Question 1

Each RP folder contains a set of files that were changed since the last Restore Point.

Accepted Answer

A) True 
 B)False

Question 2

List the skills that you need to become proficient at analyzing malware.

Accepted Answer

In-depth knowledge of operating systems.

Question 3

What is the pre-incident preparation that must take place for a CSIRT?

Accepted Answer

A CSIRT cannot be slapped together when

Question 4

A ____ of a hard disk is a bit by bit duplicate,including the boot sector,the partition table,all partitions,hidden files,bad sectors,and even the unallocated space on the hard drive.

Accepted Answer

A) usable copy 
B) forensic copy 
C) bit copy 
D) file copy 
A) usable copy 
B) forensic copy 
C) bit copy 
D) file copy

Question 5

The ____ file is used when Windows goes into hibernation.

Accepted Answer

A) Hiberfil.sys 
B) Pagefile.sys 
C) IO.sys 
D) BOOT.INI 
A) Hiberfil.sys 
B) Pagefile.sys 
C) IO.sys 
D) BOOT.INI

Question 6

Match each item with a statement below.
-A symbolic representation of a family of strings that can be generated from the expression

Accepted Answer

A) Restore Point 
B) CSIRT 
C) Regular expression 
D) Slack space 
E) Honeypot 
A) Restore Point 
B) CSIRT 
C) Regular expression 
D) Slack space 
E) Honeypot

Question 7

A network of honeypots is called a(n)____________________.

Accepted Answer

The answer of A network of honeypots is called a(n)____________________....

Question 8

The first thing you want to do before analyzing network traffic is make sure you have permission to look at it.

Accepted Answer

A) True 
 B)False

Question 9

List UNIX/Linux systems files that are of particular interest to the forensic examiner.

Accepted Answer

Binary log files utmp,wtmp,and lastlog.T

Question 10

A forensic examiner must be familiar with the structure and operation of different file systems and operating systems.

Accepted Answer

A) True 
 B)False

Each RP folder contains a set of files that were changed since the last Restore Point.

List the skills that you need to become proficient at analyzing malware.

What is the pre-incident preparation that must take place for a CSIRT?

A ____ of a hard disk is a bit by bit duplicate,including the boot sector,the partition table,all partitions,hidden files,bad sectors,and even the unallocated space on the hard drive.

The ____ file is used when Windows goes into hibernation.

Match each item with a statement below. -A symbolic representation of a family of strings that can be generated from the expression

A network of honeypots is called a(n)____________________.

The first thing you want to do before analyzing network traffic is make sure you have permission to look at it.

List UNIX/Linux systems files that are of particular interest to the forensic examiner.

A forensic examiner must be familiar with the structure and operation of different file systems and operating systems.

What Is a Computer Network

Network Topology

Networking Hardware

Ethernet Technology

Token-Ring, fddi, and Other LAN Technologies

Network Design and Troubleshooting Scenarios

Low-Level Protocols

The Tcpip Protocols

Ipxspx, Appletalk, and Other Network Protocols

Switching and Routing

Network Management and Security

Electronic Mail

FTP and Telnet

Multimedia Networking

The Internet

Writing a Network Application

An Introduction to Networking With Windows

Windows Domains

Unix and Linux

Other Network Operating Systems

Cryptography and Security

Security Hardware

Security Software

Filters

Exam 24: Forensic Techniques

Each RP folder contains a set of files that were changed since the last Restore Point.

List the skills that you need to become proficient at analyzing malware.

What is the pre-incident preparation that must take place for a CSIRT?

A ____ of a hard disk is a bit by bit duplicate,including the boot sector,the partition table,all partitions,hidden files,bad sectors,and even the unallocated space on the hard drive.

The ____ file is used when Windows goes into hibernation.

Match each item with a statement below. -A symbolic representation of a family of strings that can be generated from the expression

A network of honeypots is called a(n)____________________.

The first thing you want to do before analyzing network traffic is make sure you have permission to look at it.

List UNIX/Linux systems files that are of particular interest to the forensic examiner.

A forensic examiner must be familiar with the structure and operation of different file systems and operating systems.

What Is a Computer Network

Network Topology

Networking Hardware

Ethernet Technology

Token-Ring, fddi, and Other LAN Technologies

Network Design and Troubleshooting Scenarios

Low-Level Protocols

The Tcpip Protocols

Ipxspx, Appletalk, and Other Network Protocols

Switching and Routing

Network Management and Security

Electronic Mail

FTP and Telnet

Multimedia Networking

The Internet

Writing a Network Application

An Introduction to Networking With Windows

Windows Domains

Unix and Linux

Other Network Operating Systems

Cryptography and Security

Security Hardware

Security Software

Filters