CYBER FORENSIC MCQs
UNIT 1 : COMPUTER FORENSIC, NETWORK FORENSIC, CELL PHONE AND MOBILE DEVICE FORENSIC
1. Evidence
that shows, or tends to show, a person's involvement in an act that can
establish guilt.
A.
Inculpatory evidence
B.
Exculpatory evidence
C.
Character evidence
D.
Documentary evidence
2.
Evidence favourable to the defendant in a
criminal trial that clears or tends to clear the defendant of guilt.
A.
Inculpatory evidence
B.
Exculpatory evidence
C.
Character evidence
D.
Documentary evidence
3. They
often work as a team to make computers and networks secure in an organization.
A.
Cyber criminals
B.
Investigators
C.
Police officer
D.
None of the above
4.
In an enterprise network environment, the triad consists
of .
A.
Vulnerability assessment and risk management
B.
Network intrusion detection and incident response
C.
Computer investigations
D.
All of the above
5.
An evidence custody form is also known
as .
A.
Chain of Custody
B.
Chain of evidence
C.
Evidence form
D.
None of the above
6. This
helps you document what has and has not been done with the original evidence and forensic copies of the evidence.
A.
Chain of Custody
B.
Chain of evidence
C.
Evidence form
D.
None of the above
7. An
evidence custody form usually contains the following information:
A.
Case number
B.
Investigator
C.
Location where evidence was obtained
D.
All of the above
8. is
the application of investigation and analysis techniques to gather and preserve
evidence from a particular computing device in a way that is suitable for
presentation in the court of law.
A.
Ethical hacking
B.
Computer forensics
C.
Cyber security
D.
Forensics
9. This
involves recovering information from a computer that was deleted by mistake or
lost during a power surge or server crash.
A.
Data recovery
B.
Computer forensics
C.
Ethical hacking
D.
Digital forensic
10. It
is a program or hardware device that filters information coming through an
internet connection to a network or computer system.
A.
Firewall
B.
Cookies
C.
Cyber security
D.
Anti virus
11. Stealing
of others ideas or creations is .
A.
Plagiarism
B.
Intellectual property rights
C.
Piracy
D.
All of the above
12. Which
of the following principle is violated if computer system is not accessible?
A.
Confidentiality
B.
Availability
C.
Access control
D.
Authentication
13. When
you use the word it means you are protecting your
data from getting disclosed.
a.
Confidentiality
b.
Integrity
c.
Authentication
d.
Availability
14. means
the protection of data from modification by unknown users.
a.
Confidentiality
b.
Integrity
c.
Authentication
d.
Non-repudiation
15. of
information means, only authorised users are capable of accessing the
information.
a)
Confidentiality
b)
Integrity
c)
Non-repudiation
d)
Availability
16. Why
these 4 elements (confidentiality, integrity, authenticity & availability)
are considered fundamental?
a)
They help understanding hacking better
b)
They are key elements to a security breach
c)
They help understands security and its
components better
d)
They help to understand the cyber-crime better
17. This
helps in identifying the origin of information and authentic user. This
referred to here as
a)
Confidentiality
b)
Integrity
c)
Authenticity
d)
Availability
18. Data is used to ensure confidentiality.
a)
Encryption
b)
Locking
c)
Deleting
d)
Backup
19.
Which of these is not a proper method of
maintaining confidentiality?
a)
Biometric verification
b)
ID and password based verification
c)
2-factor authentication
d)
switching off the phone
20. Data
integrity gets compromised when and are taken control off.
a)
Access control, file deletion
b)
Network, file permission
c)
Access control, file permission
d)
Network, system
21. One
common way to maintain data availability is
a)
Data clustering
b)
Data backup
c)
Data recovery
d)
Data Altering
22. Which
of the following is not a type of cyber-crime?
a)
Data theft
b)
Forgery
c)
Damage to data and systems
d)
Installing antivirus for protection
23. prevents
damage to the evidence as you transport it to your secure evidence locker, evidence room, or
computer lab.
A.
Covering
B.
Padding
C.
Sealing
D.
None of the above
24. What
is the most significant legal issue in computer forensics?
A.
Preserving Evidence
B.
Seizing Evidence.
C.
Admissibility of Evidence.
D.
Discovery of
Evidence.
25. When
a file is deleted
A. The
file remains intact.
B.
The FAT entry for the file is zeroed out so it
shows that the area is available for use by a new file.
C. The
first character of the directory entry file name is changed to a special character.
D. All
of the above.
26. Which
of the following is not a property of computer
evidence?
A. Authentic
and Accurate.
B. Complete
and Convincing.
C. Duplicated
and Preserved.
D. Conform
and Human Readable.
27. You
are a computer forensic examiner at a scene and have determined you will seize
a Linux server, which according to your source of information contains the
database records for the company under investigation for fraud. The best
practice for "taking down" the server for collection is to photograph
the screen, note any running programs or
messages and so on, and .
A. Use
the normal shutdown procedure
B. Pull
the plug from the wall
C. Pull
the plug from the rear of the computer
D. Ask
the user at the scene to shut down the server
28. When
a forensic copy is made, in what format are the contents of the hard drive stored?
A. As
compressed images.
B. As
bootable files.
C. As
executable files.
D. As
operating system files.
29. Which
of the following is not a type of volatile evidence?
A. Routing
Tables
B. Main
Memory
C. Log files
D. Cached Data
30. In
establishing what evidence is admissible, many rules of evidence concentrate
first on the of the offered evidence.
A. Relevancy
B. Search
and Seizure
C. Material
D. Admissibility
31. Which
of the following is a proper acquisition technique?
A. Disk
to Image
B. Disk
to Disk
C. Sparse Acquisition
D. All
of the above
32. Traditional
crimes that became easier or more widespread because of telecommunication
networks and powerful PCs include all of the following except
A. Money laundering
B. Illegal
drug distribution
C. DoS attacks
D. Child pornography
33. devices
prevent altering data on drives attached to the suspect computer and also offer
very fast acquisition speeds.
A. Encryption
B. Imaging
C. Write Blocking
D. Hashing
34. Which
duplication method produces an exact replica of the original drive?
A. Bit-Stream Copy
B. Image Copy
C. Mirror
Copy
D. Bit
stream copy
35. To
verify the original drive with the forensic copy, you use .
A. a password
B. a
hash analysis
C. disk
to disk verification
D. none
of the above
36. The
Windows operating system uses a file name's to
associate files with the proper applications.
A. Signature
B. Extension
C. MD5
hash value
D. Metadata
37. As
a good forensic practice, why would it be a good idea to wipe a forensic drive before using it?
A. Chain
of Custody
B. No
need to wipe
C. Different
file and operating systems
D. Cross-contamination
38. The
ability to hide data in another file is called
A. Encryption.
B. Steganography.
C. Data parsing.
D. A
and B.
39. When
two hard drives are on the same data cable, both drives must have which two
settings for them to work?
A. Default
and Cable Select
B. Primary
and Secondary
C. Master
and Slave
D. First
and Second
40. A
file header is which of the following?
A. A
unique set of characters at the beginning of a file that identifies the file type
B. A
unique set of characters following the file name that identifies the file type
C. A
128-bit value that is unique to a specific file based on its data
D. Synonymous
with the file extension
41. When
shutting down a computer, what information is typically lost?
A. Data
in RAM memory
B. Running processes
C. Current
network connections
D. All
of the above
42. is
the science of hiding messages in messages.
A. Scanning
B. Spoofing
C. Steganography
D. Steganalysis
43. You
are an investigator and have encountered a computer that is running at the home
of a suspect. The computer does not appear to be a part of a network. The
operating system is Windows XP Home. No programs are visibly running. You should:
A. Pull
the plug from the back of the computer.
B. Turn
it off with the power button.
C. Pull
the plug from the wall.
D. Shut
it down with the start menu.
44. ROM
is an acronym for:
A. Read
Open Memory
B. Random
Open Memory
C. Read
Only Memory
D. Relative
Open Memory
45. Pressing
the power button on a computer that is running could have which of the
following results?
A. The
computer will instantly shut off.
B. The
computer will go into stand-by mode.
C. Nothing
will happen.
D. All
of the above could happen.
46. You
are a computer forensic examiner tasked with determining what evidence is on a
seized computer. On what part of the computer system will you find data of
evidentiary value?
A. Microprocessor
or CPU
B. USB controller
C. Hard drive
D. PCI
expansion slots
47. You
are a computer forensic examiner explaining how computers store and access the
data you recovered as evidence during your examination. The evidence was a log
file and was recovered as an artifact
of user activity on the ,
which was stored on the , contained within
a on the
media.
A. partition,
operating system, file system
B. operating
system, file system, partition
C. file
system, operating system, hard drive
D. operating
system, partition, file system
48. USB
drives use .
A.
RAM memory
B.
Cache memory
C.
Flash memory
D.
None of the above
49. Computer
memory files written to the hard drive are called .
A.
Metadata
B.
Swap files
C.
Spool files
D.
User profiles
50. The
most common storage device for the personal computer is:
A.
USB drive
B.
Hard disk drive
C.
Floppy disk
D.
Zip disk
51. Computer
forensics involves all of the following stated activities except:
A.
Interpretation of computer data
B.
Preservation of computer data
C.
Extraction of computer data
D.
Manipulation of computer data
52. The
primary component of storage in the personal computer is the:
A.
Hard disk drive
B.
NIC
C.
zipdisk
D.
pendrive
53. Volatile
memory of the computer is known as:
A.
ROM
B.
RAM
C.
BIOS
D.
CPU
54. The
MD5 hashing algorithm is no longer considered to be a reliable method for
determining whether two blocks of text are identical.
A.
True
B.
False
55. Areas
of files and disks that are not apparent to the user, and sometimes not even to
the operating system, is termed:
A.
latent data. |
B. missing data. |
C. exceptional data. |
D. hidden data. |
56. Processing
the electronic crime scene has very little in common with processing a
traditional crime scene and requires that the investigator take a substantially different approach.
A.
True
B.
False
57. When
photographing an electronic crime scene, all the connections to the main system
unit, such as peripheral devices, should be photographed.
A.
True
B.
False
58. A
set of instructions compiled into a program that performs a particular task is
known as:
A)
hardware
B)
motherboard
C)
central processing unit
D)
software
59. At
the scene of a murder you find a powered-on computer. No specialist digital
forensics expert is readily available. Other than recording the scene which of
the following options would you chose:
A)
I review each of the running applications and
user files to find out if there may be any pertinent evidence there
B)
I wait until specialist advice becomes available
C)
I just leave the computer and let someone else
deal with it
D)
I pull the power cord from the rear of the
computer and take it with me
60. This is a network tool used to determine the path packets
take from one IP address to another.
A.
Traceroute
B.
Ping
C.
Route
D.
None of the above
61. This
is a network diagnostic tool that displays the route taken by packets across a
network and measures any transit delays.
A.
Traceroute
B.
Ping
C.
Route
D.
None of the above
62. The
goal in obtaining data from a HDD is to do so without altering any data
A.
True
B.
False
63. When
should photos of the crime scene be taken? Chose the most appropriate option. You can only pick one.
A)
In daylight
B)
As soon as possible
C)
When the pathologist has arrived
D)
When all evidence is collected
64. Temporary
files that are created by a software program in the event the computer
experiences sudden loss of power, cannot be recovered during a forensic examination.
A.
True
B.
False
65. The
ability to establish the exact whereabouts of an item of evidence and under
whose control it was from its collection at the crime scene to its presentation
in the courtroom and everywhere in between is
called:
A.
chain of command
B.
chain of custody
C.
continuity of
investigation
D.
record of evidence
66. All
of the following are considered direct evidence except:
A.
Fingerprint
B.
Confession
C.
Video recording
D.
Eyewitness statement
67. One
of the most important tools of the forensic investigator is the abilty to
A.
Observe, interpret, and report observations
clearly
B.
Observe assumptions clearly
C.
Report assumptions clearly
D.
Report opinions and facts clearly
68. The
first-responding police officer should keep a record of anyone who enters or
leave the crime scene. This is called:
A.
chain of command
B.
chain of custody
C.
security log
D.
evidence log
69. Many
lab technicians are used to analyze the various types of evidence found at a
crime scene. Where do they send the results of their tests?
A.
To the first responding police officer
B.
To the district
attorney
C.
To the lead detective in the case
D.
To all of the
above
70. A
crime is :
A.
illegal act only if observed by a police officer.
B.
Act forbidden by law
C.
Omission forbidden by law
D.
Both b and c
71. It
is important to separate witnesses at a crime scene in order to
A.
prevent them from talking and forming a collusion
B.
make conclusions
C.
spread the news
D.
keep it secret
72. The
ability to establish the exact whereabouts of an item of evidence and under
whose control it was from it collection at the crime scene to its presentation
in the courtroom and everywhere in
between is called:
A.
chain of command
B.
chain of custody
C.
security log
D.
evidence log
73. The
primary factor in a successful investigation is that
A. all
available information that is relevant and material is legally obtained
B. a
conviction is obtained.
C. innocent
people are cleared.
D. All
of the above
74. When
a dead body is found at the scene, the most immediate concern is:
A.
Identifying the
victim
B.
Interviewing family member
C.
Preserving and securing the crime scene
D.
Notifying news
media
75. The
basic purpose of crime scene photography is
A.
to record the entire crime scene
B.
to support the
sketch.
C.
to show the benefits of color film.
D.
all of the preceding
76.
First priority at a crime scene is given to
A.
conducting a preliminary survey of the scene
B.
detaining suspects or witnesses still at the scene
C.
obtaining medical assistance for injured parties
at the scene
D.
all of the above
77. After
providing or obtaining medical assistance for the injured and effecting an
arrest of suspects (if possible), the first officer arriving at a crime scene
should immediately:
A.
detaining suspects or witnesses still at the scene
B.
conducting a preliminary survey of the scene
C.
Secure the scene
D.
Take photographs
78. It
is permitted for officers at the scene to alter temperature conditions by
adjusting windows, doors, or the heat or air
conditioning.
A.
True
B.
False
79. The
first priority of the first officer responding to a crime scene is securing the
crime scene
A.
True
B.
False
80. Admittance
to the crime scene must include only
A.
Blood relatives of the victim
B.
Law enforcement
personnel
C.
Police officers, district attorneys and authorized
media members
D.
law enforcement and forensic personnel assigned
to the case
81.
The initial walkthrough survey of the crime
scene should be carried out by the
A.
First responder
B.
Evidence technician
C.
Police chief
D.
Lead investigator
82. framework
made cracking of vulnerabilities easy like point and click.
a)
.Net
b)
Metasploit
c)
Zeus
d)
Ettercap
83. Nmap
is abbreviated as Network Mapper.
a)
True
b)
False
84. is
a popular tool used for discovering networks as well as in security auditing.
a)
Ettercap
b)
Metasploit
c)
Nmap
d)
Burp Suit
85. Which
of this Nmap do not check?
a)
services different hosts are offering
b)
on what OS they are running
c)
what kind of firewall is in use
d)
what type of antivirus is in use
86. Which
of the following deals with network intrusion detection and real-time traffic
analysis?
a) John
the Ripper
b) L0phtCrack
c) Snort
d) Nessus
87. Wireshark is a tool.
a)
network protocol analysis
b)
network connection security
c)
connection analysis
d)
defending malicious packet-filtering
88. The
full form of Malware is
a)
Malfunctioned
Software
b)
Multipurpose Software
c)
Malicious Software
d) Malfunctioning
of Security
89. is
a code injecting method used for attacking the database of a system / website.
a)
HTML injection
b)
SQL Injection
c)
Malicious code
injection
d)
XML Injection
90. When
there is an excessive amount of data flow, which the system cannot handle,
_ attack takes place.
a)
Database crash
attack
b)
DoS (Denial of Service) attack
c)
Data overflow
Attack
d) Buffer
Overflow attack
91. Compromising
a user’s session for exploiting the user’s data and do malicious activities or
misuse user’s credentials is called _
a)
Session Hijacking
b)
Session Fixation
c)
Cookie stuffing
d) Session
Spying
92.
Which of this is an example of physical hacking?
a)
Remote Unauthorised access
b)
Inserting malware loaded USB to a system
c)
SQL Injection on SQL vulnerable site
d)
DDoS (Distributed Denial of Service) attack
93. An
attempt to harm, damage or cause threat to a system or network is broadly
termed as
a) Cyber-crime
b)
Cyber Attack
c)
System hijacking
d)
Digital crime
94. Which
method of hacking will record all your keystrokes?
a)
Keyhijacking
b)
Keyjacking
c)
Keylogging
d) Keyboard monitoring
95. A is a bit-by-bit copy
(also known as a sector copy) of the original drive or storage medium and is an
exact duplicate.
A.
bit stream copy
B.
bit
C.
data dumpc
D.
tcpdump
96. are
the special type of programs used for recording and tracking user’s keystroke.
a)
Keylogger
b)
Trojans
c)
Virus
d)
Worms
97. What
type of cyber-crime, its laws and punishments does section 66 of the Indian IT
Act holds?
a)
Cracking or illegally hack into any system
b)
Putting antivirus into the victim
c)
Stealing data
d)
Stealing hardware components
98. Which
of the following is an antivirus?
A.
Norton
B.
Quick heal
C.
K7
D.
All of these
99. All
are examples of security and privacy threat except :
A.
Hacker
B.
Virus
C.
Spam
D.
Worm
100.
Viruses are
A.
Manmade
B.
Machine made
C.
Naturally occur
D.
All of the above
101.
Firewall is a type of
A.
Virus
B.
Security threat
C.
Worm
D.
None of the above
102.
The number of users on a network has a great
impact on the networks
A.
Reliability
B.
Security
C.
Availability
D.
Performance
103.
Unauthorized access in a network is issue
A.
Performance
B.
Reliability
C.
Security
D.
None of the above
104.
Encryption ensures a networks
A.
Security
B.
Reliability
C.
Performance
D.
Availability
105.
Tool for capturing, filtering, and analyzing traffic
A.
Routers
B.
TCP
C.
NIDS/NIPS
D.
tcpdump
106.
Examining related groups of packets in order to
identify patterns, suspicious activity or extra data
A.
Packet analysis
B.
Firewalls
C.
Flow analysis
D.
Protocol analysis
107.
is a historical
database of previous crimes
A.
police blotter
B.
affidavit
C.
chain of custody
D.
bit-stream copy
108.
Which of the following is not an appropriate way
of targeting a mobile phone for hacking?
a)
Target mobile hardware vulnerabilities
b)
Target apps’ vulnerabilities
c)
Setup Keyloggers and spyware in smart-phones
d)
Snatch the phone
109.
Which of the following is not an OS for mobile?
a)
Palm
b)
Windows
c)
Mango
d)
Android
110.
Mobile Phone OS contains open APIs that may be attack.
a)
useful for
b)
vulnerable to
c)
easy to
d)
meant for
111.
gets propagated
through networks and technologies like SMS, Bluetooth, wireless medium, USBs
and infrared to affect mobile phones.
a)
Worms
b)
Antivirus
c)
Malware
d)
Multimedia files
112.
is the protection of
smart-phones, phablets, tablets, and other portable tech-devices, & the
networks to which they connect to, from threats & bugs.
a)
OS Security
b)
Database security
c)
Cloud security
d)
Mobile security
113.
Mobile security is also known as
a)
OS Security
b)
Wireless security
c)
Cloud security
d)
Database security
114.
DDoS in mobile systems wait for the owner of the to trigger the attack.
a)
worms
b)
virus
c)
botnets
d)
programs
115.
Hackers cannot do which of the following after
compromising your phone?
a)
Steal your information
b)
Rob your e-money
c)
Shoulder surfing
d)
Spying
116.
Hackers cannot do which of the following after
compromising your phone?
a)
Shoulder surfing
b)
Accessing your voice mail
c)
Steal your information
d)
Use your app credentials
117.
App permissions can cause trouble as some apps
may secretly access your memory card or contact data.
a)
True
b)
False
118.
Activate when
you’re required it to use, otherwise turn it off for security purpose.
a)
Flash Light
b)
App updates
c)
Bluetooth
d)
Rotation
119.
Try not to keep passwords,
especially fingerprint for your smart- phone, because it can lead to physical
hacking if you’re not aware or asleep.
a)
Biometric
b)
PIN-based
c)
Alphanumeric
d)
Short
120.
Which of the following is not a security issue
for PDAs?
a)
Password theft
b)
Data theft
c)
Reverse engineering
d)
Wireless vulnerability
121.
is a popular
command-line packet analyser.
a)
Wireshark
b)
Snort
c)
Metasploit
d)
Tcpdump
UNIT II : INTERNET FORENSIC, EMAIL FORENSIC, SOCIAL MEDIA
FORENSIC, BROWSER FORENSICS
122.
Which of them is not a major way of stealing
email information?
a)
Stealing cookies
b)
Reverse Engineering
c)
Password Phishing
d)
Social Engineering
123.
is the method for
keeping sensitive information in email communication & accounts secure
against unofficial access, loss, or compromise.
a)
Email security
b)
Email hacking
c)
Email protection
d)
Email safeguarding
124.
Unsolicited commercial email is known as
A.
Spam
B.
Malware
C.
Virus
D.
Spyware
125.
When a person is harassed repeatedly by being
followed, then he/she is a target of
A.
Phishing
B.
Stalking
C.
Bullying
D.
Identity threat
126.
is a famous
technological medium for the spread of malware, facing problems of spam, &
phishing attacks.
a)
Cloud
b)
Pen drive
c)
Website
d)
Email
127.
Which of them is not a proper method for email security?
a)
Use Strong password
b)
Use email Encryption
c)
Spam filters and malware scanners
d)
Click on unknown links to explore
128.
If a website uses a cookie, or a browser
contains the cookie, then every time you visit that website, the browser
transfers the cookie to that website.
a)
True
b)
False
129.
The stored cookie which contains all your
personal data about that website can be stolen away by using or trojans.
a)
attackers, malware
b)
hackers, antivirus
c)
penetration testers, malware
d)
penetration testers, virus
130.
If the data stored in the _ is not encrypted,
then after cookie stealing, attackers can see information such as username and
password stored by the cookie.
a)
memory
b)
quarantine
c)
cookies
d)
hard drive
131.
Which of the following is a non-technical type
of intrusion or attack technique?
a)
Reverse Engineering
b)
Malware Analysis
c)
Social Engineering
d)
Malware Writing
132.
Which of them is an example of grabbing email information?
a)
Cookie stealing
b)
Reverse engineering
c)
Port scanning
d)
Banner grabbing
133.
If the Internet History file has been deleted, may still provide information about what Web sites
the user has visited.
A. Cookies
B. Metadata
C. User profiles
D. Sessions
134.
In terms of digital evidence, the Internet is an
example of:
a.
Open computer
systems
b.
Communication
systems
c.
Embedded computer systems
d.
None of the above
135.
If the Internet History file has been deleted,
this may still provide information about what Web sites the user has visited.
A.
Cookies
B.
Metadata
C.
User profiles
D.
Sessions
136.
Private networks can be a richer source of
evidence than the Internet because:
a. They
retain data for longer periods of time.
b.
Owners of private networks are more cooperative
with law enforcement.
c.
Private networks contain a higher concentration
of digital evidence.
d.
All of the above.
137.
Websites that a user has visited often use
cookies to track certain information about its visitors.
a.
True
b.
False
138.
It allows a visited website to store its own
information about a user on the user’s computer.
A.
Spam
B.
Cookies
C.
Malware
D.
Adware
139.
A logon record tells us that, at a specific time:
a.
An unknown person logged into the system using
the account
b.
The owner of a specific account logged into the system
c.
The account was used to log into the system
d.
None of the above
140.
is the technique
used for tricking users to disclose their username and passwords through fake
pages.
a)
Social Engineering
b)
Phishing
c)
Cookie Stealing
d)
Banner Grabbing
141.
Using email hacking illicit hackers can send &
spread virus
and
spam emails.
a)
trojans, redirected malicious URLs
b)
antivirus, patches
c)
cracked software, redirected malicious URLs
d) malware,
security patches
142.
Unsolicited Bulk E-mails (UBI) are called
a)
SMS
b)
MMS
c)
Spam emails
d)
Malicious emails
143.
Fraudulent email messages are some fake email
messages that seem legitimate which ask for your bank details and reply those
emails with updated confidential information.
a)
True
b)
False
144.
Fraudulent email messages are some fake email
messages that seem legitimate which asks for your confidential bank details such as details and passwords.
a)
credit card, antivirus name
b)
credit card, login ID
c)
cell phone, antivirus name
d)
car model, account ID
145.
Which of the following is the most viral section
of the internet?
a)
Chat Messenger
b)
Social networking sites
c)
Tutorial sites
d)
Chat-rooms
146.
Which of the following is not an appropriate
measure for securing social networking accounts?
a)
Strong passwords
b)
Link your account with a phone number
c)
Never write your password anywhere
d)
Always maintain a soft copy of all your
passwords in your PC
147.
Which of them is a proper measure of securing
social networking account?
a)
Never keep your password with any relevant names
b) Keep
written records of your passwords
c)
Keep records of your password in audio format in
your personal cell-phone
d)
Passwords are kept smaller in size to remember
148.
If hackers gain access to your social media
accounts, they can do some illicit or shameless act to degrade your reputation.
a)
True
b)
False
149.
Try to keep your passwords without meaning so that attack
becomes almost impossible to perform successfully.
a)
social engineering
b)
phishing
c)
password guessing
d)
brute force
150.
Keeping the password by the name of your pet is
a good choice.
a)
True
b)
False
151.
Increase your security for social media account by always as you step away from the system.
a)
signing in
b)
logging out
c)
signing up
d)
logging in
152.
Clicking on enticing Ads can cause trouble.
a)
True
b)
False
153.
Strangers cannot cause much trouble if we
connect to them over social media.
a)
True
b) False
154.
Part of the social media sites are the various
games & 3rd party applications which helps to get access to your data.
a)
ethical hackers
b)
penetration testers
c)
security auditors
d)
cyber-criminals
155.
Many social media sites and services
provide for
legitimate account verification.
a)
Retina scanning
b)
Fingerprint scanning
c)
CAPTCHA
d)
2-step verification
156.
Scanning your system and destroying suspicious
files can reduce risks of data compromise
or leakage of compromised data over social media.
a)
True
b)
False
157.
Different social media services offer tips as of
how to use their services and site, still maintaining a high altitude of security.
a)
True
b)
False
158.
If a DNS server accepts and uses the wrong
details from a host that has no authority giving that information, then this
technique is called …?
A.
DNS hijacking
B.
DNS lookup
C.
DNS spoofing
D.
All of the above
159.
Which of the following is not a type of cyber crime?
a)
Data theft
b)
Forgery
c)
Damage to data and systems
d)
Installing antivirus for protection
UNIT III : INVESTIGATION, EVIDENCE PRESENTATION, AND LEGAL
ASPECTS OF DIGITAL FORENSICS AND INTRODUCTION TO LEGAL ASPECTS OF DIGITAL
FORENSICS
160.
Cyber-laws are incorporated for punishing all
criminals only.
a)
True
b)
False
161.
Which of the following is not an example of a
computer as weapon cyber-crime?
a)
Credit card fraudulent
b)
Spying someone using keylogger
c)
IPR Violation
d)
Pornography
162.
Which of the following is not done by cyber criminals?
a)
Unauthorized account access
b)
Mass attack using Trojans as botnets
c)
Email spoofing and spamming
d)
Report vulnerability in any system
163.
What is the name of the IT law that India is
having in the Indian legislature?
a)
India’s Technology (IT) Act, 2000
b)
India’s Digital Information Technology (DIT)
Act, 2000
c)
India’s Information Technology (IT) Act, 2000
d)
The Technology Act, 2008 Answer: c
164.
In which year India’s IT Act came into
existence? a) 2000
b) 2001
c) 2002
d) 2003
165.
What is the full form of ITA-2000?
a)
Information Tech Act -2000
b)
Indian Technology Act -2000
c)
International Technology Act -2000
d)
Information Technology Act -2000
166.
The Information Technology Act -2000 bill was
passed by K. R. Narayanan.
a)
True
b) False
167.
Under which section of IT Act, stealing any
digital asset or information is written a cyber-crime.
a)
65
b)
65-D
c)
67
d) 70
168.
What is the updated version of the IT Act, 2000?
a)
IT Act, 2007
b)
Advanced IT Act, 2007
c)
IT Act, 2008
d)
Advanced IT Act, 2008
169.
In which year the Indian IT Act, 2000 got
updated? a) 2006
b) 2008
c) 2010
d) 2012
170.
What type of cyber-crime, its laws and
punishments does section 66 of the Indian IT Act holds?
a)
Cracking or illegally hack into any system
b)
Putting antivirus into the victim
c)
Stealing data
d)
Stealing hardware components
171.
Accessing computer without prior authorization
is a cyber-crimes that come under
a) Section 65
b)
Section 66
c)
Section 68
d)
Section 70
172.
Cracking digital identity of any individual or
doing identity theft, comes under
of
IT Act.
a)
Section 65
b)
Section 66
c)
Section 68
d)
Section 70
173.
Accessing Wi-Fi dishonestly is a cyber-crime.
a)
True
b)
False
174.
Download copy, extract data from an open system
done fraudulently is treated as
a) cyber-warfare
b)
cyber-security
act
c)
data-backup
d)
cyber-crime
175.
Any cyber-crime that comes under section 66 of
IT Act, the accused person gets fined of around Rs
a)
2 lacs
b) 3 lacs
c)
4 lacs
d)
5 lacs
176.
How many years of imprisonment can an accused
person face, if he/she comes under any cyber-crime listed in section 66 of the
Indian IT Act, 2000?
a)
1 year
b)
2 years
c)
3 years
d)
4 years
177.
Any digital content which any individual creates
and is not acceptable to the society, it’s
a cyber-crime that comes under of
IT Act.
a)
Section 66
b)
Section 67
c)
Section 68
d)
Section 69
178.
IT Act 2008 make cyber-crime details more
precise where it mentioned if anyone publishes sexually explicit digital
content then under of
IT Act, 2008 he/she has to pay a legitimate amount of fine.
a)
section 67-A
b)
section 67-B
c)
section 67-C
d)
section 67-D
179.
If anyone publishes sexually explicit type
digital content, it will cost that person imprisonment of years.
a)
2
b)
3
c)
4
d)
5
180.
Using spy cameras in malls and shops to capture
private parts of any person comes under of
IT Act, 2008.
a)
Section 66
b)
Section 67
c)
Section 68
d)
Section 69
181.
Using spy cameras in malls and shops to capture
private parts of any person comes under section 67 of IT Act, 2008 and is
punished with a fine of Rs. 5 Lacs.
a)
True
b)
False
182.
Using of spy cameras in malls and shops to
capture private parts of any person comes under section 67 of IT Act, 2008 and
is punished with imprisonment of
a)
2 years
b)
3 years
c)
4 years
d)
5 years
183.
Misuse of digital signatures for fraudulent
purposes comes under of
IT Act.
a)
section 65
b)
section 66
c)
section 71
d)
section 72
184.
Sending offensive message to someone comes under of the Indian IT Act
a)
section 66-A,
2000
b)
section 66-B,
2008
c)
section 67, 2000
d) section
66-A, 2008
185.
Stealing of digital files comes under of the Indian IT Act.
a)
section 66-A
b)
section 66-B
c)
section 66-C
d)
section 66-D
186.
An effective report uses
A.
first person.
B.
passive voice.
C.
present tense.
D.
all of the preceding
187.
One way to achieve a reader-friendly report is to
A.
make ample use of the phrase "the above."
B.
be certain the narrative part of your report can
stand alone.
C.
use third person, passive voice.
D.
none of the preceding
188.
Once a report is written, the writer should
A.
staple the pages together if it is more than one
page and file it.
B.
evaluate it.
C.
immediately show it to the prosecutor for approval.
D.
none of the preceding
189.
Section 79 of the Indian IT Act declares that
any 3rd party information or personal data leakage in corporate
firms or organizations will be a punishable
offense.
a)
True
b)
False
190.
Leaking your company data to the outside network
without prior permission of senior authority
is a crime.
a)
True
b)
False
191.
Resources required for forensic investigation
A.
Original storage media
B.
Evidence custody form
C.
Evidence container for the storage media, such
as an evidence bag
D.
All of the above
192.
The route evidence takes from the time the
investigator obtains it until the case is closed or goes to court is given by.
A.
Chain of evidence
B.
Chain of custody
C.
Evidence bags
D.
Evidence custody form
193.
Nonstatic bags used to transport removable
media, hard drives, and other computer components are known as.
A.
Evidence bags
B.
Custody form
C.
Polythene
D.
None of the above
194.
A form that dedicates a page for each item retrieved for a case
A.
Evidence custody form
B.
Multi- evidence
form
C.
Single evidence
form
D.
Repeatable findings
195.
Being able to obtain the same results every time
from a computer forensics
examination.
A.
Evidence form
B.
Repeatable findings
C.
Multiple evidence
D.
None of the above
196.
The disadvantage of proprietary format
acquisitions is:-
A. The
inability to share an image between different vendors’ computer forensics
analysis tools.
B.
File size limitation for each segmented volume.
C.
All of the above
D.
None of the above
197.
Data can be collected with four methods in
acquisition : creating a disk-to-
image file,
creating a disk-to-disk copy,
creating a logical disk-to-disk or
disk-to-data file, creating a sparse copy of a folder or file.
A.
True
B.
False
198.
acquisition is done on a
computer seized during a police raid.
A.
Static acquisition
B.
Logical acquisition
C.
Live acquisition
D.
None of the above
199.
A acquisition
captures only specific files of interest to the case or specific types of files.
A.
Static acquisition
B.
Logical acquisition
C.
Live acquisition
D.
None of the above
200.
In which of the following fraud methods is a
legitimate looking email sent in an attempt
to gather personal and financial information from recepients?
A.
Virus
B.
Masquerading
C.
Phishing
D.
Malware
201.
What is another name for an insecure plugin?
A.
Hardware
B.
Software
C.
Firmware
D.
Malware
202.
A tower with several bays and many peripheral
devices is known as
A.
Stationary workstation
B.
Portable workstation
C.
Lightweight workstation
D.
None of the above
203.
A laptop computer
with a built-in LCD monitor
and almost as many bays and
peripherals as a stationary workstation
A.
Stationary workstation
B.
Portable workstation
C.
Lightweight workstation
D.
None of the above
204.
A laptop computer built into a carrying case
with a small selection of peripheral options
A.
Stationary workstation
B.
Portable workstation
C.
Lightweight workstation
D.
None of the above
205.
The National Security
Agency (NSA) developed
defense in depth (DiD) strategy having three modes of protection:
A.
True
B.
False
206.
DiD strategy has following modes of protection
A.
People
B.
Technology
C.
Operations
D.
All of the above
207.
Devices and software
used to examine network traffic
are known as:
A.
Honeystick
B.
Packet sniffer
C.
Honey pot
D.
None of the above
208.
A computer or network set up to lure an attacker.
A.
Honeystick
B.
Packet sniffer
C.
Honey pot
D.
None of the above
209.
A honeypot and honeywall combined on a bootable
memory stick.
A.
Honeystick
B.
Packet sniffer
C.
Honey pot
D.
None of the above
210.
is information about
the file, including who created it and time and date stamps.
A.
Abstract
B.
Table of content
C.
Application
D.
Metadata
211.
This metadata can be used to identify the change
in the file location.
A.
System metadata
B.
Application metadata
C.
File
D.
Email
212.
This metadata can be used to identify the change
in document author, document version, macros, email to, email from, subject, etc.
A.
System metadata
B.
Application metadata
C.
File
D.
Email
213.
A forensic report includes
A.
Abstract
B.
Table of contents
C.
Body of report
D.
All of the above
214.
A forensic report includes
A.
References
B.
Glossary
C.
Body of report
D.
All of the above
215.
Libraries of previously given testimony that law
firms can access is
A.
Deposition banks
B.
High risk document
C.
Lay witness
D.
Spoliation
216.
A written report containing sensitive
information that could create an opening for the
opposing attorney to discredit you.
A.
Deposition banks
B.
High risk document
C.
Lay witness
D.
Spoliation
217.
Destroying or concealing evidence; this action
is subject to sanctions.
A.
Deposition banks
B.
High risk document
C.
Lay witness
D.
Spoliation
218.
A person whose testimony is based on personal
observation; not considered to be an expert in a particular field.
A.
Scientific witness
B.
Expert witness
C.
Lay witness
D.
Spoliation
219.
These opinions form from experience and
deductive reasoning based on facts found during an investigation.
A.
Scientific witness
B.
Expert witness
C.
Lay witness
D.
Spoliation
220.
A witness,
provide only the facts that are found in investigation—
any evidence that meets the relevance standard and is more probative than prejudicial.
A.
Scientific witness
B.
Expert witness
C.
Lay witness
D.
Spoliation
221.
A pretrial motion to exclude certain evidence
because it would prejudice the jury.
A.
Motion in limeine
B.
Testimony
C.
Plaintiff
D.
Defendant
222.
Both attorneys provide an overview of the case
is known as:
A.
Motion in limeine
B.
Testimony
C.
Plaintiff
D.
Opening statement
223.
He presents the
case.
A.
Motion in limeine
B.
Testimony
C.
Plaintiff
D.
Rebuttal
224.
A is
usually requested by your client to preserve your testimony in case of schedule
conflicts or health problems.
A.
Discovery deposition
B.
Testimony preservation deposition
C.
Testimony
D.
Cross examination
225.
A hearing is a proceeding before a court or
other decision-making body or officer, such as a government agency or a
Parliamentary committee
A.
Motion in limeine
B.
Testimony
C.
Hearing
D.
Defendant
226.
Your attorney asks you questions to establish
your credentials as an expert
witness. The process of qualifying jurors is also called
A.
Acess
B.
Voir dire
C.
Motion in limine
D.
Hearing
227.
means authentication of
any electronic record by a subscriber by means of an electronic method or
procedure in accordance with the provisions of section 3.
A.
Digital signature
B.
Cyber security
C.
Cyber safe
D.
Electronic form
228.
A secure system means computer hardware, software,
and procedure that -:
A.
are reasonably secure from unauthorized access
and misuse
B.
provide a reasonable level of reliability and
correct operation
C.
are reasonably suited to performing the intended functions
D.
all of the above
No comments: