7140546
Beschreibung
Quiz von Joey Rubino, aktualisiert more than 1 year ago
|
Erstellt von Joey Rubino
vor fast 8 Jahre
|
|
Frage 1
Frage
The first 3 bytes of an XIF file are exactly the same as a TIF file.
Antworten
- True
- False
Frage 2
Frage
Graphics files are created and saved in a graphics editor, such as Microsoft Paint, Adobe Freehand MX, Adobe Photoshop, or Gnome GIMP.
Antworten
- True
- False
Frage 3
Frage
Most digital cameras use the bitmap format to store photos.
Antworten
- True
- False
Frage 4
Frage
When you decompress data that uses a lossy compression algorithm, you regain data lost by compression.
Antworten
- True
- False
Frage 5
Frage
Each graphics file type has a unique header value.
Antworten
- True
- False
Frage 6
Frage
How many bits are required to create a pixel capable of displaying 65,536 different colors?
Antworten
-
8
-
16
-
32
-
64
Frage 7
Frage
Which of the following is not considered to be a non-standard graphics file format?
Antworten
-
.dxf
-
.tga
-
.rtl
-
.psd
Frage 8
Frage
All TIF files start at offset 0 with what 6 hexadecimal characters?
Antworten
-
2A 49 48
-
FF 26 9B
-
49 49 2A
-
AC 49 2A
Frage 9
Frage
What kind of graphics file combines bitmap and vector graphics types?
Antworten
-
metafile
-
bitmap
-
jpeg
-
tif
Frage 10
Frage
The process of converting raw picture data to another format is called _________________.
Antworten
-
splicing
-
carving
-
demosaicing
-
vector quantization
Frage 11
Frage
What format was developed as a standard for storing metadata in image files?
Antworten
-
jpeg
-
tif
-
exif
-
bitmap
Frage 12
Frage
Which of the following formats is not considered to be a standard graphics file format?
Antworten
-
gif
-
jpeg
-
dxf
-
tga
Frage 13
Frage
Select below the utility that is not a lossless compression utility:
Antworten
-
PKZip
-
WinZip
-
StuffIt
-
Lzip
Frage 14
Frage
In simple terms, _____________ compression discards bits in much the same way rounding off decimal values discards numbers.
Antworten
-
Huffman
-
Lempel-Ziv-Welch (LZW)
-
Vector Quantization
-
Adaptive Quantization
Frage 15
Frage
What file type starts at offset 0 with a hexidecimal value of FFD8?
Antworten
-
tiff
-
jpeg
-
xdg
-
bmp
Frage 16
Frage
How many different colors can be displayed by a 24 bit colored pixel?
Antworten
-
256
-
65,536
-
16,777,216
-
4,294,967,296
Frage 17
Frage
The _____________ format is a proprietary format used by Adobe Photoshop.
Antworten
-
.tga
-
.fh11
-
.svg
-
.psd
Frage 18
Frage
For EXIF JPEG files, the hexadecimal value starting at offset 2 is _____________.
Antworten
-
FFE0
-
FFE1
-
FFD8
-
FFD9
Frage 19
Frage
Referred to as a digital negative, the _______ is typically used on many higher-end digital cameras.
Antworten
-
raster file format
-
bitmap file format
-
jpeg file format
-
raw file format
Frage 20
Frage
The Lempel-Ziv-Welch (LZW) algorithm is used in _____________ compression.
Antworten
-
lossy
-
lossless
-
vector quantization
-
adaptive
Frage 21
Frage
For all JPEG files, the ending hexadecimal marker, also known as the end of image (EOI), is ____________.
Antworten
-
FFE0
-
FFD8
-
FFD9
-
FFFF
Frage 22
Frage
Which graphics file format below is rarely compressed?
Antworten
-
GIF
-
JPEG
-
BMP
-
None of the above
Frage 23
Frage
When looking at a byte of information in binary, such as 11101100, what is the first bit on the left referred to as?
Antworten
-
major significant bit (MSB)
-
least significant bit (LSB)
-
most significant bit (MSB)
-
leading significant bit (LSB)
Frage 24
Frage
What act defines precisely how copyright laws pertain to graphics?
Antworten
-
1988 Image Ownership Act
-
1976 Copyright Act
-
1923 Patented Image Act
-
1976 Computer Fraud and Abuse Act
Frage 25
Frage
Which of the following is not a type of graphic file that is created by a graphics program?
Antworten
-
bitmap images
-
vector graphics
-
metafile graphics
-
raster graphics
Frage 26
Frage
Because attorneys do not have the right of full discovery of digital evidence, it is not possible for new evidence to come to light while complying with a defense request for full discovery.
Antworten
- True
- False
Frage 27
Frage
One of the most critical aspects of digital forensics is validating digital evidence because ensuring the integrity of data you collect is essential for presenting evidence in court.
Antworten
- True
- False
Frage 28
Frage
The advantage of recording hash values is that you can determine whether data has changed.
Antworten
- True
- False
Frage 29
Frage
In private sector cases, like criminal and civil cases, the scope is always defined by a search warrant.
Antworten
- True
- False
Frage 30
Frage
Advanced hexadecimal editors offer many features not available in digital forensics tools, such as hashing specific files or sectors.
Antworten
- True
- False
Frage 31
Frage
What format below is used for VMware images?
Antworten
-
.vhd
-
.vmdk
-
.s01
-
.aff
Frage 32
Frage
In which file system can you hide data by placing sensitive or incriminating data in free or slack space on disk partition clusters?
Antworten
-
NTFS
-
FAT
-
HFSX
-
Ext3fs
Frage 33
Frage
Which password recovery method uses every possible letter, number, and character found on a keyboard?
Antworten
-
rainbow table
-
dictionary attack
-
hybrid attack
-
brute-force attack
Frage 34
Frage
The goal of recovering as much information as possible can result in ________________, in which an investigation expands beyond the original description because of unexpected evidence found.
Antworten
-
litigation
-
scope creep
-
criminal charges
-
violations
Frage 35
Frage
Which of the following file systems can't be analyzed by OSForensics?
Antworten
-
FAT12
-
Ext2fs
-
HFS+
-
XFS
Frage 36
Frage
In Windows, the ______________ command can be used to both hide and reveal partitions within Explorer.
Antworten
-
format
-
fdisk
-
grub
-
diskpart
Frage 37
Frage
Select the tool below that does not use dictionary attacks or brute force attacks to crack passwords:
Antworten
-
Last Bit
-
AccessData PRTK
-
OSForensics
-
Passware
Frage 38
Frage
Within Windows Vista and later, partition gaps are _____________ bytes in length.
Antworten
-
64
-
128
-
256
-
512
Frage 39
Frage
Which option below is not a disk management tool?
Antworten
-
Partition Magic
-
Partition Master
-
GRUB
-
HexEdit
Frage 40
Frage
Typically, anti-virus tools run hashes on potential malware files, but some advanced malware uses ________________ as a way to hide its malicious code from antivirus tools.
Antworten
-
hashing
-
bit-shifting
-
registry edits
-
slack space
Frage 41
Frage
A user with programming experience may use an assembler program (also called a __________ ) on a file to scramble bits, in order to secure the information contained inside.
Antworten
-
compiler
-
shifter
-
macro
-
script
Frage 42
Frage
What letter should be typed into DiskEdit in order to mark a good sector as bad?
Antworten
-
M
-
B
-
T
-
D
Frage 43
Frage
Many commercial encryption programs use a technology called _____________, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.
Antworten
-
key vault
-
key escrow
-
bump key
-
master key
Frage 44
Frage
What technique is designed to reduce or eliminate the possibility of a rainbow table being used to discover passwords?
Antworten
-
salted passwords
-
scrambled passwords
-
indexed passwords
-
master passwords
Frage 45
Frage
When performing a static acquisition, what should be done after the hardware on a suspect's computer has been inventoried and documented?
Antworten
-
Inventory and documentation information should be stored on a drive and then the drive should be reformatted.
-
Start the suspect's computer and begin collecting evidence.
-
The hard drive should be removed, if practical, and the system's date and time values should be recorded from the system's CMOS.
-
Connect the suspect's computer to the local network so that up to date forensics utilities can be utilized.
Frage 46
Frage
In order to aid a forensics investigation, a hardware or software ______________ can be utilized to capture keystrokes remotely.
Antworten
-
keygrabber
-
keylogger
-
packet capture
-
protocol analyzer
Frage 47
Frage
The AccessData program has a hashing database, ________________, which is available only with FTK, and can be used to filter known program files from view and contains the hash values of known illegal files.
Antworten
-
DeepScan Filter
-
Unknown File Filter (UFF)
-
Known File Filter (KFF)
-
FTK Hash Imager
Frage 48
Frage
The term for detecting and analyzing steganography files is _________________.
Antworten
-
carving
-
steganology
-
steganalysis
-
steganomics
Frage 49
Frage
A ____________ image file containing software is intended to be bit-stream copied to floppy disks or other external media.
Antworten
-
fdisk
-
format
-
dd
-
DiskEdit
Frage 50
Frage
The _______________________ maintains a national database of updated file hash values for a variety of OSs, applications, and images, but does not list hash values of known illegal files.
Antworten
-
Open Hash Database
-
HashKeeper Online
-
National Hashed Software Reference
-
National Software Reference Library
Frage 51
Frage
Type 2 hypervisors are typically loaded on servers or workstations with a lot of RAM and storage.
Antworten
- True
- False
Frage 52
Frage
Forensics tools can't directly mount VMs as external drives.
Antworten
- True
- False
Frage 53
Frage
The capability of type 1 hypervisors is limited only by the amount of available RAM, storage, and throughput.
Antworten
- True
- False
Frage 54
Frage
The Honeynet Project was developed to make information widely available in an attempt to thwart Internet and network attackers.
Antworten
- True
- False
Frage 55
Frage
The Sysinternals Handle utility shows only file system activity, but does not show what processes are using files on the file system.
Antworten
- True
- False
Frage 56
Frage
What virtual machine software supports all Windows and Linux OSs as well as Macintosh and Solaris, and is provided as shareware?
Antworten
-
KVM
-
Parallels
-
Microsoft Virtual PC
-
VirtualBox
Frage 57
Frage
The __________ disk image file format is associated with the VirtualBox hypervisor.
Antworten
-
.vmdk
-
.hda
-
.vhd
-
.vdi
Frage 58
Frage
What Windows Registry key contains associations for file extensions?
Antworten
-
HKEY_CLASSES_ROOT
-
HKEY_USERS
-
HKEY_LOCAL_MACHINE
-
HKEY_CURRENT_CONFIG
Frage 59
Frage
In VirtualBox, ____________ different types of virtual network adapters are possible, such as AMD and Intel Pro adapters
Antworten
-
2
-
4
-
6
-
8
Frage 60
Frage
The SANS Investigative Forensics Toolkit (SIFT) appliance can currently only be installed on what version of Ubuntu?
Antworten
-
12.04
-
13.11
-
14.04
-
14.11
Frage 61
Frage
Select below the option that is not a common type 1 hypervisor:
Antworten
-
VMware vSphere
-
Microsoft Hyper-V
-
Citirix XenServer
-
Oracle VirtualBox
Frage 62
Frage
The NSA's defense in depth (DiD) strategy contains three modes of protection. Which option below is not one of the three modes?
Antworten
-
People
-
Technology
-
Operations
-
Management
Frage 63
Frage
The _______________ command line program is a common way of examining network traffic, which provides records of network activity while it is running, and produce hundreds or thousands of records.
Antworten
-
netstat
-
ls
-
ifconfig
-
tcpdump
Frage 64
Frage
Select below the program within the PsTools suite that allows you to run processes remotely:
Antworten
-
PsService
-
PsPasswd
-
PsRemote
-
PsExec
Frage 65
Frage
The tcpdump and Wireshark utilities both use what well known packet capture format?
Antworten
-
Netcap
-
Pcap
-
Packetd
-
RAW
Frage 66
Frage
The ___________________ is a good tool for extracting information from large Libpcap files; you simply specify the time frame you want to examine.
Antworten
-
Tcpdstat
-
Tcpslice
-
Ngrep
-
tcpdump
Frage 67
Frage
The _____________________ tool is an updated version of BackTrack, and contains more than 300 tools, such as password crackers, network sniffers, and freeware forensics tools.
Antworten
-
Kali Linux
-
Ubuntu
-
OSForensics
-
Sleuth Kit
Frage 68
Frage
In Windows, what PowerShell cmdlet can be used in conjunction with Get-VM to display a virtual machine's network adapters?
Antworten
-
Show-NetworkAdapters
-
Query-ipconfig
-
Get-VMNetworkAdapter
-
Dump-Netconfig
Frage 69
Frage
What file type below, associated with VMWare, stores VM paging files that are used as RAM for a virtual machine?
Antworten
-
.nvram
-
.vmem
-
.vmpage
-
.vmx
Frage 70
Frage
What processor instruction set is required in order to utilize virtualization software?
Antworten
-
AMD-VT
-
Intel VirtualBit
-
Virtual Machine Extensions (VMX)
-
Virtual Hardware Extensions (VHX)
Frage 71
Frage
Select the file below that is used in VirtualBox to create a virtual machine:
Antworten
-
.vdi
-
.vbox
-
.r0
-
.ova
Frage 72
Frage
The __________________ is the version of Pcap available for Linux based operating systems.
Antworten
-
Winpcap
-
Libpcap
-
Tcpcap
-
Netcap
Frage 73
Frage
What utility is best suited to examine e-mail headers or chat logs, or network communication between worms and viruses?
Antworten
-
tcpdump
-
Argus
-
Ngrep
-
Tcpslice
Frage 74
Frage
At what layers of the OSI model do most packet analyzers function?
Antworten
-
Layer 1 or 2
-
Layer 2 or 3
-
Layer 3 or 4
-
Layer 4 or 5
Frage 75
Frage
In a __________ attack, the attacker keeps asking your server to establish a connection, with the intent of overloading a server with established connections.
Antworten
-
smurf
-
SYN flood
-
spoof
-
ghost
Frage 76
Frage
The DomainKeys Identified Mail service is a way to verify the names of domains a message is flowing through and was developed as a way to cut down on spam.
Antworten
- True
- False
Frage 77
Frage
The Pagefile.sys file on a computer can contain message fragments from instant messaging applications.
Antworten
- True
- False
Frage 78
Frage
In an e-mail address, everything before the @ symbol represents the domain name.
Antworten
- True
- False
Frage 79
Frage
Committing crimes with e-mail is uncommon, and investigators are not generally tasked with linking suspects to e-mail.
Antworten
- True
- False
Frage 80
Frage
An Internet e-mail server is generally part of a local network, and is maintained and managed by an administrator for internal use by a specific company.
Antworten
- True
- False
Frage 81
Frage
What command below could be used on a UNIX system to help locate log directories?
Antworten
-
show log
-
detail
-
search
-
find
Frage 82
Frage
The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.
Antworten
-
fixmail.exe
-
scanpst.exe
-
repairpst.exe
-
rebuildpst.exe
Frage 83
Frage
E-mail administrators may make use of _________________, which overwrites a log file when it reaches a specified size or at the end of a specified time frame.
Antworten
-
log recycling
-
circular logging
-
log purging
-
log cycling
Frage 84
Frage
Syslog is generally configured to put all e-mail related log information into what file?
Antworten
-
/usr/log/mail.log
-
/var/log/messages
-
/proc/mail
-
/var/log/maillog
Frage 85
Frage
What kind of files are created by Exchange while converting binary data to readable text in order to prevent loss of data?
Antworten
-
.txt
-
.tmp
-
.exe
-
.log
Frage 86
Frage
On a UNIX system, where is a user's mail stored by default?
Antworten
-
/var/mail
-
/var/log/mail
-
/username/mail
-
/home/username/mail
Frage 87
Frage
Where does the Postfix UNIX mail server store e-mail?
Antworten
-
/home/username/mail
-
/var/mail/postfix
-
/var/spool/postfix
-
/etc/postfix
Frage 88
Frage
One of the most noteworthy e-mail scams was 419, otherwise known as the _______________.
Antworten
-
Nigerian Scam
-
Lake Venture Scam
-
Conficker virus
-
Iloveyou Scam
Frage 89
Frage
What information is not typically included in an e-mail header?
Antworten
-
The sender's physical location
-
The originating IP address
-
The unique ID of the e-mail
-
The originating domain
Frage 90
Frage
In older versions of exchange, what type of file was responsible for messages formatted with Messaging Application Programming Interface, and served as the database file?
Antworten
-
.ost
-
.edp
-
.edb
-
.edi
Frage 91
Frage
What type of Facebook profile is usually only given to law enforcement with a warrant?
Antworten
-
private profile
-
advanced profile
-
basic profile
-
Neoprint profile
Frage 92
Frage
Which option below is the correct path to the sendmail configuration file?
Antworten
-
/var/etc/sendmail.cf
-
/var/mail/sendmail.cf
-
/usr/local/sendmail.cf
-
/etc/mail/sendmail.cf
Frage 93
Frage
In what state is sending unsolicited e-mail illegal?
Antworten
-
Florida
-
Washington
-
Maine
-
New York
Frage 94
Frage
What service below can be used to map an IP address to a domain name, and then find the domain name's point of contact?
Antworten
-
iNet
-
ARIN
-
Google
-
ERIN
Frage 95
Frage
Which e-mail recovery program below can recover files from VMware and VirtualPC virtual machines, as well as ISOs and other types of file backups?
Antworten
-
Fookes Aid4mail
-
DataNumen Outlook Repair
-
EnCase Forensics
-
AccessData FTK
Frage 96
Frage
Exchange uses an Exchange database and is based on the _______________________, which uses several files in different combinations to provide e-mail service.
Antworten
-
Microsoft Mail Storage Engine (MSE)
-
Microsoft Stored Mail Extensions (SME)
-
Microsoft Extended Mail Storage (EMS)
-
Microsoft Extensible Storage Engine (ESE)
Frage 97
Frage
The Suni Munshani v. Signal Lake Venture Fund II, LP et al case is an example of a case that involves e-mail ____________.
Antworten
-
destruction
-
spamming
-
spoofing
-
theft
Frage 98
Frage
In order to retrieve logs from exchange, the PowerShell cmdlet _______________________ can be used.
Antworten
-
GetExchangeLogs.ps1
-
GetLogInfo.ps1
-
ShowExchangeHistory.ps1
-
GetTransactionLogStats.ps1
Frage 99
Frage
Select the program below that can be used to analyze mail from Outlook, Thunderbird, and Eudora.
Antworten
-
AccessData FTK
-
DataNumen
-
R-Tools R-Mail
-
Fookes Aid4Mail
Frage 100
Frage
Which service below does not put log information into /var/log/maillog?
Antworten
-
SMTP
-
Exchange
-
IMAP
-
POP
Frage 101
Frage
What frequencies can be used by GSM with the TDMA technique?
Antworten
-
1200 to 1500 MHz
-
2.4 GHz to 5.0 GHz
-
600 to 1000 MHz
-
800 to 1000 MHz
Frage 102
Frage
What digital network technology is a digital version of the original analog standard for cell phones?
Antworten
-
GSM
-
CDMA
-
iDEN
-
D-AMPS
Frage 103
Frage
The _______________ component is made up of radio transceiver equipment that defines cells and communicates with mobile phones; sometimes referred to as a "cell phone tower".
Antworten
-
Base station controller (BSC)
-
Mobile switching center (MSC)
-
Base transceiver controller (BTC)
-
Base transceiver station (BTS)
Frage 104
Frage
What organization is responsible for the creation of the requirements for carriers to be considered 4G?
Antworten
-
IEEE
-
ITU-R
-
ISO
-
TIA
Frage 105
Frage
Nonvolatile memory on a mobile device can contain OS files and stored user data, such as a __________________ and backed-up files.
Antworten
-
Professional Data Holder
-
Personal Assistant Organizer
-
Personal Data Manager
-
Personal Information Manager
Frage 106
Frage
The ___________________ technology is designed for GSM and Universal Mobile Telecommunications Systems (UMTS) technology, supports 45 Mbps to 144 Mbps transmission speeds.
Antworten
-
WiMAX
-
LTE
-
MIMO
-
UMB
Frage 107
Frage
Which of the NIST guidelines below requires using a modified boot loader to access RAM for analysis?
Antworten
-
Chip-off
-
Manual extraction
-
Hex dumping
-
Micro read
Frage 108
Frage
GSM refers to mobile phones as "mobile stations" and divides a station into two parts, the __________ and the mobile equipment (ME).
Antworten
-
antenna
-
SIM card
-
radio
-
transceiver
Frage 109
Frage
What digital network technology was developed during World War II?
Antworten
-
TDMA
-
CDMA
-
GSM
-
iDEN
Frage 110
Frage
What type of mobile forensics method listed by NIST guidelines involves looking at a device's content page by page and taking pictures?
Antworten
-
Manual extraction
-
Chip-off
-
Micro read
-
Logical extraction
Frage 111
Frage
What method below is not an effective method for isolating a mobile device from receiving signals?
Antworten
-
placing the device into a plastic evidence bag
-
placing the device into a paint can, preferably one previously containing radio-wave blocking paint
-
placing the device into airplane mode
-
turning the device off
Frage 112
Frage
Select below the option that is not a typical feature of smartphones on the market today:
Antworten
-
Microprocessor
-
Flash
-
ROM
-
Hard drive
Frage 113
Frage
What standard introduced sleep mode to enhance battery life, and is used with TDMA?
Antworten
-
IS-99
-
IS-140
-
IS-136
-
IS-95
Frage 114
Frage
Within NIST guidelines for mobile forensics methods, the ______________ method requires physically removing flash memory chips and gathering information at the binary level.
Antworten
-
Chip-off
-
Logical extraction
-
Micro read
-
Manual extraction
Frage 115
Frage
On what mobile device platform does Facebook use a SQLite database containing friends, their ID numbers, and phone numbers as well as files that tracked all uploads, including pictures?
Antworten
-
Android
-
Blackberry
-
Windows RT
-
iPhone
Frage 116
Frage
Where is the OS stored on a smartphone?
Antworten
-
RAM
-
Microprocessor
-
ROM
-
Read/write flash
Frage 117
Frage
The ________________ technology uses the IEEE 802.16e standard and Orthogonal Frequency Division Multiple Access (OFDMA) and supports transmission speeds of 12 Mbps
Antworten
-
WiMAX
-
CDMA
-
UMB
-
MIMO
Frage 118
Frage
Which of the following is not a type of peripheral memory card used in PDAs?
Antworten
-
Secure Digital (SD)
-
Compact Flash (CF)
-
MultiMediaCard (MMC)
-
RamBus (RB)
Frage 119
Frage
Which component of cell communication is used to route digital packets for the network and relies on a database to support subscribers?
Antworten
-
Base station controller (BSC)
-
Base transciever station (BTS)
-
Base transciever controller (BTC)
-
Mobile switching center (MSC)
Frage 120
Frage
Most Code Division Multiple Access (CDMA) networks conform to ____________ , created by the Telecommunications Industry Association (TIA).
Antworten
-
TS-95
-
802.11
-
IS-95
-
IS-136
Frage 121
Frage
The use of smart phones for illicit activities is becoming more prevalent.
Antworten
- True
- False
Frage 122
Frage
Because mobile phones are seized at the time of arrest, a search warrant is not necessary to examine the device for information.
Antworten
- True
- False
Frage 123
Frage
Most Code Division Multiple Access networks conform to IS-95. The systems are referred to as CDMAOne, and when they went to 3G service, they became CDMAThree.
Antworten
- True
- False
Frage 124
Frage
While travelling internationally with a GSM phone, you can pop in a SIM card for the country you're currently in, rather than get a new phone.
Antworten
- True
- False
Frage 125
Frage
Search and seizure procedures for mobile devices are as important as procedures for computers.
Antworten
- True
- False
Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.