Professional Documents
Culture Documents
DIGITAL FORENSICS Final Stuff
DIGITAL FORENSICS Final Stuff
DIGITAL FORENSICS Final Stuff
(MCQ’s)
---------------------------------------------------------------------------------------------------------
1. 1.
systematic tracking of incoming and outgoing traffic: to
ascertain how an attack was carried out or how an event
a. SIM Cards C
occurred on a network. b. Windows
intruders and network users often leave trail behind Registry
c. CORRECT: Net
-identify locations where relevant digital evidence exists
work Forensics
b. PDA's D
c. SIM Cards
d. CORRECT: Partition
c. CORRECT: Files
Found When
Acquisition is Done
(ProDiscover)
d. Mobile Forensics
1
Equiptment
c. Drive Slack
d. SIM Cards
d. SIM Cards
c. Windows
Registry
d. CORRECT: ProD
iscover Report
c. ProDiscover Report
d. CORRECT: Types of
The Formats
ProDiscover
Creates
b. file system C
-how phones store system data
c. CORRECT: EEPROM
-enables service providers to reprogram phones without d. SIM Cards 2
having to physically access memory chips
d. CORRECT: Data-
hiding Techniques
d. SIM Cards
12. -the main concerns with mobile devices are loss of power
and synchronization with PC's or the cloud (wired or C
wireless).
13. acquisition~preservation~collection 1.
a. Network B
Forensics
-validation~discrimination~culling
b. CORRECT: Five
Major Categories
~examination~extraction~review
c. SIM Cards 3
d. Write Blockers
~reconstruction~analysis
c. file
system
d. Write
Blockers
15. unused space in a cluster between the end of an active file a. SIM Cards D
and the end of a cluster. (Includes RAM slack and file slack)
b. file system
c. Write Blockers
d. CORRECT: Drive
Slack
b. PDA's C
-found most commonly in GSM devices
c. CORRECT: SIM
-microprocessor and from 16KB to 4MB EEPROM Cards
d. Drive Slack
-GSM refers to mobile phones as "mobile station" and
divides a station into two parts: the sim card and the mobile
equipment and common network in global networks
18. -How long a piece of information lasts on a system versus a. CORRECT: Order
data that must be collected and preserved before its lost, of Volatility A
corrupted, or backed up.
b. Partition
-analog
d. Challenges With
Mobile Devices
5
21. identifies the subscriber to the network a. Five Major
Categories C
-stores personal information
b. ProDiscover
22. -hardware utilized for protecting source/hard drive from a. file system
data alteration/tampering while collecting, preserving, and
b. Drive Slack D
reviewing CSI.
c. SIM Cards
-prevents operating systems and computer programs from d. CORRECT: Write
making "writes" to the hard drive being acquired, examined,
Blockers
or analyzed.
c. EEPROM
d. Network
Forensics
b. Mobile
-Keep in mind what application files and operating system Forensics
you'd be analyzing Equiptment
c. Types of
The Formats
ProDiscover
Creates
d. Compute
r Forensic
Software Tools
a) Firewall bypassing
36. Aircrack-ng is used for ____________
b) Wi-Fi attacks
c) Packet filtering B
d) System password
cracking
_____________ is a popular IP address and port scanner. a) Cain and Abel
37. b) Snort
c) Angry IP Scanner C
d) Ettercap
_______________ is a popular tool used for network analysis in a) Snort
38. multiprotocol diverse network. b) SuperScan
c) Burp Suit D
d) EtterPeak
____________ scans TCP ports and resolves different a) SuperScan 8
39. hostnames. b) Snort
c) Ettercap A
d) QualysGuard
Which of the following was the IBM Token bus? a) IEEE 802.10
48. b) IEEE 802.11
c) IEEE 802.1 D
d) IEEE 802.4
What is the function of Network Interface Cards? a) connects the clients,
49. servers and peripherals to 9
the network through a port A
b) allows you to segment
a large network into
smaller, efficient networks
3. ELR
4. VLR
92. Which of the following stores Mobile Subscriber A)Home location secret key
ISDN number – MSISDN? register A
B)Visitor location private key
1.
register
93. which of the following Codes with specific 1. GSM Single Round
characteristics can be applied to the transmission?
C
2. GPRS Double Rounds
Multiple Round
1
3. CDMA
4
3. TCP Secrets
c.TELE
d. ALL
97. TCP supports many of the Internet’s most popular 1. World Wide block of packets
application protocols and resulting applications,
including
Web D
D
2. Congestion control 6 Bits
d. NOTA
102. I-TCP and Snooping TCP does not help much if a 1. Out of coverage
mobile host gets area
2. Disconnected B
3. Battery power low
4. None of the above
112. Which of the following protocols ‘snoops’ the packet 1. Indirect TCP
flow in both directions to recognize 2. Snooping
acknowledgments? 3. Both a and b D
4. None of the above
1.
B) 48-bit B
C) 54-bit
D) 42-bit
above
c. Application Layer
d. None
c. IP
b. Hardware error 2
0
d. Software error
d. Stop transmission
b. Doubles the
congestion window
every time the
acknowledgments
come back
c. Triples the
congestion window
every time the
acknowledgments
come back
128. The behavior TCP shows after the detection of a. Slow start
congestion is called
A
b. Packet drop
c. I-TCP
130. Which of the following the foreign agent buffers all a. Snooping TCP
packets with destination mobile host and
additionally ‘snoops’ the packet flow in both A
b. Indirect TCP
directions to recognize acknowledgments?
c. Mobile TCP
d. None
d. Selective
Transmission
Which are the most frequently found letters in the English a a) e,a
199 language ? b) e,o
C
c) e,t
d) e,i
Which of the following can be affected by atmospheric path a) Modern GPS surveying
200 disturbances? b) Conventional GPS
A
c) Absolute positioning
d) Resection method
Which among the following can be described as an application of a) Computation of
201 pseudo ranging? distance between satellite
B
and user
b) Computation of
distance between GPS
antenna and satellite
c) Computation of
distance between GPS
antenna and user
d) Computation of
distance between satellite
and object
For a 150-bit message and a 10-bit MAC, how many values are a) 2140
202 the MAC value dependent on? b) 2150
A
c) 215
d) 210
Relative Frequencies –
Which among the following indicates the correct set of static GPS a) Long and normal
238 surveying technology classification? base lines
C
b) Medium and short
baselines
c) Long and short
baselines
d) Normal and short
base lines
What will be the length of the base line in case of short baseline a) Less than 50km
239 method of GPS surveying? b) Greater than 50km
A
c) Less than 2km
d) Greater than 100km
Which of the following is considered as modern GPS technology? a) GIS
240 b) GPS mode
D
c) Instantaneous mode
d) Kinematic positioning
technique
241
242
243
244
245
246
247
248
249
3
250
2
3
3