NEW QUESTION 1
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:

• A. Analysis
• B. Preparation
• C. Examination
• D. Collection

Answer: C

NEW QUESTION 2
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you categorize this type of account?

• A. Inappropriate usage incident
• B. Unauthorized access incident
• C. Network intrusion incident
• D. Denial of Service incident

Answer: A

NEW QUESTION 3
According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

• A. One image copy
• B. Two image copies
• C. Three image copies
• D. Four image copies

Answer: B

NEW QUESTION 4
A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim’s system is called:

• A. Trojan
• B. Worm
• C. Virus
• D. RootKit

Answer: A

NEW QUESTION 5
Which of the following is NOT a digital forensic analysis tool:

• A. Access Data FTK
• B. EAR/ Pilar
• C. Guidance Software EnCase Forensic
• D. Helix

Answer: B

NEW QUESTION 6
The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can access it remotely is called:

• A. Spyware
• B. Logic Bomb
• C. Trojan
• D. Worm

Answer: A

NEW QUESTION 7
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following helps in recognizing and separating the infected hosts from the information system?

• A. Configuring firewall to default settings
• B. Inspecting the process running on the system
• C. Browsing particular government websites
• D. Sending mails to only group of friends

Answer: B

NEW QUESTION 8
The main difference between viruses and worms is:

• A. Worms require a host file to propagate while viruses don’t
• B. Viruses require a host file to propagate while Worms don’t
• C. Viruses don’t require user interaction; they are self-replicating malware
• D. Viruses and worms are common names for the same malware

Answer: B

NEW QUESTION 9
The steps followed to recover computer systems after an incident are:

• A. System restoration, validation, operation and monitoring
• B. System restoration, operation, validation, and monitoring
• C. System monitoring, validation, operation and restoration
• D. System validation, restoration, operation and monitoring

Answer: A

NEW QUESTION 10
To whom should an information security incident be reported?

• A. It should not be reported at all and it is better to resolve it internally
• B. Human resources and Legal Department
• C. It should be reported according to the incident reporting & handling policy
• D. Chief Information Security Officer

Answer: C

NEW QUESTION 11
An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

• A. Nessus
• B. CyberCop
• C. EtherApe
• D. nmap

Answer: A

NEW QUESTION 12
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:

• A. “arp” command
• B. “netstat –an” command
• C. “dd” command
• D. “ifconfig” command

Answer: B

NEW QUESTION 13
The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by antispyware tools is most likely called:

• A. Software Key Grabber
• B. Hardware Keylogger
• C. USB adapter
• D. Anti-Keylogger

Answer: B

NEW QUESTION 14
Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical damage:

• A. Network and host log records
• B. Chain-of-Custody
• C. Forensic analysis report
• D. Chain-of-Precedence

Answer: B

NEW QUESTION 15
The typical correct sequence of activities used by CSIRT when handling a case is:

• A. Log, inform, maintain contacts, release information, follow up and reporting
• B. Log, inform, release information, maintain contacts, follow up and reporting
• C. Log, maintain contacts, inform, release information, follow up and reporting
• D. Log, maintain contacts, release information, inform, follow up and reporting

Answer: A

NEW QUESTION 16
Which policy recommends controls for securing and tracking organizational resources:

• A. Access control policy
• B. Administrative security policy
• C. Acceptable use policy
• D. Asset control policy

Answer: D

NEW QUESTION 17
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

• A. It helps calculating intangible losses to the organization due to incident
• B. It helps tracking individual actions and allows users to be personally accountable for their actions
• C. It helps in compliance to various regulatory laws, rules,and guidelines
• D. It helps in reconstructing the events after a problem has occurred

Answer: A

NEW QUESTION 18
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

• A. Threat-source motivation and capability
• B. Nature of the vulnerability
• C. Existence and effectiveness of the current controls
• D. All the above

Answer: D

NEW QUESTION 19
The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:

• A. Expert Witness
• B. Incident Analyzer
• C. Incident Responder
• D. Evidence Documenter

Answer: A

NEW QUESTION 20
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are defined:

• A. Identification Vulnerabilities
• B. Control analysis
• C. Threat identification
• D. System characterization

Answer: C

NEW QUESTION 21
The correct sequence of Incident Response and Handling is:

• A. Incident Identification, recording, initial response, communication and containment
• B. Incident Identification, initial response, communication, recording and containment
• C. Incident Identification, communication, recording, initial response and containment
• D. Incident Identification, recording, initial response, containment and communication

Answer: A

NEW QUESTION 22
......