Digital Forensics in Cybersecurity Quizlet, Exams of Information Systems

Download Digital Forensics in Cybersecurity Quizlet and more Exams Information Systems in PDF only on Docsity! WGU Course C840 - Digital Forensics in Cybersecurity Quizlet by Brian MacFarlane Guaranteed Auccess A+ Malware forensics is also known as internet forensics. A True B False - ✓✓✓B The Privacy Protection Act (PPA) of 1980 protects journalists from being required to turn over to law enforcement any work product or documentary material, including sources, before it is disseminated to the public. A True B False - ✓✓✓A The term testimonial evidence refers to the process of examining malicious computer code. A True B False - ✓✓✓B Evidence need not be locked if it is at a police station. A True B False - ✓✓✓B Real evidence means physical objects that can be touched, held, or directly observed, such as a laptop with a suspect's fingerprints on it, or a handwritten note. A True B False - ✓✓✓A The FBI is the premier federal agency tasked with combating cybercrime. A True B False - ✓✓✓B A Policy of separation B Rules of evidence C Law of probability D Chain of custody - ✓✓✓D The objective in computer forensics is to recover, analyze, and present computer-based material in such a way that it can be used as evidence in a court of law. A True B False - ✓✓✓A Demonstrative evidence means information that helps explain other evidence. An example of demonstrative evidence is a chart that explains a technical concept to the judge and jury. A True B False - ✓✓✓A Which of the following are important to the investigator regarding logging? A Location of stored logs B Log retention C The logging methods D All of these - ✓✓✓D A sector is the basic unit of data storage on a hard disk, which is usually 64 KB. A True B False - ✓✓✓A The term digital evidence describes the process of piecing together where and when a user has been on the Internet. A True B False - ✓✓✓B When computer forensics first began, most investigations were conducted according to the whim of the investigator rather than through a standardized methodology. A True B False - ✓✓✓A If the computer is turned on when you arrive, what does the Secret Service recommend you do? A Begin your investigation immediately. B Shut down according to recommended Secret Service procedure. C Transport the computer with power on. D Unplug the machine immediately. - ✓✓✓B A To know what hardware existed B To know what peripheral devices existed C In case other devices were connected D To know what outside connections existed - ✓✓✓C Documentary evidence is data stored in written form, on paper, or in electronic files, such as e-mail messages and telephone call-detail records. A True B False - ✓✓✓A Section 816 of the USA Patriot Act, titled the "Development and Support of Cybersecurity Forensic Capabilities," does what? A Calls for investigation of all cybercrimes as acts of terrorism B Calls for the establishment of regional computer forensic laboratories C Establishes guidelines for seizing hard drives D Establishes guidelines for intercepting e-mail - ✓✓✓B In September 2005, the FCC ruled that providers of broadband Internet access and interconnected VoIP services are telecommunications carriers under CALEA and, therefore, extended CALEA to the Web and broadband access for the purpose of wiretap ability. A True B False - ✓✓✓A According to the Electronic Communications Privacy Act of 1986, when will a law enforcement officer need a warrant to intercept e-mail? A Never B Anytime e-mail will be intercepted C Only when seizing it from the server D Only when seizing it in transit - ✓✓✓B The Electronic Communications Privacy Act extended the consent exception guideline to e-mail monitoring, which states that one party to a conversation must give consent. A True B False - ✓✓✓B A "protected computer" is any computer at a financial institution or a government agency. A True B False - ✓✓✓A A True B False - ✓✓✓B Moore's Law applies to some of the other primary drivers of computing capability, including storage capacity, processor speed, capacity and cost, fiber optic communications, and more. A True B False - ✓✓✓A The Patriot Act had no effect on computer forensics. A True B False - ✓✓✓B According to Moore's law, computer power _________ at _______ the cost approximately every 18 to 24 months. - ✓✓✓doubles; half Which of the following is not a unique characteristic of cloud computing relative to forensics? A All of these. B Evidence may be easier for multiple persons to tamper with or modify. C Evidence may be stored in binary code. D Evidence may be under different privacy rules. E Evidence may be in a different location than the suspect computer. - ✓✓✓C It is very common for criminal enterprises to intentionally construct their own clouds with data stored in jurisdictions with rules and laws that make data retrieval for the purpose of forensics difficult or impossible. A True B False - ✓✓✓A A hard drive failure, accidental data deletion, or similar small-scale incident will not prevent a redundant network server or SAN from continuing to provide data and services to end users. A True B False - ✓✓✓A Any software that self-replicates is the definition of logic bomb. A True B False - ✓✓✓B Viruses are difficult to locate, but easy to trace back to the creator. A True B False - ✓✓✓B The simple act of wrongfully obtaining another person's personal data is the crime, with or without stealing any money. A True B False - ✓✓✓A Viruses are remarkably easy to locate, but difficult to trace back to the creator. A True B False - ✓✓✓A A logic bomb is malware that is designed to do harm to the system when some logical condition is reached. A True B False - ✓✓✓A It is legal for employers to monitor work computers. A True B False - ✓✓✓A Where would you seek evidence that Ophcrack had been used on a Windows Server 2008 machine? A In the IDS logs B In the logs of the server; look for the reboot of the system C In the logs of the server; look for the loading of a CD D In the firewall logs - ✓✓✓B Rainbow table means type of password crackers that work with pre-calculated hashes of all passwords available within a certain character space. A True B False - ✓✓✓A A SYN flood is software that self-replicates. A True B False - ✓✓✓B A TDoS attack is possible with traditional telephone systems by using an automatic dialer to tie up target phone lines. A True B False - ✓✓✓A A critical topic in cyberterrorism is the subject of the China Eagle Union. This group consists of several thousand Chinese hackers whose stated goal is to infiltrate Western computer systems. A True B False - ✓✓✓A In December of 2009, hackers broke into computer systems and stole secret defense plans of the United States and South Korea. The information stolen included a summary of plans for military operations by South Korean and U.S. troops in case of war with North Korea, though the attacks were traced back to a Chinese IP address. This is an example of a Trojan Horse. A True B False - ✓✓✓B Malware that executes damage when a specific condition is met is the definition of logic bomb. A True B False - ✓✓✓A The term distributed denial of service (DDoS) attack describes the process of connecting to a server that involves three packets being exchanged. A True B False - ✓✓✓B The use of electronic communications to harass or threaten another person is the definition of cyberstalking. A True B False - ✓✓✓A It is legal to monitor the computers of relatives as long as they are living in your home. A True B False - ✓✓✓B The term three-way handshake describes the use of electronic communications to harass or threaten another person. A True B False - ✓✓✓B Logic bombs are often perpetrated by ________. A Identity thieves B Disgruntled employees C Terrorists D Hackers - ✓✓✓B What is the primary reason to take cyberstalking seriously? A It can be annoying and distracting. B It can be a prelude to real-world violence. C It can be part of identity theft. D It can damage your system. - ✓✓✓B C You might be accused of planting evidence. D You might accidentally decrypt files. - ✓✓✓B This residual information in file slack is overwritten when a new file is created. A True B False - ✓✓✓B What is the purpose of hashing a copy of a suspect drive? A To render it read-only B To check for changes C To remove viruses D To make it secure - ✓✓✓B An expert report is a formal document prepared by a forensics specialist to document an investigation, including a list of all tests conducted and the specialist's own curriculum vitae (CV). A True B False - ✓✓✓A The unused space between the logical end of file and the physical end of file is the definition of bit-level information. A True B False - ✓✓✓B Information at the level of actual 1s and 0s stored in memory or on the storage device is the definition of bit- level information. A True B False - ✓✓✓A The first step in any investigation is to make a copy of the suspected storage device. A True B False - ✓✓✓A You should make at least two bitstream copies of a suspect drive. A True B False - ✓✓✓A It takes ________ occurrence(s) of overextending yourself during testimony to ruin your reputation. A At least two B Only one C Several D Only one if it is a major case - ✓✓✓B The MD5 message-digest algorithm is used to ________. To preserve digital evidence, an investigator should ________. A Make a single copy of each evidence item using an approved imaging tool B Make two copies of each evidence item using different imaging tools C Store only the original evidence item D Make two copies of each evidence item using a single imaging tool - ✓✓✓B Disk Investigator is a Linux Live CD that you use to boot a system and then use the tools. A True B False - ✓✓✓B Information that has been processed and assembled so that it is relevant to an investigation and supports a specific finding or determination is the definition of digital evidence. A True B False - ✓✓✓A Life span refers to how long information is reliable. A True B False - ✓✓✓B Helix is a customized Linux Live CD used for computer forensics. A True B False - ✓✓✓A Volatility refers to how easy it is for data to change. Registers are very volatile, whereas a CD-ROM is not. A True B False - ✓✓✓A After imaging any drive, you must always create a hash of the original and the copy. A True B False - ✓✓✓A The art and science of writing hidden messages is the definition of hash. A True B False - ✓✓✓B The term steganalysis refers to the determination of whether a file or communication hides other information.