A law enforcement officer may only search for and seize criminal evidence with
_______________________, which are facts or circumstances that would lead a
reasonable person to believe a crime has been committed or is about to be committed,
evidence of the specific crime exists and the evidence of the specific crime exists at the
place to be searched.

A.

Mere Suspicion

B.

A preponderance of the evidence

C.

Probable cause

D.

Beyond a reasonable doubt

You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

A.

Throw the hard disk into the fire

B.

Run the powerful magnets over the hard disk

C.

Format the hard disk multiple times using a low level disk utility

D.

Overwrite the contents of the hard disk with Junk data

You work as an IT security auditor hired by a law firm in Boston to test whether you can
gain access to sensitive information about the company clients. You have rummaged
through their trash and found very little information. You do not want to set off any alarms
on their network, so you plan on performing passive foot printing against their Web servers.
What tool should you use?

A.

Ping sweep

B.

Nmap

C.

Netcraft

D.

Dig

You are a computer forensics investigator working with local police department and you are
called to assist in an investigation of threatening emails. The complainant has printer out 27
email messages from the suspect and gives the printouts to you. You inform her that you
will need to examine her computer because you need access to the
_________________________ in order to track the emails back to the suspect.

A.

Routing Table

B.

Firewall log

C.

Configuration files

D.

Email Header

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

A.

forensic duplication of hard drive

B.

analysis of volatile data

C.

comparison of MD5 checksums

D.

review of SIDs in the Registry

You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data.
What method would be most efficient for you to acquire digital evidence from this network?

A.

create a compressed copy of the file with DoubleSpace

B.

create a sparse data copy of a folder or file

C.

make a bit-stream disk-to-image file

D.

make a bit-stream disk-to-disk file

The police believe that Melvin Matthew has been obtaining unauthorized access to
computers belonging to numerous computer software and computer operating systems
manufacturers, cellular telephone manufacturers, Internet Service Providers and
Educational Institutions. They also suspect that he has been stealing, copying and
misappropriating proprietary computer software belonging to the several victim companies.
What is preventing the police from breaking down the suspects door and searching his
home and seizing all of his computer equipment if they have not yet obtained a warrant?

A.

The Fourth Amendment

B.

The USA patriot Act

C.

The Good Samaritan Laws

D.

The Federal Rules of Evidence

Why is it a good idea to perform a penetration test from the inside?

A.

It is never a good idea to perform a penetration test from the inside

B.

Because 70% of attacks are from inside the organization

C.

To attack a network from a hacker's perspective

D.

It is easier to hack from the inside

When investigating a potential e-mail crime, what is your first step in the investigation?

A.

Trace the IP address to its origin

B.

Write a report

C.

Determine whether a crime was actually committed

D.

Recover the evidence

Which part of the Windows Registry contains the user's password file?

A.

HKEY_LOCAL_MACHINE

B.

HKEY_CURRENT_CONFIGURATION

C.

HKEY_USER

D.

HKEY_CURRENT_USER

What information do you need to recover when searching a victim’s computer for a crime committed with specific e-mail message?

A.

Internet service provider information

B.

E-mail header

C.

Username and password

D.

Firewall log

You setup SNMP in multiple offices of your company. Your SNMP software manager is not
receiving data from other offices like it is for your main office. You suspect that firewall
changes are to blame. What ports should you open for SNMP to work through Firewalls?
(Choose two.)

A.

162

B.

161

C.

163

D.

160