cmit quiz digital

cmit quiz digital

Question 1 (5 points)

Unicode is a binary representation of characters that is compatible with ASCII but includes fewer characters overall.

Question 1 options:

Question 2 (5 points)

If you change the file extension for an image file to .txt, the contents of the file cannot be displayed and will become unusable.

Question 2 options:

Question 3 (5 points)

The bit pattern 01000011 can be used to represent a single ASII character, a base ten number, or a CPU instruction.

Question 3 options:

Question 4 (5 points)

A hexadecimal editor can be used to search a hard drive to find passwords or keywords occurring outside of files or inside files in file slack space.

Question 4 options:

Question 5 (5 points)

If the file signature does not match the file extension, the contents of the file cannot be displayed.

Question 5 options:

Question 6 (5 points)

How many ASCII characters can be stored in 32 bits?

Question 6 options:

0

1

2

4

Question 7 (5 points)

How many hexadecimal digits are required to represent 32 bits of data?

Question 7 options:

0

4

8

16

Question 8 (5 points)

Which of the following file types contain images and/or graphics?

Question 8 options:

GIF

JPEG

MP4

PSD

All of the above.

GIF and JPEG only.

Question 9 (5 points)

Which of the following file extensions should contain executable code?

Question 9 options:

.cab, .cpl, and .scr

.app, .bat, and .cfg

.7z, .prf, and .ini

.pif, .vb, and .bat

Question 10 (5 points)

Which of the following types of drives can be used as a forensic boot device?

Question 10 options:

Floppy diskette drive (FDD)

Optical disc (CD-ROM, CDRW, DVD)

USB drive

Hard Disk Drive (HDD)

All of the listed choices.

Only FDD, DVD, and HDD can be used as forensic boot drives.

Question 11 (5 points)

A write blocker is a hardware device or software application used to prevent the operating system from changing the contents of a hard drive.

Question 11 options:

Question 12 (5 points)

Which of the following is not a standard BIOS function?

Question 12 options:

Set Screen Saver Mode

CMOS Setup

POST

Bootstrap Loader

Question 13 (5 points)

The Master Boot Record contains executable code, the disk signature, and the partition table for the disk.

Question 13 options:

Question 14 (5 points)

Which of the following is a valid signature word for an MBR?

Question 14 options:

0x5A

0xAA

0x55AA

0xAA55

Question 15 (5 points)

What is the length of the partition table in the MBR?

Question 15 options:

The partition table is not located in the MBR.

32 bytes

64 bytes

16 bytes

Question 16 (5 points)

POST is the last step in the boot process.

Question 16 options:

Question 17 (5 points)

In big Endian storage schemes, the most significant byte of a data value is stored at the smallest address. In little Endian storage schemes, the least significant byte of a data value is stored at the smallest address.

Question 17 options:

Question 18 (5 points)

What does CHS refer to?

Question 18 options:

cluster, head, sector

cluster, head, section

cylinder, head, sector

the number of tracks required during low-level formatting

Question 19 (5 points)

FAT file systems have a variable number of bits per entry in the Master File Table.

Question 19 options:

Question 20 (5 points)

In a Microsoft Windows operating system, the last access times for files are accurate to within two milliseconds.

Question 20 options:

Question 21 (10 points)

Digital forensics labs should prepare specialized operating procedures for each case.

Question 21 options:

Question 22 (10 points)

Evidence tags are affixed to computer equipment and removable media upon receipt at the digital forensics lab. This ensures that evidence can be tracked using a chain of custody form.

Question 22 options:

Question 23 (10 points)

Organizations are required to properly preserve any and all forms of electronic media which can be reasonably anticipated to be relevant to current or future litigation.

Question 23 options:

Question 24 (10 points)

A corporate policy for digital forensics should address requirements found in which of the following laws?

Question 24 options:

Sarbanes-Oxley Act of 2002

Graham-Leach-Bliley Act (GLBA)

Economic Espionage Act of 1966

All of the above.

None of the above.

Question 25 (10 points)

Corporate audit procedures should be followed during cyber forensic investigations in cases where the subject is suspected of having committed financial fraud.

Question 25 options:

Question 26 (10 points)

Case management includes all of the following EXCEPT:

Question 26 options:

recording significant events which occur during an investigation

prioritizing and delegating administrative tasks among multiple digital investigators

keeping track of items of evidence

controlling access to laboratory equipment and storage media used during forensic examinations

Question 27 (10 points)

Evidence being shipped inter-city or across state lines should always be shipped in the airline’s cargo hold to protect against the risk of loss or theft during transfer.

Question 27 options:

Question 28 (10 points)

Which of the following is not a recommended method for verifying the analysis and results of a forensic examination?

Question 28 options:

Comparing cryptographic hash values for evidence files.

Comparing results obtained from multiple validated forensic tools.

Peer review

Managerial review

Question 29 (10 points)

Every digital forensics lab should have both a policy and a procedure regarding sanitization of media prior to use for forensic imaging.

Question 29 options:

Question 30 (10 points)

Which of the following is not a NIST mandated feature or capability of a forensic tool?

Question 30 options:

The tool shall completely acquire all visible data sectors from the digital source.

If there are unresolved errors reading from the digital source, the tool shall use a 0xFF fill pattern in the destination object in place of the inaccessible data.

Acquisition of all digital sectors from the digital source shall be accurate.

If there are unresolved errors reading from the digital source, the tool shall notify the user of the error type and location.

Question 31 (10 points)

What type of cryptography can be used to find and identify files containing child pornography?

Question 31 options:

MD5 or SHA-256 (Cryptographic Hashing)

Public Key Encryption

Symmetric Key Encryption (e.g. SSL)

S/MIME (Secure MIME)

Question 32 (10 points)

Polymorphic algorithms are used to hide or conceal malware from anti-virus programs.

Question 32 options:

Question 33 (10 points)

Steganography is used to hide a binary file or executable inside an Unicode encoded text file.

Question 33 options:

Question 34 (10 points)

In a FAT file system, files can be hidden or concealed by setting the “archive” bit in the file’s directory entry.

Question 34 options:

Question 35 (10 points)

The Windows swap file contains what type of data?

Question 35 options:

anything stored in the CPU cache buffers

anything stored in RAM

anything written to the system disk

an exact copy of designated sectors of the system disk

Question 36 (10 points)

Forensic examiners should always collect and analyze file slack space and unallocated disk sectors because both can contain remnants of data from events which took place many years ago.

Question 36 options:

Question 37 (10 points)

It is very easy to hide inappropriate or illegal files within plain sight by changing the file name extension.

Question 37 options:

Question 38 (10 points)

Which registry file contains settings and history information for individual user accounts?

Question 38 options:

SYSTEM

NTUSER.DAT

SOFTWARE

SAM

Question 39 (10 points)

Which registry file will contain the names of all installed software applications?

Question 39 options:

SAM

SYSTEM

SOFTWARE

NTUSER.DAT

Question 40 (10 points)

System log files contain entries for events which occur on a system. These files contain a trustworthy timeline of events because once an entry has been made it cannot be changed or deleted.

Question 40 options:

Question 41 (10 points)

What is presumption of innocence?

Question 41 options:

Presumption of innocence is a best practice in forensic examinations which requires that examiners assume that a computer system was not used in the commission of a crime unless and until proven otherwise.

Presumption of innocence is a principle of the US legal system which holds that individuals are innocent until proven guilty. This principle guides forensic report writing.

None of the listed choices provides an acceptable definition of the term presumption of innocence.

Presumption of innocence is a legal principle which holds that victims of a crime are innocent of collusion and/or cooperation with the perpetrators of the crime. This principle guides all forensic interviews.

Question 42 (10 points)

Evidence may be deemed hearsay if the speaker, author, or creator is not present in court to verify its truthfulness.

Question 42 options:

Question 43 (10 points)

Which of the following types of evidence is/are a permissible exception to the hearsay rule?

Question 43 options:

business records