17255333
Description
Flashcards by Tyler Rock, updated more than 1 year ago
|
Created by Tyler Rock
over 5 years ago
|
|
| Question | Answer |
| An investigator wants to capture all data on a SATA drive connected to a Linux system. What should the investigator use for the "if=" portion of the dcfldd command? A. /dev/hda B. /dev/hda1 C. /dev/sda D. /dev/sda1 | C. /dev/sda |
| To create a new primary partition within the fdisk interactive utility, which letter should be typed? A. c B. p C. l D. n | D. n |
| What is the name of the Microsoft solution for whole disk encryption? A. DriveCrypt B. TrueCrypt C. BitLocker D. SecureDrive | C. BitLocker |
| Which RAID type provides increased speed and data storage capability, but lacks redundancy? A. RAID 0 B. RAID 1 C. RAID 0+1 D. RAID 5 | A. RAID 0 |
| Which open-source acquisition format is capable of producing compressed or uncompressed image files, and uses the .afd extension for segmented image files? A. Advanced Forensics Disk B. Advanced Forensic Format C. Advanced Capture Image D. Advanced Open Capture | B. Advanced Forensic Format |
| Which option below is not a hashing function used for validation checks? A. RC4 B. MD5 C. SHA-1 D. CRC32 | A. RC4 |
| Which technology below is not a hot-swappable technology? A. USB-3 B. FireWire 1394A C. SATA D. IDE | D. IDE |
| The Linux command _____ can be used to write bit-stream data to files. A. write B. dd C. cat D. dump | B. dd |
| The Linux command _______ can be used to list the current disk devices connected to the computer. A. ls -l B. fdisk -l C. show drives D. geom | B. fdisk -l |
| The _______ command was developed by Nicholas Harbour of the Defense Computer Forensics Laboratory. A. dd B. split C. dcfldd D. echo | C. dcfldd |
| The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network. A. intrusion detection system B. active defense mechanism C. total awareness system D. intrusion monitoring system | A. intrusion detection system |
| The _______ switch can be used with the split command to adjust the size of segmented volumes created by the dd command. A. -p B. -s C. -b D. -s | C. -b |
| When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files? A. 512 MB B. 2 GB C. 1 TB D. 1 PB | B. 2 GB |
| Which RAID type utilizes a parity bit and allows for the failure of one drive without losing data? A. RAID 1 B. RAID 2 C. RAID 3 D. RAID 5 | D. RAID 5 |
| Which RAID type utilizes mirrored striping, providing fast access and redundancy? A. RAID 1 B. RAID 3 C. RAID 5 D. RAID 10 | D. RAID 10 |
| Which option below is not a Linux Live CD meant for use as a digital forensics tool? A. Penguin Sleuth B. Kali Linux C. Ubuntu D. CAINE | C. Ubuntu |
| Within the fdisk interactive menu, what character should be entered to view existing partitions? A. l B. p C. o D. d | C. o |
| _______ can be used with the dcfldd command to compare an image file to the original medium. A. compare B. cmp C. vf D. imgcheck | C. vf |
| _______ creates a virtual volume of a RAID image file, and then makes repairs on the virtual volume, which can then be restored to the original RAID. A. Runtime Software B. RaidRestore C. R-Tools R-Studio D. FixitRaid | C. R-Tools R-Studio |
| _______ is the utility used by the ProDiscover program for remote access. A. SubSe7en B. l0pht C. PDServer D. VNCServer | C. PDServer |
Want to create your own Flashcards for free with GoConqr? Learn more.