Sr.

No Question Options Correct Answer

a) Criminal Prosecutors
Who Can Use Computer b) Civil litigations
1 d)All of them
Forensic Evidence? c) Law enforcement
d) All of them
A. How to recover data from
computers while preserving
evidential integrity
When handling computers B. How to keep your data and
for legal purposes, information safe from theft or B. How to keep
investigators increasingly are accidental loss your data and
2
faced with four main types of C. How to securely store and information safe
problems, except: handle recovered data from theft
D. How to find the significant
information in a large volume
of data

A. A defined methodology
In order for a double tier
B. Civil control A. A defined
approach to work it is
3 C. A breach of contract methodology
necessary to have:
D. Asset recovery

Criteria for equipment in the A. Simple to use

double tier approach results B. Quick to learn
4 D. Legally operable
in the following C. Totally reliable
except: D. Legally operable
computer forensics specialist
a) Protect
will take several careful steps
b) Discover
5 to identify and d)All of them
c) Recover
attempt to retrieve possible
d) All of them
evidence
A computer forensics
professional does more than
turn on a computer, make
a directory listing, and search
through files. Your forensics
professionals should A. Data seizure
be able to successfully B. Data duplication and
6 perform complex evidence preservation D. Data dump
recovery procedures with the C. Data recovery
skill and expertise that lends D. Data dump
credibility to your case. For
example, they should
be able to perform the
following services, except:

A computer forensics A. Protects the subject

specialist is the person
responsible for doing
7 computer
forensics. The computer
forensics specialist will take
several careful steps to
computer system during the
forensic examination from C. Reconstructs
any possible alteration, system failure
damage, data corruption, or
virus introduction
B. Discovers all files on the
 identify and attempt to
retrieve possible evidence
that may exist on a subject
computer system. This
results in the following steps
except:
The following are what it
really costs to replace a
8 software
stolen computer, except:
Forensic services include but
are not limited to the
9 deleted and hidden files
following, except:
Computer evidence is like
10 any other evidence. It must
be
The legal aspects of a
computer forensics
investigation center primarily
11
on the
following two main issues:
subject system. This includes
existing normal files,
deleted yet remaining files,
hidden files, password-
protected files, and encrypted
files
C. Reconstructs system failure
D. Recovers all (or as much as
possible) of discovered deleted
files
A. The price of the
replacement hardware
B. The price of replacing the C. The cost of
creating data
C. The cost of creating data
D. The cost of lost production
time or instruction time
A. Lost password and file
recovery
B. Location and retrieval of D. Email non-
supervision and
C. File and email decryption non-authentication
D. Email non-supervision and
non-authentication
a) Authentic
b) Accurate
d)All of them
c) Complete
d) All of them
A. The requirements that need
to be met in order for evidence
to be successfully
presented in court and, of
course, not considered legally
admissible
B. The requirements that need
to be met in order for evidence
to be successfully B. The
presented in court and, of requirements that
course, considered legally need to be met in
admissible order for evidence
C. The right of the investigator to be successfully
to avoid the possibility of not presented in court
incurring legal and, of course,
action against himself or the considered legally
organization for whom he is admissible
conducting the
investigation
D. The acceptance of the
investigator to avoid the
possibility of incurring
legal action against himself or
the organization for whom he
is reviewing
 the investigation
a) There is no direct
return on investment in
building security
systems.
b) Security systems are
detrimental to usability
and can make IT
systems less functional,
Considering commerce and
and therefore less
marketing, which of the
attractive to the
12 following present the most d) All of the above
consumer.
significant obstacle to
c) There is pressure to
developing IT security?
reduce the time it takes
to get a new IT product
or system onto the
market, so security
systems are sacrificed
in order to reduce the
time-to-market.
d) All of the above
a) Digitalised sensitive
information
b) Critical Information
What is the referent object in c) Government
Infrastructures
13 contemporary cyber- IT systems
c) Government IT
security?
systems
d) Telecommunication
networks
When did politicians, a) 1970s
academics, and other agents b) 1960s a)1970s
14
begin to talk seriously about c) 1990s
cyber-security? d) 1980s
a) Careful methodology
of approach, including
record keeping
b) A sound knowledge of
The key features of the computing, particularly
15 d) All of them
forensic technician are in any specialist areas
claimed
c) A sound knowledge of
the law of evidence
d) All of them
a) Any crime that uses
computers to
jeopardise or attempt to
jeopardise national
security d) Any crime that
What is meant by the term
16 b) The use of computer involves computers
'cyber-crime'?
networks to commit and networks
financial or identity
fraud
c) The theft of digital
information

Which of the following is not
17 a type of cyber crime?
Which of the following is not
a type of peer-to-peer cyber-
18
crime?
Which of the following is not
an example of a computer as
19
defense cyber-crime?
In terms of digital evidence,
20 the Internet is an example of
In terms of digital evidence,
21 a hard drive is an example
of:
In terms of digital evidence,
22 a Smart Card is an example
of
A valid definition of digital
23
evidence is:
A logon record tells us that,
24 at a specific time:
Computers can be involved
in which of the following
25
types of crime?
d) Any crime that
involves computers and
networks
a) Data theft
b) Forgery d) Installing
c) Damage to data and systems antivirus for
d) Installing antivirus for protection
protection
a) Phishing
b) Injecting Trojans to a target
d) Credit card
victim
details leak in deep
c) MiTM
web
d) Credit card details leak in
deep web
a) Credit card fraudulent
b) Spying someone using
b) Spying someone
keylogger
using keylogger
c) IPR Violation
d) Pornography
a. Open computer systems
b. Communication systems b. Communication
c. Embedded computer systems
systems
d. None of the above
a. Open computer systems
b. Communication systems a. Open computer
c. Embedded computer systems
systems
d. None of the above
a. Open computer systems
b. Communication systems c. Embedded
c. Embedded computer computer systems
systems
d. None of the above
a. Data stored or transmitted
using a computer
b. Information of probative
c. Digital data of
value
probative value
c. Digital data of probative
value
d. Any digital evidence on a
computer
a. An unknown person logged
into the system using the
account c. The account was
b. The owner of a specific used to log into the
account logged into the system system
c. The account was used to log
into the system
d. None of the above
a. Homicide and sexual assault
b. Computer intrusions and
d. All of the above
intellectual property theft
c. Civil disputes

Private networks can be a
richer source of evidence
26
than the Internet because:
Computers can play the
27 following roles in a crime:
The following specializations crime scene technician)
28 exist in digital investigations: b. Forensic examiner
One of the most common
approaches to validating
29
forensic software is to:
A printer used for
counterfeiting is an example
30
of:
Having a member of the
search team trained to handle presentation of the case
digital evidence:
31
a. Can reduce the number of for opposing counsel to
people
What can you do to
determine the number of
32
sectors on a hard drive larger c. Check the drive
than 8GB?
A device that connets
33 network with different
protocols
d. All of the above
a. They retain data for longer
periods of time.
b. Owners of private networks c. Private networks
are more cooperative with law contain a higher
enforcement. concentration of
c. Private networks contain a digital evidence.
higher concentration of digital
evidence.
d. All of the above.
a. Target, object, and subject
b. Evidence,
b. Evidence, instrumentality,
instrumentality,
contraband, or fruit of crime
contraband, or fruit
c. Object, evidence, and tool
of crime
d. Symbol, instrumentality, and
source of evidence
a. First responder (a.k.a. digital
d. All of the above
c. Digital investigator
d. All of the above
a. Examine the source code
b. Ask others if the software is
c. Compare results
reliable
of multiple tools for
c. Compare results of multiple
discrepancies
tools for discrepancies
d. Computer forensic tool
testing projects
a. Hardware as contraband or
fruits of crime
b. Hardware as an b. Hardware as an
instrumentality instrumentality
c. Hardware as evidence
d. Information as contraband
or fruits of crime
who handle the evidence
b. Can serve to streamline the
c. Can reduce the opportunity
d. All of the above
impugn the integrity of the
evidence
d. All of the above
a. Use a UNIX tool like
hdparm
b. Use a Windows tools like
EnCase
d. All of the above
manufacturer’s website for the
specific drive
d. All of the above
a. Switch
c. Gateway
b. Hub
c. Gateway

A device that is used to
34
connect a number of LANs is
Computer crimes include the
35 following, except:
The following are some
helpful tips that you can
follow to help preserve data
36
for future computer forensic
examination, except:
Each participant in a
computer forensics course
who successfully completes
the
course should receive some
sort of a certificate of
37
completion that is suitable
for
framing. They should also
leave the course with a good
understanding of the
following, except:
Internal events are
committed by those with a
substantial link to the
intended
victim, for example, a bank
38 employee who siphons
electronic funds from a
customer’s account. Other
examples include the
following, except:
Forensic investigators
39 perform the following,
except:
The following are critical
40 national infrastructures as
listed by the executive
d. All of these
a. Routers
b. Repeater
a. Routers
c. Bridge
d. All of these
A. Financial information
B. Sabotage of data and/or
networks
C. Theft of proprietary A. Financial
information information
D. System penetration from
the outside and denial of
service
A. Do not turn on or attempt to
examine the suspect computer.
This could result
in destruction of evidence. C. Run all in-
B. Identify all devices that house
may contain evidence. computers
C. Run all in-house computers.
D. Quarantine all in-house
computers.
A. Computer evidence
processing
C. Troy horse
B. Preservation of evidence
programs
C. Troy horse programs
D. Computer forensics
documentation
A. Downloading or
distributing offensive material D.
B. Theft of intellectual Unintentional
property or intentional
C. Internal system intrusions addition or
D. Unintentional or intentional damage of data
addition or damage of data or or systems
systems
A. Detect the extent of a
security breach.
B. Recover found
B. Recover found data.
data.
C. Recover lost data.
D. Determine how an intruder
got past security mechanisms.
A. Electric power system
C. Web site
B. Gas and oil storage and
transportation
 order, except:
For a strategy of deterrence
41 to work the following must
hold, except:
In what has been called the
“complex-system issue,” the
42 following are axioms,
except:
The following requirements
of jus ad bellum were
43 developed by Thomas
Aquinas in the 13th century,
except:
By changing perspectives
from defense to offense, the
following are in the U.S.
44
arsenal to wage IW against
an adversary, except:
C. Web site
D. Banking and finance
A. The incident must not be
well defined.
B. The identity of the
perpetrator must be A. The incident
unambiguous. must not be well
C. The will and ability to carry defined.
out a deterrence strike must be
believed.
D. The perpetrator must have
something of value at stake.
A. Complex systems fail in
unpredictable ways from
causes that seem to be
minor and, often, obvious
flaws in retrospect.
B. Complex systems pass in
unpredictable ways from B. Complex
causes that seem to be systems pass in
unpredictable ways
minor and, often, obvious
flaws in retrospect. from causes that
C. The failure of a complex seem to be
system may be exceptionally minor and, often,
difficult to discover obvious flaws in
and repair. retrospect.
D. Complex systems fail at
inopportune moments—
usually during demanding
system use when the
consequences of failure are
highest.
A. The resort to force must
have a just cause.
B. It must be authorized by a C. It is expected to
competent authority. produce a
C. It is expected to produce a preponderance of
preponderance of evil over evil over good.
good.
D. It must have a reasonable
chance of success.
A. Offensive software
(viruses, worms, trojan horses)
B. Sniffing or “wiretapping”
software (enabling the capture D. Directed non-
of an adversary’s energy weapons
(designed to
communications)
destroy electronics,
C. Chipping (malicious
not humans
software embedded in systems
and buildings)
by manufacturer)
D. Directed non-energy
weapons (designed to destroy
electronics, not humans

Because the Internet is built
upon the TCP/IP protocol,
many hacker attacks
will seek to exploit the TCP
45 ports of these servers with
public IP addresses. A
number of common ports are
scanned and attacked,
except:
Private citizens have
46 legitimate reasons to do the
following, except:
You only have three
directions to go with
47
hacking, except:
Just as perpetrators such as
hackers and crackers have
done to wired networks,
48 they can assault WLANs
through the same methods,
except:
Hackers can do the
49 following, except:
In order for a double tier
approach to work it is
50
necessary to have:
and buildings)
A. FTP (21)
B. Telnet (23)
D. INS (53)
C. SMTP (25)
D. INS (53)
A. Preserve confidentiality
B. Protect flaws
C. Protect trade secrets B. Protect flaws
D. Prevent legal or medical
records from falling into
strangers’ hands
A. You can keep doing the
same old tricks.
B. You can become a real C. You can be hired
criminal cracker. to hack other
D. You can use those skills hackers.
wisely to build new software
and create a more secure
Internet.
A. Unauthorized access points
B. Data interception
D. Authorized
C. Denial-of-service (DoS)
access points
attacks
D. Authorized access points
A. Break into computers
through well-documented
holes (they read security
alerts, too) when users don’t
install patches.
B. Enter networks through old
computers that are no longer in
use. This can D. Physically
happen when administrators destroy a
forget to disconnect an ex- network.
employee’s system
from the modem or network.
C. Target data on a less-
protected off-site machine that
stores backups.
D. Physically destroy a
network.
A. A defined methodology
A. A defined
B. Civil control
methodology
C. A breach of contract
D. Asset recovery