d]

87) A common tool for data visualization in Cyber Forensics is _______

A) Intrusion detection B) link analysis C) Network forensics D) Subpoena
Ans [b]

88) Which are the Current Challenges in Digital Forensics Investigation?

1. Hardware Problems 2. Software Issues 3. Legal Challenges
A) 1 only B) 1 and 2 C) 2 only D) 1,2 and 3 Ans [d]

89) In a ____________environment, there is an increase in the identity

theft and opportunities of credential compromise.
A) Mobile computing B) Cloud-based C) Network based D) Parallel
computing Ans [b]

90) According to Fahdi, Clarke &Furnell (2013), th challenges of

digital forensics can be categorized into __________
A) Technical challenges,Legal challenges,Resource challenges B)
Artificial challenges,Legal challenges,Resource challenges C) Technical
challenges,Illegal challenges,Resource challenges D) Technical
challenges,Legal challenges,Social challenges Ans [a]

91) According to Rekhis&Boudriga (2010), anti-forensic techniques

can be classified into categories as listed below_______ 1. Encryption 2.
Steganography 3. Covert Channel 4. Data hiding in storage space
A) Only 1 B) Both 1 and 2 C) Both 3 and 4 D) 1,2,3 and 4 Ans [d]

92) A ___________is an examination of a companys financial records to

derive evidence which can be used in a court of law or legal proceeding.
A) Forensic Audit B) Special Audit C) Income tax Audit D) Financial
Audit Ans [a]

93) Forensic audit investigations are made for several reasons,

including the following____ 1. Asset Misappropriation2. Financial
statement fraud 3. System statement fraud
A) Only 1 B) Both 1 and 2 C) Both 3 and 4 D) Only 3 Ans [b]

94) Which of the following statements are true? 1. The forensic auditor
needs to be present during court proceedings to explain the evidence
collected and how the suspect was identified.2. The report should include
the findings of the investigation, a summary of the evidence, an
explanation of how the fraud was perpetrated, and suggestions on how
internal controls can be improved to prevent such frauds in the future.
A) 1- True and 2-True B) 1- False and 2-True C) 1- True and 2-False D)
1- False and 2-False Ans [a]

95) The following steps are procedure for a forensic audit

investigation. A. Plan the investigationB. Collecting Evidence. C.
Reporting
A) 1 and 2 B) 1,2 and 3 C) 1 and 3 D) 2 and 3 Ans [b]

96) Forensic auditing combines ________________along with an

understanding of accounting principles to determine if there are
suspicious practices hiding beneath company or individual financial
records and statements.
 A) Digital signature B) Attribution of record C) Collecting Evidence D)
Investigative techniques Ans [d]

97) Forensic auditing can sometimes be referred to as ___________

A) Asset Misappropriation B) Special Audit C) Forensic accounting D)
Forensic Auditing Ans [c]

98) What are the regulatory stance on forensic audits?

A) Reserve Bank of India B) Enforcement Directorate (ED) C) Income tax
department D) Both A and B Ans [d]

99) Which of the following has heightened effect on security?

A) Depends upon the client defenses B) False Positive C) False Negative
D) Depends upon the value of risk Ans [d]

100) Where does ephemeral data is accessed during computer forensics

examination?
A) RAM B) Depends upon the criticality C) Hard drive D) Pen drive Ans
[a]

101) What does CoC concept refers to, in computer forensics?

A) Central access to data B) Core area of focus for forensics of a
Computer C) Core competencies of forensic team D) Chronological
Documentation Ans [d]

102) Which of the following has heightened effect on security?

A) False Positive B) Depends upon the client defenses C) False Negative
D) Depends upon the value of risk Ans [d]

103) What is the file extension used by outlook express to store e-mails
locally
A) Pst B) doc C) nsf D) Rst Ans [a]

104) How is social networking site frauds propagated?

A) Checking email continuously B) Linking advertisements to current
events C) Posting links to a victim D) A,B and C Ans [d]

105) The FBIs __________________became the first ASCLD-LAB accredited

digital forensic laboratory.
A) North Texas Regional Computer Forensic Laboratory B) Central Defense
Computer Forensic Laboratory (DCFL) C) Regional Computer Forensic
Laboratories (RCFLs) D) The American Society of Testing Materials (ASTM)
Ans [a]

106) ____ increases the time and resources needed to extract,analyze,and

present evidence
A) Investigation plan B) Litigation path C) Scope creep D) Court order
for discovery Ans [c]

107) You begin any computer forensics case by creating a(n) ____.
A) Investigation plan B) Evidence custody form C) Risk assessment report
D) Investigation report Ans [a]

108) In civil and criminal cases, the scope is often defined by search
warrants or ____, which specify what data you can recover.
A) Risk assessment reports B) Scope creeps C) Investigation plans D)
Subpoena Ans [d]
109) ____ Search can locate items such as text hidden in unallocated
space that might not turn up in an indexed search.
A) Online B) Active C) Inline D) Live Ans [d]

110) ____ attacks use every possible letter, number, and character found
on a keyboard when cracking a password.
A) Brute-force B) Profile C) Dictionary D) Statistics Ans [a]

111) ____ Recovery is a fairly easy task in computer forensic analysis.

A) Data B) Password C) Partition D) Image Ans [b]

112) ____ are handy when you need to image the drive of a computer far
away from your location or when you dont want a suspect to be aware of an
ongoing investigation.
A) Scope creeps B) Password recovery tools C) Remote acquisitions D) Key
escrow utilities Ans [d]

113) ____ is a remote access program for communication between two

computers. The connection is established by using the DiskExplorer
program (FAT or NTFS) corresponding to the suspect (remote) computers
file system
A) HDHOST B) DiskEdit C) DiskHost D) HostEditor Ans [a]

114) The term ____ comes from the Greek word for hidden writing.
A) Creep B) Escrow C) Steganography D) Hashing Ans [c]

115) ____ is defined as the art and science of hiding messages in such a
way that only the intended recipient knows the message is there.
A) Bit shifting B) Marking bad clusters C) Encryption D) Steganography
Ans [d]

116) People who want to hide data can also use advanced encryption
programs, such as PGP or ____.
A) NTI B) FTK C) BestCrypt D) PRTK Ans [d]

117) There are three c &#39s in computer forensics. Which is one of the
three?
A) Control B) Chance C) Chairs D) 1,2 and 3 Ans [a]

118) You are suppose to maintain three types of records. Which answer is
not a record?
A) Chain of custody B) Documentation of the crime scene C) Searching the
crime scene D) Document your actions Ans [a]

119) What is Digital Forensic?

A) Process of using scientific knowledge in analysis and presentation of
evidence in court B) The application of computer science and
investigative procedures for a legal purpose involving the analysis of
digital evidence after proper search authority, chain of custody,
validation with mathematics, use of validated tools, repeatability,
reporting, and possible expert presentation C) A process where we develop
and test hypotheses that answer questions about digital events D) Use of
science or technology in the investigation and establishment of the facts
or evidence in a court of law Ans [b]

120) Which of the following are elements of Information Security Policy?

1. Network forensics is a branch that deals with capturing, recording and
analysis the data packers to find out the source of network security
attacks. 2. The seven-layer OSI model benefits this because it helps in
communicating between two endpoints in a network.3. The OSI or the Open
System Interconnect Model includes 7 protocol layers. Each layer has a
specific task and thus supporting network forensics.
A) 1 only B) 2 and 3 only C) 1 and 2 only D) 1,2 and 3 Ans [d]

121) Which of the following are TRUE? 1. Network forensics is a branch

of digital forensics2. In fact, a case where disk forensics is not used
in an investigation could be considered equivalent to a conventional case
where CCTV evidence has been overlooked.
A) 1- True and 2-True B) 1- False and 2-True C) 1- True and 2-False D)
1- False and 2-False Ans [a]

122) A generic Network forensic examination includes the following

steps? 1. Dentification, 2. Preservation,3. Collection,4. Examination,
A) Both 1 and 2 B) 1,2,and 3 C) Only 4 D) 1,2,3,4 Ans [d]

123) ____________is capture, recording and analysis of network packets

in order to determine the source of network security attacks.
A) Computer forensics B) Network forensics C) Security forensics D) Data
forensics Ans [b]

124) Which of the following statements are true? 1. Network forensics

ensures a slower incident response to an attack2. Network forensics
provides methods to predict future attacks by correlating attack patterns
from previous records of intrusion traffic data.
A) 1- True and 2-True B) 1- False and 2-True C) 1- True and 2-False D)
1- False and 2-False Ans [b]

125) General purpose tools used in network forensics is _____________

A) Fingerprinting B) Intrusion detection C) Sniffers D) Extract SSL
information Ans [c]

126) Upon discovering a potential fraud involving computer systems, the

organization should _____
A) ask the subject of the investigation to remove all personal
information from the device and notify the company when the task is
complete B) take no immediate action until there is adequate proof of
misconduct C) use a magnet to physically destroy all information on the
hard drive that belonged to the subject &#39s computer D) take physical
custody of the device itself and suspend the user &#39s access to all
information systems Ans [d]

127) Attempting to gain access to a network using an employees

credentials is called the _____________mode of ethical hacking.
A) Local networking B) Social engineering C) Physical entry D) Remote
networking. Ans [a]

-128) Which ports should be blocked to prevent null session enumeration?

A) Ports 120 and 445 B) Ports 135 and 136 C) Ports 110 and 137 D) Ports
135 and 139 Ans [d]

-127) The first phase of hacking an IT system is compromise of which

foundation of security?
A) Availability B) Confidentiality C) Integrity D) Authentication Ans
[b]

-126) How is IP address spoofing detected? ________________

 A) Installing and configuring a IDS that can read the IP header B)
Comparing the TTL values of the actual and spoofed addresses C) Identify
all TCP sessions that are initiated but does not complete successfully D)
Installing IDS that can read the IP header Ans [b]

-125) Which of the following statements are true? 1. Social network

forensics is nothing more than the application of computer investigation
and analysis techniques,. 2. Social network forensics will be a question
of finding where the evidence lies and collecting it without violating
any law.
A) 1- True and 2-True B) 1- False and 2-True C) 1- True and 2-False D)
1- False and 2-False Ans [a]

-124) Having individuals provide personal information to obtain a free

offer provided through the Internet isconsidered what type of social
engineering?
A) Web-based B) Human-based C) User-based D) Computer-based Ans [d]

-123) E-mail messages are distributed from one central server to many
connected client computers, a configuration called ____.
A) client/server architecture B) client architecture C) central
distribution architecture D) peer-to-peer architecture Ans [a]

-122) A written report is frequently a(n) ____ or a declaration.

A) Subpoena B) Deposition C) Affidavit D) Perjury Ans [c]

-121) Paraben Software is a leader in mobile forensics software and

offers several tools, including ____, which can be used to acquire data
from a variety of phone models.
A) BitPim B) MOBILedit! C) DataPilot D) Device Seizure Ans [d]

-120) A common tool for data visualization in Cyber Forensics is _______

A) Intrusion detection B) link analysis C) Network forensics D) Subpoena
Ans [b]

-119) Which are the Current Challenges in Digital Forensics

Investigation? 1. Hardware Problems 2. Software Issues 3. Legal
Challenges
A) 1 only B) 1 and 2 C) 2 only D) 1,2 and 3 Ans [d]

-118) In a ____________environment, there is an increase in the identity

theft and opportunities of credential compromise.
A) Mobile computing B) Cloud-based C) Network based D) Parallel
computing Ans [b]

-117) According to Fahdi, Clarke &Furnell (2013), th challenges of

digital forensics can be categorized into __________
A) Technical challenges,Legal challenges,Resource challenges B)
Artificial challenges,Legal challenges,Resource challenges C) Technical
challenges,Illegal challenges,Resource challenges D) Technical
challenges,Legal challenges,Social challenges Ans [a]

-116) According to Rekhis&Boudriga (2010), anti-forensic techniques

can be classified into categories as listed below_______ 1. Encryption 2.
Steganography 3. Covert Channel 4. Data hiding in storage space
A) Only 1 B) Both 1 and 2 C) Both 3 and 4 D) 1,2,3 and 4 Ans [d]
-115) A ___________is an examination of a companys financial records to
derive evidence which can be used in a court of law or legal proceeding.
A) Forensic Audit B) Special Audit C) Income tax Audit D) Financial
Audit Ans [a]

-114) Forensic audit investigations are made for several reasons,

including the following____ 1. Asset Misappropriation2. Financial
statement fraud 3. System statement fraud
A) Only 1 B) Both 1 and 2 C) Both 3 and 4 D) Only 3 Ans [b]

-113) Which of the following statements are true? 1. The forensic

auditor needs to be present during court proceedings to explain the
evidence collected and how the suspect was identified.2. The report
should include the findings of the investigation, a summary of the
evidence, an explanation of how the fraud was perpetrated, and
suggestions on how internal controls can be improved to prevent such
frauds in the future.
A) 1- True and 2-True B) 1- False and 2-True C) 1- True and 2-False D)
1- False and 2-False Ans [a]

-112) The following steps are procedure for a forensic audit

investigation. 1) Plan the investigation2) Collecting Evidence. 3)
Reporting
A) 1 and 2 B) 1,2 and 3 C) 1 and 3 D) 2 and 3 Ans [b]

-111) Forensic auditing combines ________________along with an

understanding of accounting principles to determine if there are
suspicious practices hiding beneath company or individual financial
records and statements.
A) Digital signature B) Attribution of record C) Collecting Evidence D)
Investigative techniques Ans [d]

-110) Forensic auditing can sometimes be referred to as ___________

A) Asset Misappropriation B) Special Audit C) Forensic accounting D)
Forensic Auditing Ans [c]

-109) What are the regulatory stance on forensic audits?

A) Reserve Bank of India B) Enforcement Directorate (ED) C) Income tax
department D) Both A and B Ans [d]