212-89 Online Practice Questions and Answers

Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?

A. Evidence Supervisor

B. Evidence Documenter

C. Evidence Manager

D. Evidence Examiner/ Investigator

The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

A. If the insider's technical literacy is low and process knowledge is high, the risk posed by the threat will be insignificant.

B. If the insider's technical literacy and process knowledge are high, the risk posed by the threat will be insignificant.

C. If the insider's technical literacy is high and process knowledge is low, the risk posed by the threat will be high.

D. If the insider's technical literacy and process knowledge are high, the risk posed by the threat will be high.

Which of the following incidents are reported under CAT -5 federal agency category?

A. Exercise/ Network Defense Testing

B. Malicious code

C. Scans/ probes/ Attempted Access

D. Denial of Service DoS

Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Adam to do?

A. Apply the control

B. Not to apply the control

C. Use qualitative risk assessment

D. Use semi-qualitative risk assessment instead

An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

A. Nessus

B. CyberCop

C. EtherApe

D. nmap

The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort

B. Wireshark

C. Cain and Able

D. nmap

To respond to DDoS attacks; one of the following strategies can be used:

A. Using additional capacity to absorb attack

B. Identifying none critical services and stopping them

C. Shut down some services until the attack has subsided

D. All the above

A Malicious code attack using emails is considered as:

A. Malware based attack

B. Email attack

C. Inappropriate usage incident

D. Multiple component attack

What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

A. "arp" command

B. "netstat 璦n" command

C. "dd" command

D. "ifconfig" command

Which of the following is NOT one of the Computer Forensic types:

A. USB Forensics

B. Email Forensics

C. Forensic Archaeology

D. Image Forensics