Q.1 "All incidents are events but an event is not necessarily an incident". True/False?
1) True
2) False
Ans: 1) True
Q.2 Which of the following pertains to legal evidence found in computers and digital storage media?
1) Monitoring
2) Computer Forensics
3) Security Incident Management
4) Logging
Ans: 2) Computer Forensics
Q.3 Which of the following is primarily used to collect device logs from several different machines in a central location for monitoring and review?
1) Network log
2) SerLog
3) Syslog
Ans: 3) Syslog
Q.4 Which of the following can be considered as information assets?
1) Application Software
2) System Software
3) All of these
4) Corporate Data
5) Client Data
Ans: 3) All of these
Q.5 It is ok if minor alterations occur in the evidence during forensic analysis. True/False?
1) True
2) False
Ans: 2) False
Q.6 What does live forensic acquisition acknowledge?
1) Integrity of the evidence
2) Confidentiality of evidence
3) Volatility of the evidence
Ans:3) Volatility of the evidence
Q.7 Which of the following are steps in the digital forensic process?
1) Seizure >Acquisition and analysis of digital media > Production of a report
2) Preparation > Detection > Analysis > Containment
Ans: 1) Seizure >Acquisition and analysis of digital media > Production of a report
Q.8 Which of the following are the phases of the incident response process as defined by NIST?
1) Preparation > Detection > Analysis > Containment
2) Detection > Analysis > Containment and Eradicaton > Post Incident Recovery
3) Detection > Analysis > Containment and Eradicaton > Recovery
4) Preparation > Detection and Analysis > Containment, Eradication, and Recovery > Post-Incident Activity
Ans: 4) Preparation > Detection and Analysis > Containment, Eradication, and Recovery > Post-Incident Activity
Q.9 Which of the following are useful incident analysis resources?
1) Documentation, network diagrams, critical file hash values
2) Phones and contact information
3) Removable media, forensic software, digital cameras, etc.
Ans: 1) Documentation, network diagrams, critical file hash values
Q.10 Which of the following tricks the user into thinking they are on a real system but in reality is a virtual environment to collect incidents?
1) Sandboxes
2) Honeypot
3) IDS
Ans: 1) Sandboxes
No comments:
Post a Comment
If you have any doubts, Please let us know.