4 Chapter ETI MCQ
4 Chapter ETI MCQ
5. In the past, the method for expressing an opinion has been to frame a ____ question
based on available factual evidence.
A. Hypothetical
B. Nested
C. Challenging
D. Contradictory
Ans: A
6. More subtle because you are not aware that you are running these macros (the
document opens and the application automatically runs); spread via email
A. The purpose of copyright
B. Danger of macro viruses
C. Derivative works
D. computer-specific crime Ans: B
7. There are three c's in computer forensics. Which is one of the three?
A. Control
B. Chance
C. Chains
D. Core
Ans: A
8. When Federal Bureau Investigation program was created?
A.1979
B.1984
C.1995
D.1989
Ans: B
14. _______phase includes putting the pieces of a digital puzzle together and
developing investigative hypotheses
A. Preservation phase
B. Survey phase
C. Documentation phase
D. Reconstruction phase
E. Presentation phase
Ans: D
15. In _______phase investigator transfers the relevant data from a venue out of
physical or administrative control of the investigator to a controlled location
A. Preservation phase
B. Survey phase
C. Documentation phase
D. Reconstruction phase
E. Presentation phase
Ans:B
16. In _______phase investigator transfers the relevant data from a venue out of
physical or administrative control of the investigator to a controlled location
F. Preservation phase
G. Survey phase
H. Documentation phase
I. Reconstruction phase
J. Presentation phase
Ans:B
18. A set of instruction compiled into a program that perform a particular task is
known as: A. Hardware.
B.CPU
C. Motherboard
D. Software
Ans: D
20. To collect and analyze the digital evidence that was obtained from the physical
investigation phase, is the goal of which phase? A. Physical crime investigation
B. Digital crime investigation.
C. Review phase.
D. Deployment phase.
Ans: B
22. Which phase entails a review of the whole investigation and identifies area of
improvement? A. Physical crime investigation
B. Digital crime investigation.
C. Review phase.
D. Deployment phase
Ans: C
24. ___________is well established science where various contribution have been
made A. Forensic
B. Crime
C. Cyber Crime
D. Evidence
Ans: A
29. __________ is software that blocks unauthorized users from connecting to your
computer. A. Firewall
B. Quick lauch
C. OneLogin
D. Centrify
Ans: A
35. Which term refers for modifying a computer in a way which was not originally
intended to view Information? A. Metadata
B. Live analysis
C. Hacking
D. Bit Copy
Ans: C
36. The ability to recover and read deleted or damaged files from a criminal’s
computer is an example of a law enforcement specialty called?
A. Robotics
B. Simulation
C. Computer Forensics
D. Animation
Ans: C
37. What are the important parts of the mobile device which used in Digital
forensic? A. SIM
B. RAM C. ROM.
D.EMMC chip
Ans: D
38. Using what, data hiding in encrypted images be carried out in digital
forensics? A. Acquisition.
B. Steganography. C.
Live analysis
D. Hashing.
And: B
42. ________searches through raw data on a hard drive without using a file
system. A. Data mining
B. Data carving
C. Meta data D. Data Spoofing.
Ans: B
43. What is first step to Handle Retrieving Data from an Encrypted Hard
Drive? A. Formatting disk
B. Storing data
C. Finding configuration files.
D. Deleting files.
Ans: C
Digital evidence
1.A valid definition of digital evidence is: A. Data stored or transmitted using a computer B.
Information of probative value
C. Digital data of probative value
D. Any digital evidence on a computer
Ans: C
2. What are the three general categories of computer systems that can contain digital evidence? A.
Desktop, laptop, server
B. Personal computer, Internet, mobile telephone
C. Hardware, software, networks
D. Open computer systems, communication systems, and embedded
systems Ans: D
3. In terms of digital evidence, a hard drive is an example of:
A. Open computer systems
B. Communication systems
C. Embedded computer systems
D. None of the above
Ans: A
10. Private networks can be a richer source of evidence than the Internet because: A. They retain
data for longer periods of time.
B. Owners of private networks are more cooperative with law enforcement.
C. Private networks contain a higher concentration of digital evidence.
D. All the above.
Ans: C
11. Due to caseload and budget constraints, often computer security professionals attempt to limit
the damage and close each investigation as quickly as possible. Which of the following is NOT
a significant drawback to this approach?
A. Each unreported incident robs attorneys and law enforcement personnel of an opportunity to
learn about the basics of computer-related crime.
B. Responsibility for incident resolution frequently does not reside with the security
professional, but with management.
C. This approach results in under-reporting of criminal activity, deflating statistics that are
used to allocate corporate and government spending on combating computer-related crime.
D. Computer security professionals develop loose evidence processing habits that can make
it more difficult for law enforcement personnel and attorneys to prosecute an offender. None
of the above
Ans: B
12. The criminological principle which states that, when anyone, or anything, enters a crime scene
he/she takes something of the scene with him/her, and leaves something of himself/herself
behind, is:
A. Locard’s Exchange Principle
B. Differential Association Theory
C. Beccaria’s Social Contract
D. None of the above
Ans: A
13. The author of a series of threatening e-mails consistently uses “im” instead of “I’m.” This is an
example of:
A. An individual characteristic
B. An incidental characteristic
C. A class characteristic
D. An indeterminate characteristic
Ans: A
14. Personal computers and networks are often a valuable source of evidence. Those involved with
_______ should be comfortable with this technology.
A. Criminal investigation
B. Prosecution
C. Defense work
D. All of the above Ans:
15. An argument for including computer forensic training computer security specialists is: A. It
provides an additional credential.
B. It provides them with the tools to conduct their own investigations. C.
It teaches them when it is time to call in law enforcement.
D. None of the above. Ans: C
16. The digital evidence are used to establish a credible link between____________
A. Attacker and victim and the crime scene
B. Attacker and the crime scene
C. Victim and the crime scene
D. Attacker and Information
Ans: A
18. From the two given statements 1 and 2, select the correct option from a-
d. a. Original media can be used to carry out digital investigation process.
b. By default, every part of the victim’s computer is considered as unreliable.
A. a and b both are true
B. a is true and b is false
C. a and b both are false
D. a is false and b is true
Ans: B
19. The evidences or proof can be obtained from the electronic source is called the ___________
A. digital evidence
B. demonstrative evidence
C. Explainable evidence
D. substantial evidence
Ans: A
21. The evidence must be usable in the court which is called as_______
A. Admissible
B. Authentic
C. Complete
D. Reliable
Ans: A
22. Photographs, videos, sound recordings, X-rays, maps drawing, graphs, charts is a a type of
_____________
A. Illustrative evidence
B. Electronic evidence
C. Documented evidence
D. Explainable evidence
Ans: A
25. When an incident takes place, a criminal will leave a hint evidence at the scene and remove a
hint from the scene which is called as ____________
A. Locard’s Exchange principle
B. Anderson’s Exchange principle
C. Charles’s Anthony principle
D. Kevin Ashton principle
Ans: A
26. Which is not procedure to establish a chain of custody? A. Save the original materials. B. Take
photos of physical evidence.
C. Don’t take screenshots of digital evidence content.
D. Document date, time, and any other information of receipt.
Ans: C
30.The process of ensuring that providing or obtaining the data that you have collected is
similar to the data provided or presented in a court is known as___________
A. Evidence validation
B. Relative evidence
C. Best evidence
D. Illustrative evidence
Ans: A
31.When cases got to trial your forensics examiner play one of ____ role. A.
2
B. 4
C. 3 D. 5
Ans. A
A. Eye witness
B. Picture and video
C. Paper work
D. None of the above
Ans B
A. Law of witness
B. Law of litigation
C. Law of evidence
D. All of the above
Ans. C
---------------------------------------------------------------------------------------------------------------
- ----
2. Attorneys and police are encountering progressively more digital evidence in their work. A.
True
B. False
Ans: A
6. Computers were involved in the investigations into both World Trade Center attacks. A. True
B. False
Ans: A
10. The aim of a forensic examination is to prove with certainty what occurred. A. True B. False
Ans: B
11. Even digital investigations that do not result in legal action can benefit from principles of
forensic science.
A. True
B. False
Ans: A
12. Forensic science is the application of science to investigation and prosecution of crime or to
the just resolution of conflict.
A. True
B. False
Ans: A