EC1-349 ECCouncil Computer Hacking Forensic Investigator Set 4

Data Acquisition is the process of imaging or otherwise obtaining information from a digital device

and its peripheral equipment and media


Options are :

  • True (Correct)
  • False

Answer : True

When collecting electronic evidence at the crime scene, the collection should proceed from the

most volatile to the least volatile


Options are :

  • True (Correct)
  • False

Answer : True

Email spoofing refers to:


Options are :

  • Sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address Is hosted to cause a denial-of-service attack
  • The criminal act of sending an illegitimate email, falsely claiming to be from a legitimate site in an attempt to acquire the user's personal or account information
  • A sudden spike of "Reply All" messages on an email distribution list, caused by one misdirected message
  • The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source (Correct)

Answer : The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source

Which of the following is not a part of data acquisition forensics Investigation?


Options are :

  • Permit only authorized personnel to access
  • Protect the evidence from extremes in temperature
  • Work on the original storage medium not on the duplicated copy (Correct)
  • Disable all remote access to the system

Answer : Work on the original storage medium not on the duplicated copy

LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard

disk.


Options are :

  • Sequential number (Correct)
  • Operating system number
  • Sector number
  • Index number

Answer : Sequential number

Which device in a wireless local area network (WLAN) determines the next network point to which

a packet should be forwarded toward its destination?


Options are :

  • Wireless modem
  • Mobile station
  • Antenna
  • Wireless router (Correct)

Answer : Wireless router

Which of the following file in Novel GroupWise stores information about user accounts?


Options are :

  • PRIV.STM
  • gwcheck.db
  • PRIV.EDB
  • ngwguard.db (Correct)

Answer : ngwguard.db

Under no circumstances should anyone, with the exception of qualified computer forensics

personnel, make any attempts to restore or recover information from a computer system or device

that holds electronic information.


Options are :

  • True (Correct)
  • False

Answer : True

Volatile information can be easily modified or lost when the system is shut down or rebooted. It helps to determine a logical timeline of the security incident and the users who would be

responsible.


Options are :

  • True (Correct)
  • False

Answer : True

Which of the following statements is incorrect related to acquiring electronic evidence at crime

scene?


Options are :

  • Sample banners are used to record the system activities when used by the unauthorized user
  • The equipment is seized which is connected to the case, knowing the role of the computer which will indicate what should be taken
  • At the time of seizing process, you need to shut down the computer immediately (Correct)
  • In warning banners, organizations give clear and unequivocal notice to intruders that by signingonto the system they are expressly consenting to such monitoring

Answer : At the time of seizing process, you need to shut down the computer immediately

A steganographic file system is a method to store the files in a way that encrypts and hides the

data without the knowledge of others


Options are :

  • False
  • True (Correct)

Answer : True

Physical security recommendations: There should be only one entrance to a forensics lab


Options are :

  • True (Correct)
  • False

Answer : True

Which of the following log injection attacks uses white space padding to create unusual log

entries?


Options are :

  • HTML injection attack
  • Timestamp injection attack
  • Word wrap abuse attack (Correct)
  • Terminal injection attack

Answer : Word wrap abuse attack

An image is an artifact that reproduces the likeness of some subject. These are produced by

optical devices (i.e. cameras, mirrors, lenses, telescopes, and microscopes).

Which property of the image shows you the number of colors available for each pixel in an image?


Options are :

  • Pixel
  • Image File Size
  • Bit Depth (Correct)
  • File Formats

Answer : Bit Depth

Digital evidence is not fragile in nature.


Options are :

  • True
  • False (Correct)

Answer : False

Which of the following network attacks refers to sending huge volumes of email to an address in

an attempt to overflow the mailbox, or overwhelm the server where the email address is hosted, to

cause a denial-of-service attack?


Options are :

  • Mail bombing (Correct)
  • Email spoofing
  • Email spamming
  • Phishing

Answer : Mail bombing

Digital photography helps in correcting the perspective of the Image which Is used In taking the

measurements of the evidence. Snapshots of the evidence and incident-prone areas need to be

taken to help in the forensic process. Is digital photography accepted as evidence in the court of

law?


Options are :

  • No
  • Yes (Correct)

Answer : Yes

When a system is compromised, attackers often try t