DIGITAL FORENSICS Final Stuff

DIGITAL FORENSICS
(MCQ’s)
---------------------------------------------------------------------------------------------------------
No Question Option Answe

r
COMPILATION
1. 1.
systematic tracking of incoming and outgoing traffic: to
ascertain how an attack was carried out or how an event
a. SIM Cards C
occurred on a network. b. Windows
intruders and network users often leave trail behind Registry
c. CORRECT: Net
-identify locations where relevant digital evidence exists
work Forensics
-crucial when developing data map of digital evidence d. Drive Slack
2. . a logical drive a. EEPROM
b. PDA's D
c. SIM Cards
d. CORRECT: Partition
3. - .EVE -> .DFT -> IOLogErrors a. Additional SIM

Card Perposes C
-.DD -> .DFT -> IOLogErrors -> MD5
b. Types of The
Formats
ProDiscover
Creates
c. CORRECT: Files
Found When
Acquisition is Done
(ProDiscover)
d. Mobile Forensics
1
Equiptment
4. allows you to create a representation of another computer a. Partition
DEVELOPED & CREATED BY UJWAL & ABHIJEET |

on an existing physical computer b. CORRECT: Virtual B
Machine
c. Drive Slack
d. SIM Cards
5. Considerations a. CORRECT: Exam

-determine the scope of the investigation. ination Plan A
-determine what the case requires
b. Drive Slack
-whether you should collect all info
-what to do in case of scope creep c. Partition
d. SIM Cards
6. Can be exported as: 1.

-RTF ~good for thumbnails and book marks
a. Drive Slack D
-TEXT~plain text
b. Write Blockers
c. Windows
Registry
d. CORRECT: ProD
iscover Report
7. UNIX DD~most common raw image format a. EnCase Output

Formats D
-.EVE~has case metadata information
b. Five Major
Categories
c. ProDiscover Report
d. CORRECT: Types of
The Formats
ProDiscover
Creates
8. electronically erasable programmable read-only memory a. Partition
b. file system C
-how phones store system data
c. CORRECT: EEPROM
-enables service providers to reprogram phones without d. SIM Cards 2
having to physically access memory chips
-OS is stored in ROM: nonvolatile memory

10. file manipulation: file names and extensions/ hidden a. Windows
property Registry D
b. Examination
-disk manipulation: hidden partitions/bad clusters
Plan
-encryption: bit shifting/stenography c. Virtual Machine
d. CORRECT: Data-
hiding Techniques
11. -gives us a road map to data on a disk a. CORRECT: file

system A
-type of file system an OS used determines how data is
b. Drive Slack
stored on the disk
c. EEPROM
d. SIM Cards
12. -the main concerns with mobile devices are loss of power
and synchronization with PC's or the cloud (wired or C
wireless).
-all mobile devices have volatile memory that may contain

valuable information: making sure they don't lose power
before you can retrieve RAM data is critical. a. Additional SIM
Card Perposes
-isolated the device from incoming signals with one of the b. Network
following options: shielded container (paint can,
Forensics
enclosures), use the Faraday Bag, use eight layers of anti-
static bags, aluminum foil. c. CORRECT: Acqui
sition Procedures
-if device is not isolated, the data of the device will for Mobile Devices
continue to change while in custody of the specialist.
d. Challenges With
Mobile Devices
13. acquisition~preservation~collection 1.
a. Network B
Forensics
-validation~discrimination~culling
b. CORRECT: Five
Major Categories
~examination~extraction~review
c. SIM Cards 3
d. Write Blockers
~reconstruction~analysis

~reporting~presentation~production
14. a database that stores hardware and software configuration 1.

information, network connections, user preferences, and
a. SIM B
setup information.
Cards
-can contain valuable info about current/past applications b. CORREC

and user created information T: Windows
Registry
c. file
system
d. Write
Blockers
15. unused space in a cluster between the end of an active file a. SIM Cards D
and the end of a cluster. (Includes RAM slack and file slack)
b. file system
c. Write Blockers
d. CORRECT: Drive
Slack
16. subscribers identity module cards a. EEPROM
b. PDA's C
-found most commonly in GSM devices
c. CORRECT: SIM
-microprocessor and from 16KB to 4MB EEPROM Cards
d. Drive Slack
-GSM refers to mobile phones as "mobile station" and
divides a station into two parts: the sim card and the mobile
equipment and common network in global networks
-portability of information makes SIM cards versatile
17. EnCase (E01) a. Five Major

Categories B
-RAW (DD)
b. CORRECT: Differ
ent FTK Output
-SMART (S01) 4
Formats
-Sleuth Kit (AFF) c. EnCase Output

Formats

d. Network
Forensics
18. -How long a piece of information lasts on a system versus a. CORRECT: Order
data that must be collected and preserved before its lost, of Volatility A
corrupted, or backed up.
b. Partition
Order: c. Drive Slack

1-live network devices (switches/routers)
d. Network
2-live computers/laptops (RAM and processes)
Forensics
3-live other devices (smartphones, PDA's)
4-Devices/computers already OFF
5-Removable media/cables-adapters/documents
19. devices are 'live' computers; traditional "stand-alone OFF 1.
computers" approach may be inadequate
a. CORREC A
T: Challenges
-devices are connected to 'live' wireless networks;
With Mobile
traditional "disconnect" or "segregate" approach network
Devices
forensics may be inadequate
b. Write
-devices lack hardware, software and operating system Blockers
standardization; many variables affect forensic and
c. Network
eDiscovery techniques and analysis results.
Forensics
-devices are dynamic in location; communications and d. Acquisiti

operability; computers are mostly static. on Procedures
for Mobile
Devices
-analog
20. analog a. Data-hiding

Techniques
-digital personal communications service (PC's)
b. CORRECT: Three B
Generations of Mobile
-third-generation (3G and 4G): increased bandwidth
Phone Technology
*continuing to evolve c. Order of

Volatility
d. Challenges With
Mobile Devices
5
21. identifies the subscriber to the network a. Five Major
Categories C
-stores personal information
b. ProDiscover

Report
-stores address books and messages
c. CORRECT: Addit
ional SIM Card Perposes
-stores service-related information
d. SIM Cards
22. -hardware utilized for protecting source/hard drive from a. file system
data alteration/tampering while collecting, preserving, and
b. Drive Slack D
reviewing CSI.
c. SIM Cards
-prevents operating systems and computer programs from d. CORRECT: Write
making "writes" to the hard drive being acquired, examined,
Blockers
or analyzed.
-write blockers sits between the suspect/source drive and

your analysis computer. (It is usually a hardware device, but
software based write blockers may be utilized.
.
23. primary Windows based: a. Computer

-EnCase Forensic and B
-Forensic Tool Kit (FTK) EDiscovery Tool Needs
-ProDiscover
b. CORRECT: Com
-OSForensics
puter Forensic Software
primarily Linux based: Tools

-Sleuth Kit and Autopsy c. Network
-Helix Forensics
-Knoppix STD
d. Mobile
-SMART
Forensics Equiptment
24. IM card readers: a combination hardware/software device a. file system

used to access the SIM card. You need to be in a forensic
b. Network C
lap equip with appropriate anti-static devices.
Forensics
-general forensic procedure for SIM cards: c. CORRECT: Mobil

1-remove the back panel of device e Forensics
2-remove the battery Equiptment
3-remove the SIM card
d. Computer
4-insert the SIM card into the card reader
Forensic Software
5-extract relevant information 6
Tools
-a variety of SIM card readers are on the market: some are

forensically sound and some are not

-documenting messages that haven't been read yet is
critical: use a video camera to capture reach screen, if data
cannot be extracted with forensic hardware/software
-mobile forensic tools and utilities:

-Ramsey forensic text enclosure (hardware)
-SIM card reader (hardware)
-Paraban Device Seizure (software)
-BitPim (software)
-Susteen SecureView (software)
-EnCase and FTK (software)
25. EX01 a. CORRECT: EnCa

se Output Formats A
-E01 (Legacy)
b. Different FTK
Output Formats
c. EEPROM
d. Network
Forensics
26. ook for versatility, flexibility, and robustness: 1.

-Lab OS
a. CORREC A
-File System
T: Computer
-Automated Features
Forensic and
-Venders Reputation
EDiscovery
-Acceptance by forensic community
-documented testing and validation Tool Needs
b. Mobile
-Keep in mind what application files and operating system Forensics
you'd be analyzing Equiptment
c. Types of
The Formats
ProDiscover
Creates
d. Compute
r Forensic
Software Tools
_________ framework made cracking of vulnerabilities easy like a) .Net

27. point and click. b) Metasploit 7
c) Zeus B
d) Ettercap
Nmap is abbreviated as Network Mapper. a) True
28. b) False

A
__________ is a popular tool used for discovering networks a) Ettercap
30. as well as in security auditing. b) Metasploit
c) Nmap C
d) Burp Suit?
Which of this Nmap do not check? a) services different hosts

31. are offering
b) on what OS they are D
running
c) what kind of firewall is
in use
d) what type of antivirus is
in use
Which of the following deals with network intrusion detection and a) John the Ripper
32. real-time traffic analysis? b) L0phtCrack
c) Snort C
d) Nessus
Wireshark is a ____________ tool. a) network protocol
33. analysis
b) network connection A
security
c) connection analysis
d) defending malicious
packet-filtering
Which of the below-mentioned tool is used for Wi-Fi hacking? a) Wireshark

34. b) Nessus
c) Aircrack-ng
d) Snort?
C
35. Performing hacking activities with the intent on A. Cracking
gaining visibility for an unfair situation is called B. Analysis
C. Hacktivism C
________. D. Exploitation
a) Firewall bypassing
36. Aircrack-ng is used for ____________
b) Wi-Fi attacks
c) Packet filtering B
d) System password
cracking
_____________ is a popular IP address and port scanner. a) Cain and Abel
37. b) Snort
c) Angry IP Scanner C
d) Ettercap
_______________ is a popular tool used for network analysis in a) Snort
38. multiprotocol diverse network. b) SuperScan
c) Burp Suit D
d) EtterPeak
____________ scans TCP ports and resolves different a) SuperScan 8
39. hostnames. b) Snort
c) Ettercap A
d) QualysGuard

___________ is a web application assessment security tool. a) LC4
40. b) WebInspect
c) Ettercap B
d) QualysGuard
Which of the following attack-based checks WebInspect cannot a) cross-site scripting
41. do? b) directory traversal
c) parameter injection D
d) injecting shell code
________ is a password recovery and auditing tool. a) LC3

43. b) LC4
c) Network Stumbler B
d) Maltego D. Server,
client, and network
L0phtCrack is formerly known as LC3. a) True

44. b) False
B
Which is the smallest unit amongst the following with reference to a) transmission path
45. the ATM- b) virtual path
c) virtual circuit C
d) all are of the same size
IEEE 802.8 is/was – a) IBM Token Bus

46. b) Integrated Services
LAN D
c) Wireless LAN and
Mesh
d) Fiber Optic TAG
The below figure represents the hidden terminal problem. a) True
47. b) False
B
Which of the following was the IBM Token bus? a) IEEE 802.10
48. b) IEEE 802.11
c) IEEE 802.1 D
d) IEEE 802.4
What is the function of Network Interface Cards? a) connects the clients,
49. servers and peripherals to 9
the network through a port A
b) allows you to segment
a large network into
smaller, efficient networks

c) connects networks with
different protocols like
TCP/IP
d) boost the signal
between two cable
segments or wireless
access points
The full form of OSI is OSI model is ______________ a) Open Systems
50. Interconnection
b) Open Software A
Interconnection
c) Open Systems Internet
d) Open Software Internet
Which of the following is not physical layer vulnerability? a) Physical theft of data &
51. hardware
b) Physical damage or C
destruction of data &
hardware
c) Unauthorized network
access
d) Keystroke & Other
Input Logging
In __________________ layer, vulnerabilities are directly a) physical
52. associated with physical access to networks and hardware. b) data-link
a c) network A
d) application
Which of the following is not a vulnerability of the data-link layer? a) MAC Address Spoofing
53. b) VLAN circumvention
c) Switches may be D
forced for flooding traffic
to all VLAN ports
d) Overloading of
transport-layer
mechanisms
___________ is data-link layer vulnerability where stations are a) VLAN attack
54. forced to make direct communication with another station by b) VLAN Circumvention
evading logical controls. c) VLAN compromisation A
method
d) Data-link evading
_______________may be forced for flooding traffic to all VLAN a) Switches
55. ports allowing interception of data through any device that is b) Routers
connected to a VLAN. c) Hubs A
d) Repeaters
Which of the following is not a vulnerability of the network layer? a) Route spoofing
56. b) Identity & Resource ID
Vulnerability D
c) IP Address Spoofing
d) Weak or non-existent
authentication
Which of the following is an example of physical layer a) MAC Address Spoofing
57. vulnerability? b) Physical Theft of Data
c) Route spoofing B
authentication passing
Which of the following is an example of data-link layer a) MAC Address Spoofing
1
c) Route spoofing A
d) Weak or non-existent 0
authentication
Which of the following is an example of network layer a) MAC Address Spoofing

c) Route spoofing
C
authentication
Which of the following is an example of physical layer a) MAC Address Spoofing
60. vulnerability? b) Route spoofing
c) Weak or non-existent D
authentication
d) Keystroke & Other
Input Logging
Which of the following is an example of data-link layer a) Physical Theft of Data
61. vulnerability? b) VLAN circumvention
c) Route spoofing B
authentication
Which of the following is not a transport layer vulnerability? a) Mishandling of
62. undefined, poorly defined
b) The Vulnerability that D
allows “fingerprinting” &
other enumeration of host
information
c) Overloading of
transport-layer
mechanisms
d) Unauthorized network
access
Which of the following is not session layer vulnerability? a) Mishandling of
63. undefined, poorly defined
b) Spoofing and hijacking A
of data based on failed
authentication attempts
c) Passing of session-
credentials allowing
intercept and
unauthorized use
authentication
mechanisms
a) Physical layer
64. Failed sessions allow brute-force attacks on access credentials.
This type of attacks are done in which layer of the OSI model? b) Data-link Layer
c) Session layer C
d) Presentation layer
Which of the following is not an example of presentation layer a) Poor handling of
65. issues? unexpected input can lead
to the execution of D
arbitrary instructions
b) Unintentional or ill-
directed use of
superficially supplied input
c) Cryptographic flaws in
the system may get
exploited to evade privacy
authentication
mechanisms
Which of the following is not a vulnerability of the application a) Application design
66. layer? bugs may bypass security
controls D 1
b) Inadequate security
controls force “all-or-
1
nothing” approach
c) Logical bugs in
programs may be by

chance or on purpose be
used for crashing
programs
d) Overloading of
transport-layer
mechanisms
Which of the following is an example of Transport layer a) weak or non-existent
67. vulnerability? mechanisms for
authentication B
b) overloading of
transport-layer
mechanisms
c) poor handling of
unexpected input
d) highly complex
application security
control
Which of the following is an example of session layer a) weak or non-existent
authentication A
b) overloading of
transport-layer
mechanisms
c) poor handling of
unexpected input
d) highly complex
controls
Which of the following is an example of presentation layer a) weak or non-existent
authentication D
b) overloading of
transport-layer
mechanisms
c) highly complex
controls
d) poor handling of
unexpected input
a) Cryptographic flaws
70. Which of the following is an example of application layer
vulnerability? lead to the privacy issue
b) Very complex B
controls
c) MAC Address Spoofing
authentication
TCP/IP is composed of _______ number of layers. a) 2

71. b) 3
c) 4 C
d) 5
a) ftp
72. Trusted TCP/IP commands have the same needs & go through
the identical verification process. Which of them is not a TCP/IP b) rexec
command? c) tcpexec C
d) telnet
Connection authentication is offered for ensuring that the remote a) address, name 1
73. host has the likely Internet Protocol (IP) ___________ & b) address, location 2
_________ c) network, name A
d) network, location

a) Booster
74. A device which is used to boost the signal between two cable
segments or wireless access points is b) Repeater
c) Switch C
d) Router
A device that provides a central connection point for cables is – a) Switch
75. b) Hub
c) Gateway C
d) Proxy Server
76. A device that connects networks with different protocols – a) Switch
b) Hub
c) Gateway C
d) Proxy Server
A device that helps prevent congestion and data collisions – a) Switch
77. b) Hub
c) Gateway A
d) Proxy Server
. A device that is used to connect a number of LANs is – a) Router
78. b) Repeater
c) Bridge A
d) Switch
a) ICMP
79. . Which of the protocol is not used in the network layer of the
TCP/IP model? b) IP
c) IGMP D
d) HTTP
____________ protocol attack is done in the data-link layer. a) HTTP
80. b) DNS
c) TCP/IP B
d) POP
What is the benefit of the Networking? A. File Sharing
81. B. Easier access to
Resources
C. Easier Backups
D
D. All of the Above
Which of the following is not the Networking Devices? A. Gateways
82. B. Linux
C. Routers
D. Firewalls
B
What is the size of MAC Address? A. 16-bits
83. B. 32-bits
C. 48-bits
D. 64-bits
C
Which of the following can be Software? A. Routers
84. B. Firewalls
C. Gateway
D. Modems
B
What is the use of Ping command? A. To test a device on the
85. network is reachable
B. To test a hard disk fault
C. To test a bug in a
A
Application
D. To test a Pinter Quality
A. Transport Layer
86. MAC Address is the example of
B. Data Link Layer
C. Application Layer
D. Physical Layer
B
Routing tables of a router keeps track of A. MAC Address
87. Assignments 1
B. Port Assignments to
network devices
D 3
C. Distribute IP address to
network devices
D. Routes to use for

forwarding data to its
destination
Layer-2 Switch is also called A. Multiport Hub
88. B. Multiport Switch
C. Multiport Bridge
D. Multiport NIC
C
Difference between T568A and T568B is A. Difference in wire color
89. B. Difference in number of
wires
C. Just different length of
D
wires
D. Just different
manufacturer standards
The meaning of Straight-through Cable is A. Four wire pairs connect
90. to the same pin on each
end
B. The cable Which Directly
A
connects Computer to
Computer
C. Four wire pairs not
twisted with each other
D. The cable which is not
twisted
91. Which of the following stores all the user-related data that
1. is
Simrelevant for the GSM system in
mobile computing? A
2. HLR
3. ELR
4. VLR
92. Which of the following stores Mobile Subscriber A)Home location secret key
ISDN number – MSISDN? register A
B)Visitor location private key
1.
register
C)Entity equipment public key

register
D)None of the above All of them
93. which of the following Codes with specific 1. GSM Single Round
characteristics can be applied to the transmission?
C
2. GPRS Double Rounds
Multiple Round
1
3. CDMA
4
4. None of the Round about

above
94. Which of the following provides packet mode data Files

1. GSM
transfer service over the cellular network system?
B
2. GPRS Packets
3. TCP Secrets
4. None of the Transmission

above
95. Which of the following services/ services are defined BEARER

by the GSM?
b. D
SUPPLEMENT
1. ARY
c.TELE
d. ALL
96. TCP is a reliable protocol that incorporates Corrupting Data

1. congestion
control D
2. Flow control Secret Writing

mechanisms
3. guarantees Open Writing

in-order
delivery of
data
4. All of the Closed Writing

above
97. TCP supports many of the Internet’s most popular 1. World Wide block of packets
application protocols and resulting applications,
including
Web D
2. e-mail, block of slots

1
5
3. File block of signals
Transfer

Protocol
4. All of the block of symbols

above
98. Which of the following segments a TCP connection

1. Indirect TCP 2. Dire
into a fixed part and a wireless part?
A
3. Both a and b 4. Non
5. Indirect TCP 6. Dire
7. Both a and b 8. Non
100 Advantages of Indirect TCP includes 1. Fast transmission 4 Bits
D
2. Congestion control 6 Bits
3. Error control 8 Bits
4. All of the above 10 B
101. The main function of snooping TCP is —- To

buffer A
data
close
to the
mobile
host to
perfor
m fast
local
retrans
missio
n in
case of
packet
loss.
1
b.CONG
ESTION
6
CONTR
OL

c. FLOW
CONTR
OL
d. NOTA
102. I-TCP and Snooping TCP does not help much if a 1. Out of coverage
mobile host gets area
2. Disconnected B
3. Battery power low
4. None of the above
103. M-TCP wants to improve overall throughput to 1. to lower the delay

2. to maintain end-to-
end semantics of D
TCP
3. to provide a more
efficient handover
4. All of the above
104. Disadvantages of Mobile TCP includes 1. Assuming low bit

error rates
2. Lack of buffering A
3. Lack of
acknowledgment
105. A very useful extension of TCP is the use of 1. Buffering packets

2. Congestion control
3. Selective C
retransmission
4. All of the above
A10 Which of the following combine packets for 1. Transaction oriented

connection establishment and connection release TCP
6. with user data packets? 2. Indirect TCP A
3. Snooping TCP
107. Mobile Computing allows transmission of data, from1. Any device

one wireless-enabled device to another —- 2. Wired device 1
3. Wireless-enabled C 7
device

108. Which of the following services/service are defined 2. Data transmission

within the bearer services? 3. Forward error
correction D
1. 4. Flow control
All of the above
109. The overlapping portion of two piconets is called——1. Piconet

2. Ad hoc piconet
3. Scatter net C
4. All of the above
110. Bluetooth technology is used for —- 2. Connection of

peripheral devices
3. Ad-hoc networking D
1.
4. Bridging network
gaps
All of the above
111. Indirect TCP segments a TCP connection into a 5. Fixed part

wireless and a— 6. Wired part
7. Both a and b A
1. Fixed part 8. None of the above
2. Wired part
3. Both a and b
112. Which of the following protocols ‘snoops’ the packet 1. Indirect TCP
flow in both directions to recognize 2. Snooping
acknowledgments? 3. Both a and b D
113. Which of the following TCP protocol is specially 1. Mobile TCP

adapted when the problems arising from lengthy or 2. Snooping
frequent disconnections?. 3. I-TCP A
4. None of these
1
8
114. TCP supports the most popular application protocols1. www

and resulting applications, including 2. e-mail, D
3. FTP
4. All of the above
115. Advantages of Indirect TCP are — 1. Fast transmission

3. Flow control D
4. All of the above
116. I-TCP and Snooping TCP does not support if a 1. Disconnected

mobile host gets 2. Battery power low
3. Out of range A
117. The main disadvantage/s of Mobile TCP is/are — 1. Buffering packets

2. Selective
retransmission B
4. All of the above
1.
118. The most important extension of TCP is the use of A) 32-bit
B) 48-bit B
C) 54-bit
D) 42-bit
119. Which of the following combine packets for 1. Indirect TCP

connection establishment and connection release 2. Snooping TCP
with user data packets? 3. Transaction oriented C
TCP
120. here is an increase in costs for updates and 1. Elements

signaling due to an increase in the number of —– in 2. Replicas
the mobile database. 3. Distance between B
hosts 1
4. None of these 9
above

121. Which of the following is the ability of a system to 1. Fault tolerance
perform its function correctly even in the presence of2. Selective
internal faults? retransmission A
4. All of the above
122. Checksumming over user data and a. Transport Layer

multiplexing/demultiplexing of data from/to
applications are the important functions of – A
b. Network layer
c. Application Layer
d. All of the above
123. Which of the following is network friendly protocol? a. TCP

A
b. UDP
c. Both UDP and

TCP
d. None
124. Which of the protocol does not care congested a. TCP

network and continues to send packets into an
already congested network? B
b. UDP
c. IP
d. None of the above
125. What is the possible reason for a packet loss in a a. Temporary

fixed network in the transmission path? overload at some
point A
b. Hardware error 2
0
d. Software error

e. All of the above
126. To mitigate congestion, TCP a. Dropdown some

packets
B
c. Slows down the
transmission
d. Stop transmission
e. None of the above
127. The exponential growth of the congestion window in a. Increases the

the slow start mechanism refers to congestion window
every time the B
acknowledgments
come back
b. Doubles the
congestion window
every time the
acknowledgments
come back
c. Triples the
congestion window
every time the
acknowledgments
come back
d. None of the above
128. The behavior TCP shows after the detection of a. Slow start
congestion is called
A
b. Packet drop
c. Wait and watch

2
d. None of the above 1

129. Which of the following segments a TCP connection a. Mobile TCP
into a fixed part and a wireless part?
C
b. Classical TCP
c. I-TCP
130. Which of the following the foreign agent buffers all a. Snooping TCP
packets with destination mobile host and
additionally ‘snoops’ the packet flow in both A
b. Indirect TCP
directions to recognize acknowledgments?
c. Mobile TCP
d. None
131. If a single packet is lost, the sender has to a. go-back-n

retransmit everything starting from the lost packet, is retransmission
called A
b. Retransmission
d. Selective
Transmission
Which of the following is not an appropriate way of targeting a a) Target mobile

132. mobile phone for hacking? hardware vulnerabilities
b) Target apps’ D
vulnerabilities
c) Setup Keyloggers and
spyware in smart-phones
d) Snatch the phone
____________
a. Which of the following is not an OS for mobile? a) Palm

133. b) Windows
c) Mango C
d) Android
134. a. Mobile Phone OS contains open APIs that may be a. a) useful for 2
_____________ attack. b) vulnerable to
c) easy to B 2
d) meant for
above

135. ____________ gets propagated through networks and a. a) Worms
technologies like SMS, Bluetooth, wireless medium, USBs and b) Antivirus
infrared to affect mobile phones. c) Malware C
d) Multimedia
files?
____________ is the protection of smart-phones, phablets, a) OS Security

136. tablets, and other portable tech-devices, & the networks to which b) Database security
they connect to, from threats & bugs. c) Cloud security D
d) Mobile security
Mobile security is also known as ____________ a) OS Security
137. b) Wireless security
c) Cloud security B
d) Database security
Hackers cannot do which of the following after compromising a) Steal your information
138. your phone? b) Rob your e-money
c) Shoulder surfing C
d) Spying
a) Shoulder surfing
139. Hackers cannot do which of the following after compromising
your phone? b) Accessing your voice
mail A
c) Steal your information
d) Use your app
credentials
Which of the following layers is an addition to OSI model when a) Application layer
140. compared with TCP IP model? b) Presentation layer
c) Session layer D
d) Session and
Presentation layer
Application layer is implemented in ____________ a) End system
141. b) NIC
c) Ethernet A
d) Packet transport
Transport layer is implemented in ______________ a) End system
142. b) NIC
c) Ethernet A
d) Signal transmission
The functionalities of the presentation layer include a) Data compression
143. ____________ b) Data encryption
c) Data description D
d) All of the mentioned
Delimiting and synchronization of data exchange is provided by a) Application layer
144. __________ b) Session layer
c) Transport layer B
d) Link layer
In OSI model, when data is sent from device A to device B, the a) Application layer
145. 5th layer to receive data at B is _________ b) Transport layer
c) Link layer D
d) Session layer
n TCP IP Model, when data is sent from device A to device B, the a) Application layer
146. 5th layer to receive data at B is ____________ b) Transport layer
c) Link layer A
d) Session layer
In the OSI model, as a data packet moves from the lower to the a) Added 2
147. upper layers, headers are _______ b) Removed 3
c) Rearranged B
d) Randomized

Which of the following statements can be associated with OSI a) A structured way to
148. model? discuss and easier update
system components C
b) One layer may
duplicate lower layer
functionality
c) Functionality at one
layer no way requires
information from another
layer
d) It is an application
specific network model
TCP/IP model does not have ______ layer but OSI model have ) session layer
149. this layer. b) transport layer
a c) application layer A
d) network layer
Which layer is used to link the network support layers and user
150. support layers? a) session layer
a) session layer b) data link layer C
b) data link layer c) transport layer
c) transport layer d) network layer
d) network layer
a) physical address and
151. Which address is used on the internet for employing the TCP/IP
protocols? logical address
b) port address D
c) specific address
d) all of the mentioned
Which layer is responsible for process to process delivery in a a) network layer
152. general network model? b) transport layer
c) session layer B
d) data link layer
Which address is used to identify a process on a host by the a) physical address
153. transport layer? b) logical address
c) port address C
d) specific address
Transmission data rate is decided by ____________ a) network layer
154. b) physical layer
c) data link layer B
d) transport layer
The attacker using a network of compromised devices is known a) Internet
155. as _____________ b) Botnet
c) Telnet B
d) D-net
a) Vulnerability attack
156. Which of the following is a form of DoS attack?
b) Bandwidth flooding
c) Connection flooding D
d) All of the mentioned
The DoS attack, in which the attacker establishes a large number a) Vulnerability attack
157. of half-open or fully open TCP connections at the target host is b) Bandwidth flooding
________ c) Connection flooding C
d) UDP flooding
a) Vulnerability attack
158. The DoS attack, in which the attacker sends deluge of packets to
the targeted host is ________ b) Bandwidth flooding
c) Connection flooding B
d) UDP flooding
Try not to keep ________________ passwords, especially a) Active receiver
159. fingerprint for your smart-phone, because it can lead to physical b) Passive receiver 2
hacking if you’re not aware or asleep. c) Legal receiver B 4
d) Partially-active receiver
Sniffers can be prevented by using _______________ a) Biometric
160. b) PIN-based
A

c) Alphanumeric
d) Short
Which of the following tool is used for Blackjacking? a) BBAttacker
161. b) BBProxy
B
c) Blackburried
d) BBJacking
BBProxy tool is used in which mobile OS? a) Android
162. b) Symbian
D
c) Raspberry
d) Blackberry
Which of the following is not a security issue for PDAs? a) Password theft
163. b) Data theft
C
c) Reverse engineering
d) Wireless vulnerability
Which one of the following algorithm is not used in asymmetric- a) rsa algorithm
164. key cryptography? b) diffie-hellman algorithm
C
c) electronic code book
algorithm
d) dsa algorithm
What is data encryption standard (DES)? a) block cipher
165. r b) stream cipher
A
c) bit cipher
d) byte ciphe
An attempt to make a computer resource unavailable to its a) Denial-of-service attack
166. intended users is called ______ b) Virus attack
A
c) Worms attack
d) Botnet process
Which one of the following is a cryptographic protocol used to a) stream control
167. secure HTTP connection? transmission protocol
B
(SCTP)
b) transport layer security
(TLS)
c) explicit congestion
notification (ECN)
d) resource reservation
protocol
Voice privacy in GSM cellular telephone protocol is provided by a) A5/2 cipher
168. _______ b) b5/4 cipher
A
c) b5/6 cipher
d) b5/8 cipher
Cryptographic hash function takes an arbitrary block of data and a) fixed size bit string
169 returns _________ b) variable size bit string
A
c) both fixed size bit string
and variable size bit string
d) variable sized byte
string
When a DNS server accepts and uses incorrect information from a) DNS lookup
170 a host that has no authority giving that information, then it is called b) DNS hijacking
C
_________ c) DNS spoofing
d) DNS authorizing
When a DNS server accepts and uses incorrect information from a) DNS lookup
171 a host that has no authority giving that information, then it is called b) DNS hijacking
A
_________ c) DNS spoofing
d) DNS authorizing
In asymmetric key cryptography, the private key is kept by a) sender
172 __________ b) receiver
B 2
c) sender and receiver 5
d) all the connected
devices to the network

Which one of the following algorithm is not used in asymmetric- a) rsa algorithm
173 key cryptography? b) diffie-hellman algorithm
C
c) electronic code book
algorithm
d) dsa algorithm
In cryptography, the order of the letters in a message is a) transpositional ciphers
174 rearranged by __________ b) substitution ciphers
A
c) both transpositional
ciphers and substitution
ciphers
d) quadratic cipher
What is data encryption standard (DES)? a) block cipher
175 b) stream cipher
A
c) bit cipher
d) byte cipher
Cryptanalysis is used __________ a) to find some insecurity
176 in a cryptographic scheme
A
b) to increase the speed
c) to encrypt the data
d) to make new ciphers
Which one of the following is a cryptographic protocol used to a) stream control
177 secure HTTP connection? transmission protocol
B
(SCTP)
b) transport layer security
(TLS)
c) explicit congestion
notification (ECN)
d) resource reservation
protocol
Voice privacy in GSM cellular telephone protocol is provided by a) A5/2 cipher
178 _______ b) b5/4 cipher
A
c) b5/6 cipher
d) b5/8 ciphe
ElGamal encryption system is __________ a) symmetric key
179 encryption algorithm
B
b) asymmetric key
encryption algorithm
c) not an encryption
algorithm
d) block cipher method
. Cryptographic hash function takes an arbitrary block of data and a) fixed size bit string
180 returns _________ b) variable size bit string
A
c) both fixed size bit string
and variable size bit string
d) variable sized byte
string
181 ………………………. specifies a complete set of rules for the A) Computer C
connections and interactions of its physical and logical Architecture
components for providing and utilizing communication B) Communication
services. Architecture
C) Network Architecture
D) Internet Architecture
Which type of cell provides the best level of service for average a) Acceptance cell
182 subscribers? b) Barred cell
D
c) Reserved cell
d) Suitable cell
With the normal cyclic prefix, how many symbols are contained in a) 7
2
183 1 frame? b) 140
B 6
c) 12
d) 40

What is the PBCH scrambled with? a) Current frame number
184 b) Physical cell ID
B
c) UE’s CRNTI
d) Not scrambled
What is the length of the shortest possible PDCCH in bits? a) 144
185 b) 288
C
c) 72
d) 576
What is the average uploading speed of 4G LTE network? a) 1-3 Gbps
186 b) 2-5 Gbps
D
c) 1-3 Mbps
d) 2-5 Mbps
Which of the following is not a part of the characteristic of 4G a) Multirate management
187 network? b) Fully converged
A
services
c) Software dependency
d) Diverse user devices
What does SGSN stands for? a) Serial Gateway
188 Supporting Node
C
b) Supporting GGSN
Support Node
c) Supporting GPRS
Support Node
d) Supporting Gateway
Support Node
What location management feature is supported by 4G? a) Concatenated Location
189 Registration
A
b) Concurrent Location
Register
c) Concatenated
Management
d) Collated Location
Registration
In 2007 ____________ announced its plan to transmit its network a) Verizon Wireless
190 to 4G standard LTE with joint efforts of Vodafone group. b) AirTouch
A
c) Netflix
d) V Cast
In brute force attack, on average half of all possible keys must be a) True
191 tried to achieve success. b) False
A
Divide (HAPPY)26 by (SAD)26. We get quotient – a) KD

192 b) LD
A
c) JC
d) MC
Which of these defined the internet? a) The Federal
193 Networking Council
A
b) The Federal Network
Council
c) The Federal
Networking Committee
d) The Federal Network
Committee
Which of these is not used by intranet? a) TCP
194 b) BSNL
B
c) IP
d) HTTP 2
Which of these is the easiest way of communication? a) E-mail
195 b) Telephone
A 7
c) Fax
d) Letter

Use Caesar’s Cipher to decipher the following a) ABANDONED LOCK
196 HQFUBSWHG WHAW b) ENCRYPTED TEXT
B
c) ABANDONED TEXT
d) ENCRYPTED LOCK
Caesar Cipher is an example of a) Poly-alphabetic Cipher
197 b) Mono-alphabetic
B
Cipher
c) Multi-alphabetic Cipher
d) Bi-alphabetic Cipher
Monoalphabetic ciphers are stronger than Polyalphabetic ciphers a) True
198 because frequency analysis is tougher on the former. b) False
B
Which are the most frequently found letters in the English a a) e,a
199 language ? b) e,o
C
c) e,t
d) e,i
Which of the following can be affected by atmospheric path a) Modern GPS surveying
200 disturbances? b) Conventional GPS
A
c) Absolute positioning
d) Resection method
Which among the following can be described as an application of a) Computation of
201 pseudo ranging? distance between satellite
B
and user
b) Computation of
distance between GPS
antenna and satellite
c) Computation of
distance between GPS
antenna and user
d) Computation of
distance between satellite
and object
For a 150-bit message and a 10-bit MAC, how many values are a) 2140
202 the MAC value dependent on? b) 2150
A
c) 215
d) 210
MACs are also called a) testword

203 b) checkword
D
c) testbits
d) none of the mentioned
For a 100 bit key and a 32 bit tag, how many possible keys can be a) 24
204 produced in the 3rd round? b) 232
A
c) 216
d) 264
MAC is a a) one-to-one mapping

205 b) many-to-one mapping
B
c) onto mapping
d) none of the mentioned
For an n-bit tag and a k-bit key, the level of effort required for a) 2k
206 brute force attack on a MAC algorithm is b) 2n
C
c) min(2k,2n)
d) 2k/2n
Which scheme uses a randomization approach? a) hashing by division
207 b) hashing by
C
multiplication
c) universal hashing 2
d) open addressing
Which hash function satisfies the condition of simple uniform a) h(k) = lowerbound(km) 8
208 hashing? b) h(k)= upperbound(mk)
A
c) h(k)= lowerbound(k)
d) h(k)= upperbound(k)

What is the hash function used in the division method? a) h(k) = k/m
209 b) h(k) = k mod m
B
c) h(k) = m/k
d) h(k) = m mod k
What can be the value of m in the division method? a) Any prime number
210 b) Any even number
A
c) 2p – 1
d) 2p
Which scheme provides good performance? a) open addressing
211 b) universal hashing
B
c) hashing by division
d) hashing by
multiplication
Using division method, in a given hash table of size 157, the key a) 19
212 of value 172 be placed at position ____ b) 72
C
c) 15
d) 17
How many steps are involved in creating a hash function using a a) 1
213 multiplication method? b) 4
D
c) 3
d) 2
What is the hash function used in multiplication method? a) h(k) = floor( m(kA mod
214 1))
A
b) h(k) = ceil( m(kA mod
1))
c) h(k) = floor(kA mod m)
d) h(k) = ceil( kA mod m)
What is the advantage of the multiplication method? a) only 2 steps are
215 involved
C
b) using constant
c) value of m not critical
d) simple multiplication
Which of the following is not used in the tracking system? a) Multiple frequency
216 b) Dual frequency
A
c) Single frequency
d) Military navigation
What is the average retrieval time when n keys hash to the same a) Theta(n)
217 slot? b) Theta(n2)
A
c) Theta(nlog n)
d) Big-Oh(n2)
What is a hash table? a) A structure that maps
218 values to keys
B
b) A structure that maps
keys to values
c) A structure used for
storage
d) A structure used to
implement stack and
queue
If several elements are competing for the same bucket in the a) Diffusion
219 hash table, what is it called? b) Replication
C
c) Collision
d) Duplication
Which of the following classes of positioning technique possess a) GPS
220 high precision? b) Viscous technique
D
c) Real time technique
d) Kinematic technique 2
What is the search complexity in direct addressing? a) O(n)
221 b) O(logn)
D 9
c) O(nlogn)
d) O(1)

What is a hash function?a) A function has
222 allocated memory to keys
B
b) A function that
computes the location of
the key in the array
c) A function that creates
an array
d) A function that
computes the location of
the values in the array
View Answer
Which of the following is not a technique to avoid a collision? ) Make the hash function
223 a appear random
D
b) Use the chaining
method
c) Use uniform hashing
d) Increasing hash table
size
What is the load factor? a) Average array size
224 b) Average key size
C
c) Average chain length
d) Average hash table
length
What is simple uniform hashing? a) Every element has
225 equal probability of
A
hashing into any of the
slots
b) A weighted probabilistic
method is used to hash
elements into the slots
c) Elements has Random
probability of hashing into
array slots
d) Elements are hashed
based on priority
Public key encryption/decryption is not preferred because a) it is slow
226 b) it is hardware/software
D
intensive
c) it has a high
computational load
d) all of the mentioned
Which one of the following is not a public key distribution means? a) Public-Key Certificates
227 b) Hashing Certificates
B
c) Publicly available
directories
d) Public-Key authority
PGP makes use of which cryptographic algorithm? a) DES
228 b) AES
C
c) RSA
d) Rabin
USENET is related to which of the following Public Key distribution a) Public-Key
229 schemes? Certificates
b) Public B
announcements
directories
d) Public-Key authority 3
Which of the following public key distribution systems is most a) Public-Key
230 secure? Certificates
A 0
b) Public
announcements

directories
Which of these systems use timestamps as an expiration date? a) Public-Key
231 Certificates
A
b) Public
announcements
directories
Which system uses a trusted third party interface? a) Public-Key
232 Certificates
A
b) Public
announcements
directories
Publicly Available directory is more secure than which other a) Public-Key
233 system? Certificates
B
b) Public
announcements
c) Public-Key authority
d) None of the
mentioned
Choose from among the following cipher systems, from best to the a) Random
234 worst, with respect to ease of decryption using frequency analysis. Polyalphabetic,
C
Plaintext, Playfair
b) Random
Polyalphabetic, Playfair,
Vignere
c) Random
Polyalphabetic, Vignere,
Playfair, Plaintext
d) Random
Polyalphabetic,
Plaintext, Beaufort,
Playfair
On Encrypting “thepepsiisintherefrigerator” using Vignere Cipher a)
235 System using the keyword “HUMOR” we get cipher text- abqdnwewuwjphfvrrtrfzn
B
sdokvl
b)
abqdvmwuwjphfvvyyrfzn
ydokvl
c)
tbqyrvmwuwjphfvvyyrfzn
ydokvl
d)
baiuvmwuwjphfoeiyrfzny
dokvl
The Index of Coincidence for English language is approximately a) 0.068
236 b) 0.038
C
c) 0.065
d) 0.048
Consider the cipher text message: a) 0.065

237 YJIHX RVHKK KSKHK IQQEV IFLRK QUZVA EVFYZ RVFBX b) 0.048
D
UKGBP KYVVB QTAJK TGBQO ISGHU CWIKX QUXIH DUGIU c) 0.067
LMWKG CHXJV WEKIH HEHGR EXXSF DMIIL UPSLW UPSLW d) 0.044 3
AJKTR WTOWP IVXBW NPTGW EKBYU SBQWS 1
Relative Frequencies –

3 7 2 2 5 5 7 9 11 4 14 4 2 1 3 4 6 5 6 5 7 10 9 8 4 2
The Index of Coincidence is –
Which among the following indicates the correct set of static GPS a) Long and normal
238 surveying technology classification? base lines
C
b) Medium and short
baselines
c) Long and short
baselines
d) Normal and short
base lines
What will be the length of the base line in case of short baseline a) Less than 50km
239 method of GPS surveying? b) Greater than 50km
A
c) Less than 2km
d) Greater than 100km
Which of the following is considered as modern GPS technology? a) GIS
240 b) GPS mode
D
c) Instantaneous mode
d) Kinematic positioning
technique
241
242
243
244
245
246
247
248
249
3
250
2

251
3
3

DIGITAL FORENSICS Final Stuff

Uploaded by

Copyright:

Available Formats

You might also like

DIGITAL FORENSICS Final Stuff

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DIGITAL FORENSICS Final Stuff

Uploaded by

Copyright:

Available Formats

DIGITAL FORENSICS

No Question Option Answe

-crucial when developing data map of digital evidence d. Drive Slack

2. . a logical drive a. EEPROM

3. - .EVE -> .DFT -> IOLogErrors a. Additional SIM

4. allows you to create a representation of another computer a. Partition

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

5. Considerations a. CORRECT: Exam

6. Can be exported as: 1.

7. UNIX DD~most common raw image format a. EnCase Output

8. electronically erasable programmable read-only memory a. Partition

-OS is stored in ROM: nonvolatile memory

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

-encryption: bit shifting/stenography c. Virtual Machine

11. -gives us a road map to data on a disk a. CORRECT: file

-all mobile devices have volatile memory that may contain

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

14. a database that stores hardware and software configuration 1.

-can contain valuable info about current/past applications b. CORREC

16. subscribers identity module cards a. EEPROM

-portability of information makes SIM cards versatile

17. EnCase (E01) a. Five Major

-Sleuth Kit (AFF) c. EnCase Output

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

Order: c. Drive Slack

-devices are dynamic in location; communications and d. Acquisiti

20. analog a. Data-hiding

*continuing to evolve c. Order of

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

-write blockers sits between the suspect/source drive and

23. primary Windows based: a. Computer

primarily Linux based: Tools

24. IM card readers: a combination hardware/software device a. file system

-general forensic procedure for SIM cards: c. CORRECT: Mobil

-a variety of SIM card readers are on the market: some are

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

-mobile forensic tools and utilities:

25. EX01 a. CORRECT: EnCa

26. ook for versatility, flexibility, and robustness: 1.

_________ framework made cracking of vulnerabilities easy like a) .Net

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

Which of this Nmap do not check? a) services different hosts

Which of the below-mentioned tool is used for Wi-Fi hacking? a) Wireshark

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

________ is a password recovery and auditing tool. a) LC3

L0phtCrack is formerly known as LC3. a) True

IEEE 802.8 is/was – a) IBM Token Bus

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

TCP/IP is composed of _______ number of layers. a) 2

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

DEVELOPED & CREATED BY UJWAL & ABHIJEET |

C)Entity equipment public key

D)None of the above All of them

4. None of the Round about

DEVELOPED & CREATED BY UJWAL & ABHIJEET |