First responder is a person who arrives first at the crime scene and accesses the victim's computer system after the incident. He or She is responsible for protecting, integrating, and preserving the evidence obtained from the crime scene.
Which of the following is not a role of first responder?
A. Identify and analyze the crime scene
B. Prosecute the suspect in court of law
C. Protect and secure the crime scene
D. Package and transport the electronic evidence to forensics lab
正解:B
質問 2:
The need for computer forensics is highlighted by an exponential increase in the number of cybercrimes and litigations where large organizations were involved. Computer forensics plays an important role in tracking the cyber criminals. The main role of computer forensics is to:
A. Document monitoring processes of employees of the organization
B. Extract, process, and interpret the factual evidence so that it proves the attacker's actions in the court
C. Harden organization perimeter security
D. Maximize the investigative potential by maximizing the costs
正解:B
質問 3:
The Recycle Bin is located on the Windows desktop. When you delete an item from the hard disk, Windows sends that deleted item to the Recycle Bin and the icon changes to full from empty, but items deleted from removable media, such as a floppy disk or network drive, are not stored in the Recycle Bin.
What is the size limit for Recycle Bin in Vista and later versions of the Windows?
A. Maximum of 5.99 GB
B. No size limit
C. Maximum of 3.99 GB
D. Maximum of 4.99 GB
正解:B
質問 4:
Which of the following password cracking techniques works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?
A. Rule-based attack
B. Hybrid attack
C. Brute forcing attack
D. Syllable attack
正解:B
質問 5:
Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of ___________.
A. 2023
B. 1024
C. 1023
D. 1020
正解:C
質問 6:
Windows Security Accounts Manager (SAM) is a registry file which stores passwords in a hashed format.
SAM file in Windows is located at:
A. C:\windows\system32\drivers\SAM
B. C:\windows\system32\con\SAM
C. C:\windows\system32\Boot\SAM
D. C:\windows\system32\config\SAM
正解:D
質問 7:
What is a first sector ("sector zero") of a hard disk?
A. Secondary boot record
B. System boot record
C. Master boot record
D. Hard disk boot record
正解:C
質問 8:
Which of the following file in Novel GroupWise stores information about user accounts?
A. PRIV.STM
B. ngwguard.db
C. PRIV.EDB
D. gwcheck.db
正解:B
質問 9:
When collecting evidence from the RAM, where do you look for data?
A. Log file
B. Data file
C. SAM file
D. Swap file
正解:D