Blog about Programming Languages & Coding

Blog about Programming Languages & Coding
Contents for Computer Science, IT, B.Sc. CS & IT, M.Sc. CS & IT, MCA, BE CS & IT, ME CS & IT , Interview Questions, Books and Online Course Recommendations from Udemy, Coursera, etc

CYBER FORENSIC MCQs Part-2

 CYBER FORENSIC MCQs 

UNIT 1 : COMPUTER FORENSIC, NETWORK FORENSIC, CELL PHONE AND MOBILE DEVICE FORENSIC

 

1.      Evidence that shows, or tends to show, a person's involvement in an act that can establish guilt.

A.     Inculpatory evidence

B.     Exculpatory evidence

C.     Character evidence

D.     Documentary evidence

 

2.      Evidence favourable to the defendant in a criminal trial that clears or tends to clear the defendant of guilt.

A.     Inculpatory evidence

B.     Exculpatory evidence

C.     Character evidence

D.     Documentary evidence

 

3.      They often work as a team to make computers and networks secure in an organization.

A.     Cyber criminals

B.     Investigators

C.     Police officer

D.     None of the above

 

4.      In an enterprise network environment, the triad consists of                                       .

A.     Vulnerability assessment and risk management

B.     Network intrusion detection and incident response

C.     Computer investigations

D.     All of the above

 

5.      An evidence custody form is also known as                     .

A.     Chain of Custody

B.     Chain of evidence

C.     Evidence form

D.     None of the above

 

6.      This helps you document what has and has not been done with the original evidence and forensic copies of the evidence.

A.     Chain of Custody

B.     Chain of evidence

C.     Evidence form

D.     None of the above

 

7.      An evidence custody form usually contains the following information:

A.     Case number

B.     Investigator

C.     Location where evidence was obtained

D.     All of the above


 

8.                           is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in the court of law.

A.     Ethical hacking

B.     Computer forensics

C.     Cyber security

D.     Forensics

 

9.      This involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash.

A.     Data recovery

B.     Computer forensics

C.     Ethical hacking

D.     Digital forensic

 

 

10.  It is a program or hardware device that filters information coming through an internet connection to a network or computer system.

A.     Firewall

B.     Cookies

C.     Cyber security

D.     Anti virus

 

11.  Stealing of others ideas or creations is                         .

A.     Plagiarism

B.     Intellectual property rights

C.     Piracy

D.     All of the above

 

12.  Which of the following principle is violated if computer system is not accessible?

A.     Confidentiality

B.     Availability

C.     Access control

D.     Authentication

 

13.  When you use the word            it means you are protecting your data from getting disclosed.

a.  Confidentiality

b.  Integrity

c.  Authentication

d.  Availability

 

14.               means the protection of data from modification by unknown users.

a.  Confidentiality

b.  Integrity

c.  Authentication

d.  Non-repudiation


15.                 of information means, only authorised users are capable of accessing the information.

a)  Confidentiality

b)  Integrity

c)  Non-repudiation

d)  Availability

 

16.  Why these 4 elements (confidentiality, integrity, authenticity & availability) are considered fundamental?

a)  They help understanding hacking better

b)  They are key elements to a security breach

c)  They help understands security and its components better

d)  They help to understand the cyber-crime better

 

17.  This helps in identifying the origin of information and authentic user. This referred to here as  

a)  Confidentiality

b)  Integrity

c)  Authenticity

d)  Availability

 

18.  Data                        is used to ensure confidentiality.

a)  Encryption

b)  Locking

c)  Deleting

d)  Backup

 

19.    Which of these is not a proper method of maintaining confidentiality?

a)  Biometric verification

b)  ID and password based verification

c)  2-factor authentication

d)  switching off the phone

 

20.    Data integrity gets compromised when            and            are taken control off.

a)  Access control, file deletion

b)  Network, file permission

c)  Access control, file permission

d)  Network, system

 

21.  One common way to maintain data availability is                     

a)  Data clustering

b)  Data backup

c)  Data recovery

d)  Data Altering

 

 

22.  Which of the following is not a type of cyber-crime?

a)  Data theft

b)  Forgery

c)  Damage to data and systems


d)  Installing antivirus for protection

 

23.                prevents damage to the evidence as you transport it to your secure evidence locker, evidence room, or computer lab.

A.     Covering

B.     Padding

C.     Sealing

D.     None of the above

 

24.  What is the most significant legal issue in computer forensics?

A.     Preserving Evidence

B.     Seizing Evidence.

C.     Admissibility of Evidence.

D.     Discovery of Evidence.

 

25.  When a file is deleted

A.  The file remains intact.

B.  The FAT entry for the file is zeroed out so it shows that the area is available for use by a new file.

C.  The first character of the directory entry file name is changed to a special character.

D.  All of the above.

 

26.  Which of the following is not a property of computer evidence?

A.  Authentic and Accurate.

B.  Complete and Convincing.

C.  Duplicated and Preserved.

D.  Conform and Human Readable.

 

27.  You are a computer forensic examiner at a scene and have determined you will seize a Linux server, which according to your source of information contains the database records for the company under investigation for fraud. The best practice for "taking down" the server for collection is to photograph the screen, note any running programs or messages and so on, and      .

A.  Use the normal shutdown procedure

B.  Pull the plug from the wall

C.  Pull the plug from the rear of the computer

D.  Ask the user at the scene to shut down the server

 

28.  When a forensic copy is made, in what format are the contents of the hard drive stored?

A.  As compressed images.

B.  As bootable files.

C.  As executable files.

D.  As operating system files.

 

29.  Which of the following is not a type of volatile evidence?

A.  Routing Tables

B.  Main Memory

C.  Log files

D.  Cached Data


30.  In establishing what evidence is admissible, many rules of evidence concentrate first on the  of the offered evidence.

A.  Relevancy

B.  Search and Seizure

C.  Material

D.  Admissibility

 

31.  Which of the following is a proper acquisition technique?

A.  Disk to Image

B.  Disk to Disk

C.  Sparse Acquisition

D.  All of the above

 

32.  Traditional crimes that became easier or more widespread because of telecommunication networks and powerful PCs include all of the following except

A.  Money laundering

B.  Illegal drug distribution

C.  DoS attacks

D.  Child pornography

 

33.                       devices prevent altering data on drives attached to the suspect computer and also offer very fast acquisition speeds.

A.  Encryption

B.  Imaging

C.  Write Blocking

D.  Hashing

 

34.  Which duplication method produces an exact replica of the original drive?

A.  Bit-Stream Copy

B.  Image Copy

C.  Mirror Copy

D.  Bit stream copy

 

35.  To verify the original drive with the forensic copy, you use                     .

A.  a password

B.  a hash analysis

C.  disk to disk verification

D.  none of the above

 

36.  The Windows operating system uses a file name's                        to associate files with the proper applications.

A.  Signature

B.  Extension

C.  MD5 hash value

D.  Metadata

 

37.  As a good forensic practice, why would it be a good idea to wipe a forensic drive before using it?

A.  Chain of Custody

B.  No need to wipe


C.  Different file and operating systems

D.  Cross-contamination

 

38.  The ability to hide data in another file is called

A.  Encryption.

B.  Steganography.

C.  Data parsing.

D.  A and B.

 

 

39.  When two hard drives are on the same data cable, both drives must have which two settings for them to work?

A.  Default and Cable Select

B.  Primary and Secondary

C.  Master and Slave

D.  First and Second

 

40.  A file header is which of the following?

A.  A unique set of characters at the beginning of a file that identifies the file type

B.  A unique set of characters following the file name that identifies the file type

C.  A 128-bit value that is unique to a specific file based on its data

D.  Synonymous with the file extension

 

41.  When shutting down a computer, what information is typically lost?

A.  Data in RAM memory

B.  Running processes

C.  Current network connections

D.  All of the above

 

42.                           is the science of hiding messages in messages.

A.  Scanning

B.  Spoofing

C.  Steganography

D.  Steganalysis

 

 

43.  You are an investigator and have encountered a computer that is running at the home of a suspect. The computer does not appear to be a part of a network. The operating system is Windows XP Home. No programs are visibly running. You should:

A.  Pull the plug from the back of the computer.

B.  Turn it off with the power button.

C.  Pull the plug from the wall.

D.  Shut it down with the start menu.

 

44.  ROM is an acronym for:

A.  Read Open Memory

B.  Random Open Memory

C.  Read Only Memory

D.  Relative Open Memory


45.  Pressing the power button on a computer that is running could have which of the following results?

A.  The computer will instantly shut off.

B.  The computer will go into stand-by mode.

C.  Nothing will happen.

D.  All of the above could happen.

 

46.  You are a computer forensic examiner tasked with determining what evidence is on a seized computer. On what part of the computer system will you find data of evidentiary value?

A.  Microprocessor or CPU

B.  USB controller

C.  Hard drive

D.  PCI expansion slots

 

47.  You are a computer forensic examiner explaining how computers store and access the data you recovered as evidence during your examination. The evidence was a log file and was recovered as an artifact of user activity on the                                                          , which was stored on the  , contained within a                   on the media.

A.  partition, operating system, file system

B.  operating system, file system, partition

C.  file system, operating system, hard drive

D.  operating system, partition, file system

 

48.  USB drives use     .

A.     RAM memory

B.     Cache memory

C.     Flash memory

D.     None of the above

 

49.  Computer memory files written to the hard drive are called        .

A.     Metadata

B.     Swap files

C.     Spool files

D.     User profiles

 

50.  The most common storage device for the personal computer is:

A.     USB drive

B.     Hard disk drive

C.     Floppy disk

D.     Zip disk

 

51.  Computer forensics involves all of the following stated activities except:

A.     Interpretation of computer data

B.     Preservation of computer data

C.     Extraction of computer data

D.     Manipulation of computer data

 

52.  The primary component of storage in the personal computer is the:

A.     Hard disk drive


B.     NIC

C.     zipdisk

D.     pendrive

 

53.  Volatile memory of the computer is known as:

A.     ROM

B.     RAM

C.     BIOS

D.     CPU

 

54.  The MD5 hashing algorithm is no longer considered to be a reliable method for determining whether two blocks of text are identical.

A.     True

B.     False

 

55.  Areas of files and disks that are not apparent to the user, and sometimes not even to the operating system, is termed:

 

A. latent data.

B. missing data.

C. exceptional data.

D. hidden data.

 

56.  Processing the electronic crime scene has very little in common with processing a traditional crime scene and requires that the investigator take a substantially different approach.

A.     True

B.     False

 

57.  When photographing an electronic crime scene, all the connections to the main system unit, such as peripheral devices, should be photographed.

A.     True

B.     False

 

58.  A set of instructions compiled into a program that performs a particular task is known as:

A)  hardware

B)  motherboard

C)  central processing unit

D)  software

 

59.  At the scene of a murder you find a powered-on computer. No specialist digital forensics expert is readily available. Other than recording the scene which of the following options would you chose:

A)  I review each of the running applications and user files to find out if there may be any pertinent evidence there

B)  I wait until specialist advice becomes available

C)  I just leave the computer and let someone else deal with it

D)  I pull the power cord from the rear of the computer and take it with me


60.  This is a network tool used to determine the path packets take from one IP address to another.

A.     Traceroute

B.     Ping

C.     Route

D.     None of the above

 

61.  This is a network diagnostic tool that displays the route taken by packets across a network and measures any transit delays.

A.     Traceroute

B.     Ping

C.     Route

D.     None of the above

 

62.  The goal in obtaining data from a HDD is to do so without altering any data

A.     True

B.     False

 

63.  When should photos of the crime scene be taken? Chose the most appropriate option. You can only pick one.

A)  In daylight

B)  As soon as possible

C)  When the pathologist has arrived

D)  When all evidence is collected

 

64.  Temporary files that are created by a software program in the event the computer experiences sudden loss of power, cannot be recovered during a forensic examination.

A.     True

B.     False

 

65.  The ability to establish the exact whereabouts of an item of evidence and under whose control it was from its collection at the crime scene to its presentation in the courtroom and everywhere in between is called:

A.     chain of command

B.     chain of custody

C.     continuity of investigation

D.     record of evidence

 

66.  All of the following are considered direct evidence except:

A.     Fingerprint

B.     Confession

C.     Video recording

D.     Eyewitness statement

 

67.  One of the most important tools of the forensic investigator is the abilty to

A.     Observe, interpret, and report observations clearly

B.     Observe assumptions clearly

C.     Report assumptions clearly

D.     Report opinions and facts clearly


68.  The first-responding police officer should keep a record of anyone who enters or leave the crime scene. This is called:

A.     chain of command

B.     chain of custody

C.     security log

D.     evidence log

 

69.  Many lab technicians are used to analyze the various types of evidence found at a crime scene. Where do they send the results of their tests?

A.     To the first responding police officer

B.     To the district attorney

C.     To the lead detective in the case

D.     To all of the above

 

70.  A crime is :

A.     illegal act only if observed by a police officer.

B.     Act forbidden by law

C.     Omission forbidden by law

D.     Both b and c

 

71.  It is important to separate witnesses at a crime scene in order to

A.     prevent them from talking and forming a collusion

B.     make conclusions

C.     spread the news

D.     keep it secret

 

72.  The ability to establish the exact whereabouts of an item of evidence and under whose control it was from it collection at the crime scene to its presentation in the courtroom and everywhere in between is called:

A.     chain of command

B.     chain of custody

C.     security log

D.     evidence log

 

73.  The primary factor in a successful investigation is that

A.  all available information that is relevant and material is legally obtained

B.  a conviction is obtained.

C.    innocent people are cleared.

D.  All of the above

 

74.  When a dead body is found at the scene, the most immediate concern is:

A.     Identifying the victim

B.     Interviewing family member

C.     Preserving and securing the crime scene

D.     Notifying news media

 

75.  The basic purpose of crime scene photography is

A.     to record the entire crime scene

B.     to support the sketch.

C.     to show the benefits of color film.


D.     all of the preceding

 

76.    First priority at a crime scene is given to

A.     conducting a preliminary survey of the scene

B.     detaining suspects or witnesses still at the scene

C.     obtaining medical assistance for injured parties at the scene

D.     all of the above

 

77.  After providing or obtaining medical assistance for the injured and effecting an arrest of suspects (if possible), the first officer arriving at a crime scene should immediately:

A.     detaining suspects or witnesses still at the scene

B.     conducting a preliminary survey of the scene

C.     Secure the scene

D.     Take photographs

 

78.  It is permitted for officers at the scene to alter temperature conditions by adjusting windows, doors, or the heat or air conditioning.

A.     True

B.     False

 

79.  The first priority of the first officer responding to a crime scene is securing the crime scene

A.     True

B.     False

 

 

80.  Admittance to the crime scene must include only

A.     Blood relatives of the victim

B.     Law enforcement personnel

C.     Police officers, district attorneys and authorized media members

D.     law enforcement and forensic personnel assigned to the case

 

81.    The initial walkthrough survey of the crime scene should be carried out by the

A.     First responder

B.     Evidence technician

C.     Police chief

D.     Lead investigator

 

82.                  framework made cracking of vulnerabilities easy like point and click.

a)  .Net

b)  Metasploit

c)  Zeus

d)  Ettercap

 

83.  Nmap is abbreviated as Network Mapper.

a)  True

b)  False

 

84.                       is a popular tool used for discovering networks as well as in security auditing.


a)  Ettercap

b)  Metasploit

c)  Nmap

d)  Burp Suit

 

85.  Which of this Nmap do not check?

a)  services different hosts are offering

b)  on what OS they are running

c)  what kind of firewall is in use

d)  what type of antivirus is in use

 

86.  Which of the following deals with network intrusion detection and real-time traffic analysis?

a)  John the Ripper

b)  L0phtCrack

c)  Snort

d)  Nessus

 

87.    Wireshark is a                          tool.

a)  network protocol analysis

b)  network connection security

c)  connection analysis

d)  defending malicious packet-filtering

 

88.  The full form of Malware is                 

a)  Malfunctioned Software

b)  Multipurpose Software

c)  Malicious Software

d)  Malfunctioning of Security

 

89.                             is a code injecting method used for attacking the database of a system / website.

a)  HTML injection

b)  SQL Injection

c)  Malicious code injection

d)  XML Injection

 

90.  When there is an excessive amount of data flow, which the system cannot handle, _          attack takes place.

a)  Database crash attack

b)  DoS (Denial of Service) attack

c)  Data overflow Attack

d)  Buffer Overflow attack

 

91.  Compromising a user’s session for exploiting the user’s data and do malicious activities or misuse user’s credentials is called                                      _

a)  Session Hijacking

b)  Session Fixation

c)  Cookie stuffing


d)  Session Spying

 

92.    Which of this is an example of physical hacking?

a)  Remote Unauthorised access

b)  Inserting malware loaded USB to a system

c)  SQL Injection on SQL vulnerable site

d)  DDoS (Distributed Denial of Service) attack

 

93.  An attempt to harm, damage or cause threat to a system or network is broadly termed as


a)  Cyber-crime

b)  Cyber Attack

c)  System hijacking

d)  Digital crime

 

94.  Which method of hacking will record all your keystrokes?

a)  Keyhijacking

b)  Keyjacking

c)  Keylogging

d)  Keyboard monitoring

 

95.  A                     is a bit-by-bit copy (also known as a sector copy) of the original drive or storage medium and is an exact duplicate.

A.     bit stream copy

B.     bit

C.     data dumpc

D.     tcpdump

 

96.                     are the special type of programs used for recording and tracking user’s keystroke.

a)  Keylogger

b)  Trojans

c)  Virus

d)  Worms

 

97.  What type of cyber-crime, its laws and punishments does section 66 of the Indian IT Act holds?

a)  Cracking or illegally hack into any system

b)  Putting antivirus into the victim

c)  Stealing data

d)  Stealing hardware components

 

98.  Which of the following is an antivirus?

A.     Norton

B.     Quick heal

C.     K7

D.     All of these

 

99.  All are examples of security and privacy threat except :

A.     Hacker


B.     Virus

C.     Spam

D.     Worm

 

100.          Viruses are

A.     Manmade

B.     Machine made

C.     Naturally occur

D.     All of the above

 

101.          Firewall is a type of                     

A.     Virus

B.     Security threat

C.     Worm

D.     None of the above

 

102.          The number of users on a network has a great impact on the networks                       

A.     Reliability

B.     Security

C.     Availability

D.     Performance

 

103.          Unauthorized access in a network is                       issue

A.     Performance

B.     Reliability

C.     Security

D.     None of the above

 

104.          Encryption ensures a networks                         

A.     Security

B.     Reliability

C.     Performance

D.     Availability

 

105.          Tool for capturing, filtering, and analyzing traffic

A.     Routers

B.     TCP

C.     NIDS/NIPS

D.     tcpdump

 

106.          Examining related groups of packets in order to identify patterns, suspicious activity or extra data

A.     Packet analysis

B.     Firewalls

C.     Flow analysis

D.     Protocol analysis

 

107.                                is a historical database of previous crimes

A.     police blotter

B.     affidavit


C.     chain of custody

D.     bit-stream copy

 

108.          Which of the following is not an appropriate way of targeting a mobile phone for hacking?

a)  Target mobile hardware vulnerabilities

b)  Target apps’ vulnerabilities

c)  Setup Keyloggers and spyware in smart-phones

d)  Snatch the phone

 

109.          Which of the following is not an OS for mobile?

a)  Palm

b)  Windows

c)  Mango

d)  Android

 

110.          Mobile Phone OS contains open APIs that may be                            attack.

a)  useful for

b)  vulnerable to

c)  easy to

d)  meant for

 

111.                                   gets propagated through networks and technologies like SMS, Bluetooth, wireless medium, USBs and infrared to affect mobile phones.

a)  Worms

b)  Antivirus

c)  Malware

d)  Multimedia files

 

112.                                   is the protection of smart-phones, phablets, tablets, and other portable tech-devices, & the networks to which they connect to, from threats & bugs.

a)  OS Security

b)  Database security

c)  Cloud security

d)  Mobile security

 

113.          Mobile security is also known as                         

a)  OS Security

b)  Wireless security

c)  Cloud security

d)  Database security

 

114.          DDoS in mobile systems wait for the owner of the                            to trigger the attack.

a)      worms

b)      virus

c)      botnets

d)      programs

 

115.          Hackers cannot do which of the following after compromising your phone?


a)      Steal your information

b)      Rob your e-money

c)      Shoulder surfing

d)      Spying

 

116.          Hackers cannot do which of the following after compromising your phone?

a)      Shoulder surfing

b)      Accessing your voice mail

c)      Steal your information

d)      Use your app credentials

 

117.          App permissions can cause trouble as some apps may secretly access your memory card or contact data.

a)      True

b)      False

 

118.          Activate                            when you’re required it to use, otherwise turn it off for security purpose.

a)      Flash Light

b)      App updates

c)      Bluetooth

d)      Rotation

 

119.          Try not to keep                                  passwords, especially fingerprint for your smart- phone, because it can lead to physical hacking if you’re not aware or asleep.

a)      Biometric

b)      PIN-based

c)      Alphanumeric

d)      Short

 

120.          Which of the following is not a security issue for PDAs?

a)      Password theft

b)      Data theft

c)      Reverse engineering

d)      Wireless vulnerability

 

121.                               is a popular command-line packet analyser.

a)  Wireshark

b)  Snort

c)  Metasploit

d)  Tcpdump


UNIT II : INTERNET FORENSIC, EMAIL FORENSIC, SOCIAL MEDIA FORENSIC, BROWSER FORENSICS

 

122.          Which of them is not a major way of stealing email information?

a)  Stealing cookies

b)  Reverse Engineering

c)  Password Phishing

d)  Social Engineering

 

123.                                 is the method for keeping sensitive information in email communication & accounts secure against unofficial access, loss, or compromise.

a)  Email security

b)  Email hacking

c)  Email protection

d)  Email safeguarding

 

124.          Unsolicited commercial email is known as                           

A.     Spam

B.     Malware

C.     Virus

D.     Spyware

 

125.          When a person is harassed repeatedly by being followed, then he/she is a target of

A.     Phishing

B.     Stalking

C.     Bullying

D.     Identity threat

 

126.                                     is a famous technological medium for the spread of malware, facing problems of spam, & phishing attacks.

a)  Cloud

b)  Pen drive

c)  Website

d)  Email

 

127.          Which of them is not a proper method for email security?

a)  Use Strong password

b)  Use email Encryption

c)  Spam filters and malware scanners

d)  Click on unknown links to explore

 

128.          If a website uses a cookie, or a browser contains the cookie, then every time you visit that website, the browser transfers the cookie to that website.

a)  True

b)  False

 

129.          The stored cookie which contains all your personal data about that website can be stolen away by  using                                     or trojans.

a)  attackers, malware

b)  hackers, antivirus


c)  penetration testers, malware

d)  penetration testers, virus

 

130.          If the data stored in the _                         is not encrypted, then after cookie stealing, attackers can see information such as username and password stored by the cookie.

a)  memory

b)  quarantine

c)  cookies

d)  hard drive

 

131.          Which of the following is a non-technical type of intrusion or attack technique?

a)  Reverse Engineering

b)  Malware Analysis

c)  Social Engineering

d)  Malware Writing

 

132.          Which of them is an example of grabbing email information?

a)  Cookie stealing

b)  Reverse engineering

c)  Port scanning

d)  Banner grabbing

 

133.          If the Internet History file has been deleted,                         may still provide information about what Web sites the user has visited.

A.  Cookies

B.  Metadata

C.  User profiles

D.  Sessions

 

134.          In terms of digital evidence, the Internet is an example of:

a.  Open computer systems

b.  Communication systems

c.  Embedded computer systems

d.  None of the above

 

135.          If the Internet History file has been deleted, this may still provide information about what Web sites the user has visited.

A.     Cookies

B.     Metadata

C.     User profiles

D.     Sessions

 

136.          Private networks can be a richer source of evidence than the Internet because:

a.  They retain data for longer periods of time.

b.  Owners of private networks are more cooperative with law enforcement.

c.  Private networks contain a higher concentration of digital evidence.

d.  All of the above.

 

137.          Websites that a user has visited often use cookies to track certain information about its visitors.


a.  True

b.  False

 

138.          It allows a visited website to store its own information about a user on the user’s computer.

A.     Spam

B.     Cookies

C.     Malware

D.     Adware

 

139.          A logon record tells us that, at a specific time:

a.  An unknown person logged into the system using the account

b.  The owner of a specific account logged into the system

c.  The account was used to log into the system

d.  None of the above

 

140.                                   is the technique used for tricking users to disclose their username and passwords through fake pages.

a)  Social Engineering

b)  Phishing

c)  Cookie Stealing

d)  Banner Grabbing

 

141.          Using email hacking illicit hackers can send & spread                        virus

                           and spam emails.

a)  trojans, redirected malicious URLs

b)  antivirus, patches

c)  cracked software, redirected malicious URLs

d)  malware, security patches

 

142.          Unsolicited Bulk E-mails (UBI) are called                     

a)  SMS

b)  MMS

c)  Spam emails

d)  Malicious emails

 

143.          Fraudulent email messages are some fake email messages that seem legitimate which ask for your bank details and reply those emails with updated confidential information.

a)  True

b)  False

 

 

144.          Fraudulent email messages are some fake email messages that seem legitimate which asks for your confidential bank details such as                                                  details                    and passwords.

a)  credit card, antivirus name

b)  credit card, login ID

c)  cell phone, antivirus name

d)  car model, account ID


145.          Which of the following is the most viral section of the internet?

a)  Chat Messenger

b)  Social networking sites

c)  Tutorial sites

d)  Chat-rooms

 

146.          Which of the following is not an appropriate measure for securing social networking accounts?

a)  Strong passwords

b)  Link your account with a phone number

c)  Never write your password anywhere

d)  Always maintain a soft copy of all your passwords in your PC

 

147.          Which of them is a proper measure of securing social networking account?

a)  Never keep your password with any relevant names

b)  Keep written records of your passwords

c)  Keep records of your password in audio format in your personal cell-phone

d)  Passwords are kept smaller in size to remember

 

148.          If hackers gain access to your social media accounts, they can do some illicit or shameless act to degrade your reputation.

a)  True

b)  False

 

149.          Try to keep your passwords without meaning so that                            attack becomes almost impossible to perform successfully.

a)  social engineering

b)  phishing

c)  password guessing

d)  brute force

 

150.          Keeping the password by the name of your pet is a good choice.

a)  True

b)  False

 

151.          Increase your security for social media account by always                          as you step away from the system.

a)  signing in

b)  logging out

c)  signing up

d)  logging in

 

 

152.          Clicking on enticing Ads can cause trouble.

a)  True

b)  False

 

153.          Strangers cannot cause much trouble if we connect to them over social media.

a)  True


b)  False

 

154.          Part of the social media sites are the various games & 3rd party applications which helps  to get access to your data.

a)  ethical hackers

b)  penetration testers

c)  security auditors

d)  cyber-criminals

 

155.          Many social media sites and services provide                                for legitimate account verification.

a)  Retina scanning

b)  Fingerprint scanning

c)  CAPTCHA

d)  2-step verification

 

156.          Scanning your system and destroying suspicious files can reduce risks of data compromise or leakage of compromised data over social media.

a)  True

b)  False

 

157.          Different social media services offer tips as of how to use their services and site, still maintaining a high altitude of security.

a)  True

b)  False

 

158.          If a DNS server accepts and uses the wrong details from a host that has no authority giving that information, then this technique is called …?

A.     DNS hijacking

B.     DNS lookup

C.     DNS spoofing

D.     All of the above

 

159.          Which of the following is not a type of cyber crime?

a)      Data theft

b)      Forgery

c)      Damage to data and systems

d)      Installing antivirus for protection


UNIT III : INVESTIGATION, EVIDENCE PRESENTATION, AND LEGAL ASPECTS OF DIGITAL FORENSICS AND INTRODUCTION TO LEGAL ASPECTS OF DIGITAL FORENSICS

 

160.          Cyber-laws are incorporated for punishing all criminals only.

a)  True

b)  False

 

161.          Which of the following is not an example of a computer as weapon cyber-crime?

a)  Credit card fraudulent

b)  Spying someone using keylogger

c)  IPR Violation

d)  Pornography

 

162.          Which of the following is not done by cyber criminals?

a)  Unauthorized account access

b)  Mass attack using Trojans as botnets

c)  Email spoofing and spamming

d)  Report vulnerability in any system

 

 

163.          What is the name of the IT law that India is having in the Indian legislature?

a)  India’s Technology (IT) Act, 2000

b)  India’s Digital Information Technology (DIT) Act, 2000

c)  India’s Information Technology (IT) Act, 2000

d)  The Technology Act, 2008 Answer: c

 

164.          In which year India’s IT Act came into existence? a) 2000

b) 2001

c) 2002

d) 2003

 

 

165.          What is the full form of ITA-2000?

a)  Information Tech Act -2000

b)  Indian Technology Act -2000

c)  International Technology Act -2000

d)  Information Technology Act -2000

 

166.          The Information Technology Act -2000 bill was passed by K. R. Narayanan.

a)  True

b)  False

 

167.          Under which section of IT Act, stealing any digital asset or information is written a cyber-crime.

a)  65

b)  65-D

c)  67


d)  70

 

168.          What is the updated version of the IT Act, 2000?

a)  IT Act, 2007

b)  Advanced IT Act, 2007

c)  IT Act, 2008

d)  Advanced IT Act, 2008

 

169.          In which year the Indian IT Act, 2000 got updated? a) 2006

b) 2008

c) 2010

d) 2012

 

170.          What type of cyber-crime, its laws and punishments does section 66 of the Indian IT Act holds?

a)  Cracking or illegally hack into any system

b)  Putting antivirus into the victim

c)  Stealing data

d)  Stealing hardware components

 

171.          Accessing computer without prior authorization is a cyber-crimes that come under


a)  Section 65

b)  Section 66

c)  Section 68

d)  Section 70

 

172.          Cracking digital identity of any individual or doing identity theft, comes under

                     of IT Act.

a)  Section 65

b)  Section 66

c)  Section 68

d)  Section 70

 

173.          Accessing Wi-Fi dishonestly is a cyber-crime.

a)  True

b)  False

 

174.          Download copy, extract data from an open system done fraudulently is treated as


a)  cyber-warfare

b)  cyber-security act

c)  data-backup

d)  cyber-crime

 

 

175.          Any cyber-crime that comes under section 66 of IT Act, the accused person gets fined of around Rs       

a)  2 lacs


b)  3 lacs

c)  4 lacs

d)  5 lacs

 

176.          How many years of imprisonment can an accused person face, if he/she comes under any cyber-crime listed in section 66 of the Indian IT Act, 2000?

a)  1 year

b)  2 years

c)  3 years

d)  4 years

 

177.            Any digital content which any individual creates and is not acceptable to the society, it’s a cyber-crime that comes under                                       of IT Act.

a)  Section 66

b)  Section 67

c)  Section 68

d)  Section 69

 

 

178.          IT Act 2008 make cyber-crime details more precise where it mentioned if anyone publishes sexually explicit digital content then under                                        of IT Act, 2008 he/she has to pay a legitimate amount of fine.

a)  section 67-A

b)  section 67-B

c)  section 67-C

d)  section 67-D

 

179.          If anyone publishes sexually explicit type digital content, it will cost that person imprisonment of                    years.

a)  2

b)  3

c)  4

d)  5

 

180.          Using spy cameras in malls and shops to capture private parts of any person comes under      of IT Act, 2008.

a)  Section 66

b)  Section 67

c)  Section 68

d)  Section 69

 

181.          Using spy cameras in malls and shops to capture private parts of any person comes under section 67 of IT Act, 2008 and is punished with a fine of Rs. 5 Lacs.

a)  True

b)  False

 

182.          Using of spy cameras in malls and shops to capture private parts of any person comes under section 67 of IT Act, 2008 and is punished with imprisonment of                                             

a)  2 years

b)  3 years


c)  4 years

d)  5 years

 

183.          Misuse of digital signatures for fraudulent purposes comes under                      of IT Act.

a)  section 65

b)  section 66

c)  section 71

d)  section 72

 

184.          Sending offensive message to someone comes under                            of the Indian IT Act         

a)  section 66-A, 2000

b)  section 66-B, 2008

c)  section 67, 2000

d)  section 66-A, 2008

 

185.          Stealing of digital files comes under                      of the Indian IT Act.

a)  section 66-A

b)  section 66-B

c)  section 66-C

d)  section 66-D

 

186.          An effective report uses

A.     first person.

B.     passive voice.

C.     present tense.

D.     all of the preceding

 

 

187.          One way to achieve a reader-friendly report is to

A.     make ample use of the phrase "the above."

B.     be certain the narrative part of your report can stand alone.

C.     use third person, passive voice.

D.     none of the preceding

 

 

188.          Once a report is written, the writer should

A.     staple the pages together if it is more than one page and file it.

B.     evaluate it.

C.     immediately show it to the prosecutor for approval.

D.     none of the preceding

 

189.            Section 79 of the Indian IT Act declares that any 3rd party information or personal data leakage in corporate firms or organizations will be a punishable offense.

a)  True

b)  False

 

190.            Leaking your company data to the outside network without prior permission of senior authority is a crime.


a)  True

b)  False

 

191.          Resources required for forensic investigation

A.     Original storage media

B.     Evidence custody form

C.     Evidence container for the storage media, such as an evidence bag

D.     All of the above

 

192.          The route evidence takes from the time the investigator obtains it until the case is closed or goes to court is given by.

A.     Chain of evidence

B.     Chain of custody

C.     Evidence bags

D.     Evidence custody form

 

193.          Nonstatic bags used to transport removable media, hard drives, and other computer components are known as.

A.     Evidence bags

B.     Custody form

C.     Polythene

D.     None of the above

 

194.          A form that dedicates a page for each item retrieved for a case

A.     Evidence custody form

B.     Multi- evidence form

C.     Single evidence form

D.     Repeatable findings

 

195.          Being able to obtain the same results every time from a computer forensics examination.

A.     Evidence form

B.     Repeatable findings

C.     Multiple evidence

D.     None of the above

 

196.          The disadvantage of proprietary format acquisitions is:-

A.     The inability to share an image between different vendors’ computer forensics analysis tools.

B.     File size limitation for each segmented volume.

C.     All of the above

D.     None of the above

 

197.          Data can be collected with four methods in acquisition : creating a disk-to- image file,

creating a disk-to-disk copy,

creating a logical disk-to-disk or disk-to-data file, creating a sparse copy of a folder or file.

A.     True

B.     False


198.                           acquisition is done on a computer seized during a police raid.

A.     Static acquisition

B.     Logical acquisition

C.     Live acquisition

D.     None of the above

 

199.          A                  acquisition captures only specific files of interest to the case or specific types of files.

A.     Static acquisition

B.     Logical acquisition

C.     Live acquisition

D.     None of the above

 

200.          In which of the following fraud methods is a legitimate looking email sent in an attempt to gather personal and financial information from recepients?

A.     Virus

B.     Masquerading

C.     Phishing

D.     Malware

 

201.          What is another name for an insecure plugin?

A.     Hardware

B.     Software

C.     Firmware

D.     Malware

 

202.          A tower with several bays and many peripheral devices is known as

A.     Stationary workstation

B.     Portable workstation

C.     Lightweight workstation

D.     None of the above

 

 

203.          A laptop computer with a built-in LCD monitor and almost as many bays and peripherals as a stationary workstation

A.     Stationary workstation

B.     Portable workstation

C.     Lightweight workstation

D.     None of the above

 

204.          A laptop computer built into a carrying case with a small selection of peripheral options

A.     Stationary workstation

B.     Portable workstation

C.     Lightweight workstation

D.     None of the above

 

205.          The National Security Agency (NSA) developed defense in depth (DiD) strategy having three modes of protection:

A.     True


B.     False

 

206.          DiD strategy has following modes of protection

A.     People

B.     Technology

C.     Operations

D.     All of the above

 

207.          Devices and software used to examine network traffic are known as:

A.     Honeystick

B.     Packet sniffer

C.     Honey pot

D.     None of the above

 

208.          A computer or network set up to lure an attacker.

A.     Honeystick

B.     Packet sniffer

C.     Honey pot

D.     None of the above

 

209.          A honeypot and honeywall combined on a bootable memory stick.

A.     Honeystick

B.     Packet sniffer

C.     Honey pot

D.     None of the above

 

210.                                 is information about the file, including who created it and time and date stamps.

A.     Abstract

B.     Table of content

C.     Application

D.     Metadata

 

211.          This metadata can be used to identify the change in the file location.

A.     System metadata

B.     Application metadata

C.     File

D.     Email

 

212.          This metadata can be used to identify the change in document author, document version, macros, email to, email from, subject, etc.

A.     System metadata

B.     Application metadata

C.     File

D.     Email

 

213.          A forensic report includes

A.     Abstract

B.     Table of contents

C.     Body of report


D.     All of the above

 

214.          A forensic report includes

A.     References

B.     Glossary

C.     Body of report

D.     All of the above

 

215.          Libraries of previously given testimony that law firms can access is                 

A.     Deposition banks

B.     High risk document

C.     Lay witness

D.     Spoliation

 

216.          A written report containing sensitive information that could create an opening for the opposing attorney to discredit you.

A.     Deposition banks

B.     High risk document

C.     Lay witness

D.     Spoliation

 

217.          Destroying or concealing evidence; this action is subject to sanctions.

A.     Deposition banks

B.     High risk document

C.     Lay witness

D.     Spoliation

 

218.          A person whose testimony is based on personal observation; not considered to be an expert in a particular field.

A.     Scientific witness

B.     Expert witness

C.     Lay witness

D.     Spoliation

 

219.          These opinions form from experience and deductive reasoning based on facts found during an investigation.

A.     Scientific witness

B.     Expert witness

C.     Lay witness

D.     Spoliation

 

220.          A                             witness, provide only the facts that are found in investigation— any evidence that meets the relevance standard and is more probative than prejudicial.

A.     Scientific witness

B.     Expert witness

C.     Lay witness

D.     Spoliation

 

221.          A pretrial motion to exclude certain evidence because it would prejudice the jury.

A.     Motion in limeine


B.     Testimony

C.     Plaintiff

D.     Defendant

 

222.          Both attorneys provide an overview of the case is known as:

A.     Motion in limeine

B.     Testimony

C.     Plaintiff

D.     Opening statement

 

223.          He presents the case.

A.     Motion in limeine

B.     Testimony

C.     Plaintiff

D.     Rebuttal

 

224.          A                            is usually requested by your client to preserve your testimony in case of schedule conflicts or health problems.

A.     Discovery deposition

B.     Testimony preservation deposition

C.     Testimony

D.     Cross examination

 

225.          A hearing is a proceeding before a court or other decision-making body or officer, such as a government agency or a Parliamentary committee

A.     Motion in limeine

B.     Testimony

C.     Hearing

D.     Defendant

 

226.          Your attorney asks you questions to establish your credentials as an expert witness. The process of qualifying jurors is also called

A.     Acess

B.     Voir dire

C.     Motion in limine

D.     Hearing

 

227.                                means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.

A.     Digital signature

B.     Cyber security

C.     Cyber safe

D.     Electronic form

 

228.          A secure system means computer hardware, software, and procedure that -:

A.     are reasonably secure from unauthorized access and misuse

B.     provide a reasonable level of reliability and correct operation

C.     are reasonably suited to performing the intended functions

D.     all of the above

CYBER FORENSIC MCQs Part-2 CYBER FORENSIC MCQs Part-2 Reviewed by Asst. Prof. Sunita Rai, Computer Sci.. Dept., G.N. Khalsa College, Mumbai on January 11, 2022 Rating: 5

No comments:

Powered by Blogger.