USA: +1(669)289-8683 
Sign in
Saved
Unicode is a binary representation of characters that is compatible with ASCII but includes fewer characters overall.
Question
1
options:TrueFalse
Question
2
(5 points)
If you change the file extension for an image file to .txt, the contents of the file cannot be displayed and will become unusable.
Question 2 options:TrueFalse
Question 3 (5 points)
The bit pattern
0
1000011 can be used to represent a single ASII character, a base ten number, or a CPU instruction.
Question 3 options:TrueFalse
Question
4
(5 points)
A hexadecimal editor can be used to search a hard drive to find passwords or keywords occurring outside of files or inside files in file slack space.
Question 4 options:TrueFalse
Question 5 (5 points)
If the file signature does not match the file extension, the contents of the file cannot be displayed.
Question 5 options:TrueFalse
Question 6 (5 points)
How many ASCII characters can be stored in 32 bits?
Question 6 options:
0124
Question 7 (5 points)
How many hexadecimal digits are required to represent 32 bits of data?
Question 7 options:
04
8
16
Question 8 (5 points)
Which of the following file types contain images and/or graphics?
Question 8 options:
GIF
JPEG
MP4
PSD
All of the above.
GIF and JPEG only.
Question 9 (5 points)
Which of the following file extensions should contain executable code?
Question 9 options:
.cab, .cpl, and .scr
.app, .bat, and .cfg
.7z, .prf, and .ini
.pif, .vb, and .bat
Question 10 (5 points)
Which of the following types of drives can be used as a forensic boot device?
Question 10 options:
Floppy diskette drive (FDD)
Optical disc (CD-ROM, CDRW, DVD)
USB drive
Hard Disk Drive (HDD)
All of the listed choices.
Only FDD, DVD, and HDD can be used as forensic boot drives.
Question 11 (5 points)
A write blocker is a hardware device or software application used to prevent the operating system from changing the contents of a hard drive.
Question 11 options:TrueFalse
Question 12 (5 points)
Which of the following is not a standard BIOS function?
Question 12 options:
POST
CMOS Setup
Set Screen Saver Mode
Bootstrap Loader
Question 13 (5 points)
The Master Boot Record contains executable code, the disk signature, and the partition table for the disk.
Question 13 options:TrueFalse
Question 14 (5 points)
Which of the following is a valid signature word for an MBR?
Question 14 options:
0x55AA
0xAA
0x5A
0xAA55
Question 15 (5 points)
What is the length of the partition table in the MBR?
Question 15 options:
The partition table is not located in the MBR.
32 bytes
64 bytes
16 bytes
Question 16 (5 points)
POST is the last step in the boot process.
Question 16 options:TrueFalse
Question 17 (5 points)
In big Endianstorage schemes, the most significant byte of a data value is stored at the smallest address. In little Endian storage schemes, the least significant byte of a data value is stored at the smallest address.
Question 17 options:TrueFalse
Question 18 (5 points)
What does CHS refer to?
Question 18 options:
cylinder, head, sector
cluster, head, sector
the number of tracks required during low-level formatting
cluster, head, section
Question 19 (5 points)
FAT file systems have a variable number of bits per entry in the Master File Table.
Question 19 options:TrueFalse
Question 20 (5 points)
In a Microsoft Windows operating system, the last access times for files are accurate to within two milliseconds.
Question 20 options:TrueFalse
Question 21 (10 points)
Digital forensics labs should prepare specialized operating procedures for each case.
Question 21 options:TrueFalse
Question 22 (10 points)
Evidence tags are affixed to computer equipment and removable media upon receipt at the digital forensics lab. This ensures that evidence can be tracked using a chain of custody form.
Question 22 options:TrueFalse
Question 23 (10 points)
Organizations are required to properly preserve any and all forms of electronic media which can be reasonably anticipated to be relevant to current or future litigation.
Question 23 options:TrueFalse
Question 24 (10 points)
A corporate policy for digital forensics should address requirements found in which of the following laws?
Question 24 options:
Sarbanes-Oxley Act of 2002
Graham-Leach-Bliley Act (GLBA)
Economic Espionage Act of 1966
All of the above.
None of the above.
Question 25 (10 points)
Corporate audit procedures should be followed during cyber forensic investigations in cases where the subject is suspected of having committed financial fraud.
Question 25 options:TrueFalse
Question 26 (10 points)
Case management includes all of the following EXCEPT:
Question 26 options:
prioritizing and delegating administrative tasks among multiple digital investigators
controlling access to laboratory equipment and storage media used during forensic examinations
recording significant events which occur during an investigation
keeping track of items of evidence
Question 27 (10 points)
Evidence being shipped inter-city or across state lines should always be shipped in the airline’s cargo hold to protect against the risk of loss or theft during transfer.
Question 27 options:TrueFalse
Question 28 (10 points)
Which of the following is not a recommended method for verifying the analysis and results of a forensic examination?
Question 28 options:
Comparing cryptographic hash values for evidence files.
Comparing results obtained from multiple validated forensic tools.
Peer review
Managerial review
Question 29 (10 points)
Every digital forensics lab should have both a policy and a procedure regarding sanitization of media prior to use for forensic imaging.
Question 29 options:TrueFalse
Question 30 (10 points)
Which of the following is not a NIST mandated feature or capability of a forensic tool?
Question 30 options:
If there are unresolved errors reading from the digital source, the tool shall notify the user of the error type and location.
If there are unresolved errors reading from the digital source, the tool shall use a 0xFF fill pattern in the destination object in place of the inaccessible data.
The tool shall completely acquire all visible data sectors from the digital source.
Acquisition of all digital sectors from the digital source shall be accurate.
Question 31 (10 points)
What type of cryptography can be used to find and identify files containing child pornography?
Question 31 options:
MD5 or SHA-256 (Cryptographic Hashing)
Public Key Encryption
Symmetric Key Encryption (e.g. SSL)
S/MIME (Secure MIME)
Question 32 (10 points)
Polymorphic algorithms are used to hide or conceal malware from anti-virus programs.
Question 32 options:TrueFalse
Question 33 (10 points)
Steganography is used to hide a binary file or executable inside an Unicode encoded text file.
Question 33 options:TrueFalse
Question 34 (10 points)
In a FAT file system, files can be hidden or concealed by setting the “archive” bit in the file’s directory entry.
Question 34 options:TrueFalse
Question 35 (10 points)
The Windows swap file contains what type of data?
Question 35 options:
an exact copy of designated sectors of the system disk
anything stored in RAM
anything stored in the CPU cache buffers
anything written to the system disk
Question 36 (10 points)
Forensic examiners should always collect and analyze file slack space and unallocated disk sectors because both can contain remnants of data from events which took place many years ago.
Question 36 options:TrueFalse
Question 37 (10 points)
It is very easy to hide inappropriate or illegal files within plain sight by changing the file name extension.
Question 37 options:TrueFalse
Question 38 (10 points)
Which registry file contains settings and history information for individual user accounts?
Question 38 options:
NTUSER.DAT
SOFTWARE
SAM
SYSTEM
Question 39 (10 points)
Which registry file will contain the names of all installed software applications?
Question 39 options:
SOFTWARESYSTEMNTUSER.DATSAM
Question 40 (10 points)
System log files contain entries for events which occur on a system. These files contain a trustworthy timeline of events because once an entry has been made it cannot be changed or deleted.
Question 40 options:TrueFalse
Question 41 (10 points)
What is presumption of innocence?
Question 41 options:
Presumption of innocence is a best practice in forensic examinations which requires that examiners assume that a computer system was not used in the commission of a crime unless and until proven otherwise.
Presumption of innocence is a principle of the US legal system which holds that individuals are innocent until proven guilty. This principle guides forensic report writing.
Presumption of innocence is a legal principle which holds that victims of a crime are innocent of collusion and/or cooperation with the perpetrators of the crime. This principle guides all forensic interviews.
None of the listed choices provides an acceptable definition of the term presumption of innocence.
Question 42 (10 points)
Evidence may be deemed hearsayif the speaker, author, or creator is not present in court to verify its truthfulness.
Question 42 options:TrueFalse
Question 43 (10 points)
Which of the following types of evidence is/are a permissible exception to the hearsay rule?
Question 43 options:
business records meeting certain criteria established by courts
email messages recovered pursuant to a search warrant
MS Word documents containing accurate notes from a business meeting
Internet chat session log files
All of the listed choices are admissible forms of hearsay evidence.
Question 44 (10 points)
Expert forensic examiners can reliably and accurately determine the level of certainty which should be assigned to their findings.
Question 44 options:TrueFalse
Question 45 (10 points)
The “
Frye
test” for evidence admissibility was based upon which of the following?
Question 45 options:
The method used to collect and preserve the evidence was reviewed and assessed by the courts and the defense attorneys.
The method used to collect and preserve the evidence was generally accepted by the scientific community most qualifiedto assess the evidence collection techniques.
The evidence collection technique can be assessed and reviewed by a panel of experts.
There is a documented and well known error rate for the collection techniques used to obtain the evidence.
Question 46 (10 points)
An expert witness must be qualified as an expert by the court prior to being allowed to testify before a jury. The qualification process examines which of the following?
Question 46 options:
ability to explain the technical aspects of the case in plain English for the benefit of the jury.
None of the listed choices are correct.
reputation, certifications, and years of experience in the field.
knowledge, skills, experience, training, and/or education.
Question 47 (10 points)
In
Daubert
vs. Merrell Dow Phrmaceuticals, the US Supreme Court held that in order to be admissible, expert witness testimony must be based upon reliable, scientifically valid techniques or theories.
Question 47 options:TrueFalse
Question 48 (10 points)
Opposing attorneys are allowed to use Internet records, including public postings obtained from mailing lists or social media, to question the qualifications or integrity of an expert witness.
Question 48 options:TrueFalse
Question 49 (10 points)
Saved
A/an ____________ attack is an attempt to discredit the testimony of an expert witness by calling into question the reliability and validity of the tools used to conduct a forensic examination.
Question 49 options:
DaubertFrye
Junk Science
Technical
Question 50 (10 points)
A chain of custody document assures continuous availability of an item of evidence. This availability is important because, if not properly maintained, the evidence may be inadmissible in court.
Question 50 options:TrueFalse
Save All ResponsesSubmit Quiz2 of 50 questions saved
Internet connection lost. No longer saving answers…
Internet connection restored! Saving all answers…
