How often must a company keep log files for them to be admissible in a court of law?

A.

All log files are admissible in court no matter their frequency

B.

Weekly

C.

Monthly

D.

Continuously

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

A.

Volume Boot Record

B.

Master Boot Record

C.

GUID Partition Table

D.

Master File Table

Which code does the FAT file system use to mark the file as deleted?

A.

ESH

B.

5EH

C.

H5E

D.

E5H

What type of equipment would a forensics investigator store in a StrongHold bag? 

A.

PDAPDA?

B.

Backup tapes

C.

Hard drives

D.

Wireless cards

Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statistics and probability and uses only two variables?

A.

Bayesian Correlation

B.

Vulnerability-Based Approach

C.

Rule-Based Approach

D.

Route Correlation

In Steganalysis, which of the following describes a Known-stego attack?

A.

The hidden message and the corresponding stego-image are known

B.

During the communication process, active attackers can change cover

C.

Original and stego-object are available and the steganography algorithm is known

D.

Only the steganography medium is available for analysis

Why would a company issue a dongle with the software they sell? 

A.

To provide source code protection

B.

To provide wireless functionality with the software

C.

To provide copyright protection

D.

To ensure that keyloggers cannot be used

What method of copying should always be performed first before carrying out an
investigation?

A.

Parity-bit copy

B.

Bit-stream copy

C.

MS-DOS disc copy

D.

System level copy

What technique is used by JPEGs for compression?

A.

ZIP

B.

TCD

C.

DCT

D.

TIFF-8

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

A.

:\Program Files\Exchsrvr\servername.log

B.

D:\Exchsrvr\Message Tracking\servername.log

C.

C:\Exchsrvr\Message Tracking\servername.log

D.

C:\Program Files\Microsoft Exchange\srvr\servername.log

What will the following Linux command accomplish?
dd if=/dev/mem of=/home/sam/mem.bin bs=1024

A.

Copy the master boot record to a file

B.

Copy the contents of the system folder to a file

C.

Copy the running memory to a file

D.

Copy the memory dump file to an image file

Which of the following files gives information about the client sync sessions in Google Drive on Windows?

A.

sync_log.log

B.

Sync_log.log

C.

sync.log

D.

Sync.log