Assume there is a file named myfile.txt in C: drive that contains hidden data streams. Which of the following commands would you issue to display the contents of a data stream?

C:\>ECHO text_message > myfile.txt:stream1

echo text > program:source_file

Fred, a cybercrime investigator for the FBI, finished storing a solid-state drive in a static resistant bag and filled out the chain of custody form. Two days later, John grabbed the solid-state drive and created a clone of it (with write blockers enabled) in order to investigate the drive. He did not document the chain of custody though. When John was finished, he put the solid-state drive back in the static resistant and placed it back in the evidence locker. A day later, the court trial began and upon presenting the evidence and the supporting documents, the chief justice outright rejected them. Which of the following statements strongly support the reason for rejecting the evidence?

John did not document the chain of custody

John investigated the clone instead of the original evidence itself

Write blockers were used while cloning the evidence

Block clones cannot be created with solid-state drives

William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000] "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?

The combined log format of Apache access log

The common log format of Apache access log

Which of the following is a requirement for senders as per the CAN-SPAM act?

Senders cannot use misleading or false header information

Emails must not contain information regarding how to stop receiving emails from the sender in future

Senders should never share their physical postal address in the email

Senders must use deceptive subject lines

Place the following in order of volatility from most volatile to the least volatile.

Registers and cache, routing tables, temporary file systems, archival media, disk storage

Archival media, temporary file systems, disk storage, archival media, register and cache

Registers and cache, routing tables, temporary file systems, disk storage, archival media

Register and cache, temporary file systems, routing tables, disk storage, archival media

Edgar is part of the FBI's forensic media and malware analysis team; he is analyzing a current malware and is conducting a thorough examination of the suspect system, network, and other connected devices. Edgar's approach is to execute the malware code to know how it interacts with the host system and its impacts on it. He is also using a virtual machine and a sandbox environment. What type of malware analysis is Edgar performing?

Dynamic malware analysis/behavioral analysis

CF Quiz 4

Quiz

•

Computers

•

Professional Development

•

Practice Problem

•

Hard

Om Das

Used 1+ times

FREE Resource

Student preview

30 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives. What RAID level is represented here?

RAID Level 0

RAID Level 1

RAID Level 5

RAID Level 3

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An investigator is checking a Cisco firewall log that reads as follows: Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to 10.0.0.33 on interface outside. What does %ASA-1-106021 denote?

Type of request

Mnemonic message

Firewall action

Type of traffic

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A forensic examiner encounters a computer with a failed OS installation and the master boot record (MBR) or partition sector damaged. Which of the following tools can find and restore files and information in the disk?

Wireshark

Helix

R-Studio

NetCat

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

"To ensure that the digital evidence is collected, preserved, examined, or transferred in a manner safeguarding the accuracy and reliability of the evidence, law enforcement, and forensics organizations must establish and maintain an effective quality system" is a principle established by:

NCIS

EC-Council

NIST

SWGDE

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Jacob, a cybercrime investigator, joined a forensics team to participate in a criminal case involving digital evidence. After the investigator collected all the evidence and presents it to the court, the judge dropped the case and the defense attorney pressed charges against Jacob and the rest of the forensics team for unlawful search and seizure. What forensics privacy issue was not addressed prior to collecting the evidence?

None of these

Compliance with the Third Amendment of the U.S. Constitution

Compliance with the Fourth Amendment of the U.S. Constitution

Compliance with the Second Amendment of the U.S. Constitution

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

While collecting active transaction logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, what does assigning NULL values imply?

Start and end points for log sequence numbers are zero

Start and end points for log files are zero

Start and end points for log sequence numbers are not specified

Start and end points for log files are not specified

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

For the purpose of preserving the evidentiary chain of custody, which of the following labels is not appropriate?

General description of the evidence

SSN of the person collecting the evidence

Exact location the evidence was collected from

Relevant circumstances surrounding the collection

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

100 questions

Screening Test Customer Service

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

CF Quiz 4

30 questions

Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives. What RAID level is represented here?

An investigator is checking a Cisco firewall log that reads as follows: Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to 10.0.0.33 on interface outside. What does %ASA-1-106021 denote?

A forensic examiner encounters a computer with a failed OS installation and the master boot record (MBR) or partition sector damaged. Which of the following tools can find and restore files and information in the disk?

"To ensure that the digital evidence is collected, preserved, examined, or transferred in a manner safeguarding the accuracy and reliability of the evidence, law enforcement, and forensics organizations must establish and maintain an effective quality system" is a principle established by:

While collecting active transaction logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, what does assigning NULL values imply?

For the purpose of preserving the evidentiary chain of custody, which of the following labels is not appropriate?

Frank, a cloud administrator in his company, needs to take backup of the OS disks of two Azure VMs that store business-critical data. Which type of Azure blob storage can he use for this purpose?

Which of the following is the most effective tool for acquiring volatile data from a Windows-based system?

Which of the following malware targets Android mobile devices and installs a backdoor that remotely installs applications from an attacker-controlled server?

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Computers