Topic 2, Exam Pool B
What is the slave device connected to the secondary IDE controller on a Linux OS referred
to?
A.
hda
B.
hdd
C.
hdb
D.
hdc
hdd
When marking evidence that has been collected with the “aaa/ddmmyy/nnnn/zz” format, what does the “nnnn” denote?
A.
The initials of the forensics analyst
B.
The sequence number for the parts of the same exhibit
C.
The year he evidence was taken
D.
The sequential number of the exhibits seized by the analyst
The sequential number of the exhibits seized by the analyst
Where is the startup configuration located on a router?
A.
Static RAM
B.
BootROM
C.
NVRAM
D.
Dynamic RAM
NVRAM
Which among the following files provides email header information in the Microsoft
Exchange server?
A.
gwcheck.db
B.
PRIV.EDB
C.
PUB.EDB
D.
PRIV.STM
PRIV.EDB
When searching through file headers for picture file formats, what should be searched to
find a JPEG file in hexadecimal format?
A.
FF D8 FF E0 00 10
B.
FF FF FF FF FF FF
C.
FF 00 FF 00 FF 00
D.
EF 00 EF 00 EF 00
FF D8 FF E0 00 10
To check for POP3 traffic using Ethereal, what port should an investigator search by?
A.
143
B.
25
C.
110
D.
125
110
When should an MD5 hash check be performed when processing evidence?
A.
After the evidence examination has been completed
B.
On an hourly basis during the evidence examination
C.
Before and after evidence examination
D.
Before the evidence examination has been completed
Before and after evidence examination
When using an iPod and the host computer is running Windows, what file system will be used?
A.
iPod+
B.
HFS
C.
FAT16
D.
FAT32
FAT32
When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?
A.
RIM Messaging center
B.
Blackberry Enterprise server
C.
Microsoft Exchange server
D.
Blackberry desktop redirector
Microsoft Exchange server
What type of analysis helps to identify the time and sequence of events in an investigation?
A.
Time-based
B.
Functional
C.
Relational
D.
Temporal
Temporal
When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?
A.
Proxify.net
B.
Dnsstuff.com
C.
Samspade.org
D.
Archive.org
Archive.org
Which of the following technique creates a replica of an evidence media?
A.
Data Extraction
B.
Backup
C.
Bit Stream Imaging
D.
Data Deduplication
Bit Stream Imaging
| Page 19 out of 50 Pages |
| Previous |