Practice for the CCE-digital forensic analysis QUIZ
Question Description
Question 1 (5 points)
Unicode is a binary representation of characters that is compatible with ASCII but includes fewer characters overall.
Question 2 (5 points)
If you change the file extension for an image file to .txt, the contents of the file cannot be displayed and will become unusable.
Question 3 (5 points)
The bit pattern 01000011 can be used to represent a single ASII character, a base ten number, or a CPU instruction.
Question 4 (5 points)
A hexadecimal editor can be used to search a hard drive to find passwords or keywords occurring outside of files or inside files in file slack space.
Question 5 (5 points)
If the file signature does not match the file extension, the contents of the file cannot be displayed.
Question 6 (5 points)
How many ASCII characters can be stored in 32 bits?
Question 7 (5 points)
How many hexadecimal digits are required to represent 32 bits of data?
Question 8 (5 points)
Which of the following file types contain images and/or graphics?
Question 9 (5 points)
Which of the following file extensions should contain executable code?
Question 10 (5 points)
Which of the following types of drives can be used as a forensic boot device?
Question 11 (5 points)
A write blocker is a hardware device or software application used to prevent the operating system from changing the contents of a hard drive.
Question 12 (5 points)
Which of the following is not a standard BIOS function?
Question 13 (5 points)
The Master Boot Record contains executable code, the disk signature, and the partition table for the disk.
Question 14 (5 points)
Which of the following is a valid signature word for an MBR?
Question 15 (5 points)
What is the length of the partition table in the MBR?
Question 16 (5 points)
POST is the last step in the boot process.
Question 17 (5 points)
In big Endian storage schemes, the most significant byte of a data value is stored at the smallest address. In little Endian storage schemes, the least significant byte of a data value is stored at the smallest address.
Question 18 (5 points)
What does CHS refer to?
Question 19 (5 points)
FAT file systems have a variable number of bits per entry in the Master File Table.
Question 20 (5 points)
In a Microsoft Windows operating system, the last access times for files are accurate to within two milliseconds.
Question 21 (10 points)
Digital forensics labs should prepare specialized operating procedures for each case.
Question 22 (10 points)
Evidence tags are affixed to computer equipment and removable media upon receipt at the digital forensics lab. This ensures that evidence can be tracked using a chain of custody form.
Question 23 (10 points)
Organizations are required to properly preserve any and all forms of electronic media which can be reasonably anticipated to be relevant to current or future litigation.
Question 24 (10 points)
A corporate policy for digital forensics should address requirements found in which of the following laws?
Question 25 (10 points)
Corporate audit procedures should be followed during cyber forensic investigations in cases where the subject is suspected of having committed financial fraud.
Question 26 (10 points)
Case management includes all of the following EXCEPT:
Question 27 (10 points)
Evidence being shipped inter-city or across state lines should always be shipped in the airline’s cargo hold to protect against the risk of loss or theft during transfer.
Question 28 (10 points)
Which of the following is not a recommended method for verifying the analysis and results of a forensic examination?
Question 29 (10 points)
Every digital forensics lab should have both a policy and a procedure regarding sanitization of media prior to use for forensic imaging.
Question 30 (10 points)
Which of the following is not a NIST mandated feature or capability of a forensic tool?
Question 31 (10 points)
What type of cryptography can be used to find and identify files containing child pornography?
Question 32 (10 points)
Polymorphic algorithms are used to hide or conceal malware from anti-virus programs.
Question 33 (10 points)
Steganography is used to hide a binary file or executable inside an Unicode encoded text file.
Question 34 (10 points)
In a FAT file system, files can be hidden or concealed by setting the “archive” bit in the file’s directory entry.
Question 35 (10 points)
The Windows swap file contains what type of data?
Question 36 (10 points)
Forensic examiners should always collect and analyze file slack space and unallocated disk sectors because both can contain remnants of data from events which took place many years ago.
Question 37 (10 points)
It is very easy to hide inappropriate or illegal files within plain sight by changing the file name extension.
Question 38 (10 points)
Which registry file contains settings and history information for individual user accounts?
Question 39 (10 points)
Which registry file will contain the names of all installed software applications?
Question 40 (10 points)
System log files contain entries for events which occur on a system. These files contain a trustworthy timeline of events because once an entry has been made it cannot be changed or deleted.
Question 41 (10 points)
What is presumption of innocence?
Question 42 (10 points)
Evidence may be deemed hearsay if the speaker, author, or creator is not present in court to verify its truthfulness.
Question 43 (10 points)
Which of the following types of evidence is/are a permissible exception to the hearsay rule?
Question 44 (10 points)
Expert forensic examiners can reliably and accurately determine the level of certainty which should be assigned to their findings.
Question 45 (10 points)
The “Frye test” for evidence admissibility was based upon which of the following?
Question 46 (10 points)
An expert witness must be qualified as an expert by the court prior to being allowed to testify before a jury. The qualification process examines which of the following?
Question 47 (10 points)
In Daubert vs. Merrell Dow Phrmaceuticals, the US Supreme Court held tha
Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."
Our Service Charter
1. Professional & Expert Writers: Eminence Papers only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.
2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.
3. Plagiarism-Free Papers: All papers provided by Eminence Papers are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.
4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Eminence Papers are known for the timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.
5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.
6. 24/7 Customer Support: At Eminence Papers, we have put in place a team of experts who answer all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.