- All Exams Instant Download
What is the First Step required in preparing a computer for forensics investigation?
Topic 1, Exam Set A What is the First Step required in preparing a computer for forensics investigation?A . Do not turn the computer off or on, run any programs, or attempt to access data on a computerB . Secure any relevant mediaC . Suspend automated document destruction and recycling...
Centralized logging is defined as gathering the computer system logs for a group of systems in a centralized location. It is used to efficiently monitor computer system logs with the frequency required to detect security violations and unusual activity.
Centralized logging is defined as gathering the computer system logs for a group of systems in a centralized location. It is used to efficiently monitor computer system logs with the frequency required to detect security violations and unusual activity.A . TrueB . FalseView AnswerAnswer: A
A computer forensic report is a report which provides detailed information on the complete forensics investigation process.
A computer forensic report is a report which provides detailed information on the complete forensics investigation process.A . TrueB . FalseView AnswerAnswer: A
In what circumstances would you conduct searches without a warrant?
In what circumstances would you conduct searches without a warrant?A . When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activityB . Agents may search a place or object without...
LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.
LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.A . Sequential numberB . Index numberC . Operating system numberD . Sector numberView AnswerAnswer: A
What is the smallest allocation unit of a hard disk?
What is the smallest allocation unit of a hard disk?A . ClusterB . Spinning tracksC . Disk plattersD . Slack spaceView AnswerAnswer: A
Hal.dll, and boot-start device drivers?
In Windows 7 system files, which file reads the Boot.ini file and loads Ntoskrnl.exe. Bootvid.dll. Hal.dll, and boot-start device drivers?A . NtldrB . Gdi32.dllC . Kernel32.dllD . Boot.inView AnswerAnswer: A
What RAID level is represented here?
Data is striped at a byte level across multiple drives and parity information is distributed among all member drives. What RAID level is represented here?A . RAID Level0B . RAID Level 1C . RAID Level 3D . RAID Level 5View AnswerAnswer: D
You should always work with original evidence
You should always work with original evidenceA . TrueB . FalseView AnswerAnswer: B
Where is the hidden swap file in Windows located?
A swap file is a space on a hard disk used as the virtual memory extension of a computer's RAM. Where is the hidden swap file in Windows located?A . C:pagefile.sysB . C:hiberfil.sysC . C:config.sysD . C:ALCSetup.logView AnswerAnswer: A
