Q.1 Which of the following are the phases of the incident response process as defined by NIST?
A. Preparation > Detection > Analysis > Containment
B. Detection > Analysis > Containment and Eradicaton > Recovery
C. Preparation > Detection and Analysis > Containment, Eradication, and Recovery >Post-Incident Activity
D. Detection > Analysis > Containment and Eradicaton > Post Incident Recovery
Ans : Preparation > Detection and Analysis > Containment, Eradication, and Recovery >Post-Incident Activity
Q.2 Which of the following are useful incident analysis resources?
A. Phones and contact information
B. Documentation, network diagrams, critical file hash values
C. Removable media, forensic software, digital cameras, etc.
Ans : Documentation, network diagrams, critical file hash values
Q.3 Which of the following tricks the user into thinking they are on a real system but in reality is a virtual environment to collect incidents?
Ans : Sandboxes
Q.4 “All incidents are events but an event is not necessarily an incident”.
Ans : True
Q.5 It is ok if minor alterations occur in the evidence during forensic analysis.
Ans : False
Q.6 Which of the following can be considered as information assets?
A. Client Data
B. Application Software
C. System Software
D. Corporate Data
E. All of these
Ans : All of these
Q.7 Which of the following pertains to legal evidence found in computers and digital storage media?
A. Security Incident Management
D. Computer Forensics
Ans : Computer Forensics
Q.8 Which of the following is primarily used to collect device logs from several different machines in a central location for monitoring and review?
C. Network log
Ans : Syslog
Q.9 What does live forensic acquisition acknowledge?
A. Volatility of the evidence
B. Integrity of the evidence
C. Confidentiality of evidence
Ans : Volatility of the evidence
Q.10 Which of the following are steps in the digital forensic process?
A. Seizure >Acquisition and analysis of digital media > Production of a report
B. Preparation > Detection > Analysis > Containment
Ans : Seizure >Acquisition and analysis of digital media > Production of a report