CCT 240 Exam Prep | Questions with complete solutions Flora recently received a mail from a bank that contained a malicious link along with some instructions. The malicious link redirected her to a form requesting det
...
CCT 240 Exam Prep | Questions with complete solutions Flora recently received a mail from a bank that contained a malicious link along with some instructions. The malicious link redirected her to a form requesting details such as her name, phone number, date of birth, credit card number, CVV code, SNNs, and email address. Identify the type of cybercrime being performed on Flora in the above scenario. Phishing Kane, a disgruntled employee of an organization, was waiting for an opportunity to target the organization. One day, he gained access to the project manager's system and copied all the secret codes to his portable device. After copying, Kane handed over the code to a rival company, which released the software to the public with their proprietary patents. Identify the type of attack Kane has launched in the above scenario. Intellectual Property Theft Which of the following acts contains Article 32, which deals with technical and organizational measures to encrypt personal data and ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services? GDPR Which of the following phases of a forensic investigation involves acquiring, preserving, and analyzing evidence found in the crime scene to identify the culprit? Investigation Phase Identify the member of an investigation team who provides legal advice on conducting the investigation and addresses the legal issues involved in the forensic investigation process. Attorney Which of the following components in the internal structure of a solid-state drive (SSD) acts as a bridge between the flash memory components and the system by executing firmware-level software? Controller Which of the following phases of the UEFI boot process initializes the CPU, permanent memory, and boot firmware volume (BFV) as well as locates and initializes the hardware found in the system? Pre-EFI initialization phase Which of the following data acquisition formats consists of generic objects such as volumes, streams, and graphs with externally accessible behavior? AFF4 Which of the following techniques in digital forensics investigation involves a backup program that an investigator should have in case certain hardware or software does not work or a failure occurs during an acquisition? Plan for contingency Which of the following processes is defined as a set of techniques that attackers or perpetrators use to avert or sidetrack a forensic investigation process or substantially increase its difficulty? Anti-forensics Which of the following countermeasures helps forensic experts overcome anti-forensics attempts? Impose strict laws against the illegal use of anti-forensics tools Which of the following tools can be used by an investigator to view, retrieve, and in some cases modify the metadata embedded in JPEG image files? IrfanView Which of the following commands helps investigators retrieve information on all active processes and open files? Lsof Identify the Volatility Framework plugin that provides information on all TCP and UDP port connections, which can help in detecting any malicious network communications running on a system? linux_netstat Robert, a computer user, unintentionally installed software by clicking on a malicious link of an insecure website. Upon installing the software, his system degraded in performance and started showing signs of suspicious activities. Which of the following types of attack is Robert a victim of? Malware attack Which of the following Apache web-server architecture elements handles server startups/timeouts and contains the main server loop that waits for connections? http_main Which of the following parameters in the common log format of Apache represents the client's IP address? %h Which of the following commands is used by security specialists to check whether sessions have been opened with other systems? C:> netstat -na While investigating a web attack on a Windows-based server, Jessy executed the following command on her system: C:> net view <10.10.10.11> What was Jessy's objective in running the above command? Verify the users using open sessions Which of the following types of domain is used to host a website anonymously using Tor's hidden service protocol and can only be accessed by Tor network users? .onion In a layer of the web, contents are not indexed by search engines and can only be accessed by a user with due authorization. Identify this layer of the web. Deep Web Which of the following is an outgoing mail server that allows users to send emails to a valid email address using port number 25? SMTP server Which of the following email features enables organizations to specify servers that can send emails on behalf of their domains? SPF Which of the following tools helps a forensics investigator develop and test across multiple operating systems in a virtual machine for Mac and allows access to Microsoft Office for Windows? Parallels Desktop 16 Which of the following file dependencies is a networking DLL that helps connect to a network or perform network-related tasks? WSock32.dll Which of the following command-line tools helps investigators analyze a suspect Office document and check whether any components are labeled as malicious? Oleid Which of the following types of cybercrime involves taking advantage of unsanitized input vulnerabilities to pass commands through a web application and thereby retrieve information from the target database? SQL injection attack Which of the following types of cybercrime is an offensive activity in which a computer connected to the web is employed as a source point to damage an organization's reputation? Cyber defamation Which of the following types of digital evidence is temporary information on a digital device that requires constant power supply to retain and is deleted if the power supply is interrupted? Volatile data Calvin, a forensic crime investigator, retrieved evidence from a device that consists of usage logs, time and date information, network identity information, and ink cartridges. Identify the device from which Calvin obtained the evidence. Printer Identify the rule of evidence stating that investigators and prosecutors must present evidence in a clear and comprehensible manner to the members of the jury. Understandable Which of the following steps of forensic readiness planning defines the purpose of evidence collection and gathering information to determine evidence sources that can help deal with the crime and design the best methods of collection? Identify the potential evidence required for an incident* Which of the following tasks is the responsibility of a forensic investigator? Evaluate the damage due to a security breach Which of the following laws was enacted in 1999 and requires financial institutions—companies offering consumers financial products or services such as loans, financial or investment advice, or insurance—to explain their information-sharing practices to their customers and to safeguard sensitive data? GLBA Which of the following titles of ECPA addresses the privacy of the contents of files stored by service providers and records held about the subscriber by service providers, such as subscriber name, billing records, and IP addresses? Title 2 In which of the following investigation phases does the forensic officer perform data acquisition, preservation, and analysis of evidentiary data to identify the source of a crime and the culprit? Investigation phase Lincoln, a forensic investigator, collected evidence from a crime scene. He used some hardware and software tools to complete the investigation process. Lincoln then created a report and documented all the actions performed during the investigation. Identify the investigation phase Lincoln is currently in. Post-investigation phase Joshua, a certified forensic expert, built a forensic lab for conducting a computer-based investigation. To make the investigation processes effective, he recruited experienced individuals and experts. Joshua then assigned job roles to each team member. Which of the following considerations is illustrated in the above scenario? Human resource considerations Easton, a forensics investigation team member, accumulated information from each person involved in the forensics process and developed a report of it in an orderly fashion, from the incident occurrence to the end of the investigation. Identify the role played by Easton in the investigation team. Evidence documenter Cooper, a member of a forensics investigation team, was investigating a cyber-attack performed on an organization. During the investigation process, Cooper secured the incident area and collected all the evidence, following which he disconnected the affected systems from other systems to stop the spread of the incident. Identify the role played by Cooper in the investigation team. Incident responder In which of the following phases of the computer forensics investigation methodology must the investigator take a photograph of the computer monitor's screen and note down what was observed on the screen? Documentation of the electronic crime scene Which of the following is a search and seizure step that involves seeking consent, obtaining witness signatures, obtaining a warrant for search and seizure, and collecting incident information? Planning of the search and seizure Which of the following is a process of imaging or collecting information from various media in accordance with certain standards for analyzing its forensic value? Data acquisition Which of the following will be present in the "Supporting Files" section of a forensics investigation report? Attachments and appendices Identify the forensics investigation report section that includes the tools and techniques used for collecting the evidence during the investigation process. Evidence information Which of the following characteristics of a hard disk represents the time taken by a hard-disk controller to identify a particular piece of data? Seek time Identify the smallest physical storage unit on a hard disk drive that normally stores 512 bytes of data for HDDs and 2048 bytes for CD-ROMs and DVD-ROMs. Sector Which of the following contents of a sector contains the sector number and location, which identify sectors on the disk, as well as status information on the sector? ID information Identify the part in the MBR structure that is located at the end of the MBR, holds only 2 bytes of data, and is required by BIOS during booting? Disk signature Ryder, a computer user, has a system running on Windows OS with a FAT file system. He encountered a blue screen issue; as a result, he turned off the system without closing the running applications. Ryder employed a Windows built-in utility to check for any bad sectors and lost clusters on his hard disk to overcome this issue. Identify the utility employed by Ryder in the above scenario. Chkdsk.exe In which of the following phases of the UEFI boot process does the system clear the UEFI program from memory and transfer it to the OS? Runtime phase Harrison, a forensic investigator, was working on a criminal case in which he had to extract all the possible data related to criminal activity on a device running Windows OS. For this purpose, Harrison wanted to view the detailed partition layout for the GPT disk, along with the MBR details. Which of the following commands will help Harrison in the above scenario? Mmls Which of the following components of EFS uses CryptoAPI to extract the file encryption key (FEK) for a data file and uses it to encode the FEK to produce the DDF? EFS Service Which of the following structures of the HFS volume keeps track of the allocation blocks in use and those that are free? Logical Block 2 Which of the following tools is mainly used to inspect and edit all types of files as well as to recover deleted files or lost data from hard drives with corrupt file systems or from memory cards of digital cameras? WinHex Which of the following functionalities of Autopsy recovers deleted files from unallocated space using PhotoRec? Data carving Which of the following is a library and collection of command-line tools that assist in the investigation of disk images? The Sleuth Kit Hudson, a forensic expert, was investigating an active computer that was executing various processes. Hudson wanted to check whether this system was used in an incident that occurred earlier. He started inspecting and gathering the contents of RAM, cache, and DLLs to identify incident signatures. which of the following data acquisition methods has Hudson initiated in the above scenario? Live data acquisition Williams, a forensic specialist, was appointed to perform data acquisition on a victim system that was involved in cybercrime related to a phishing campaign. As the system was in a powered-off state, Williams extracted static data from the hard disk. dentify the static data recovered by Williams in the above scenario. Cookies Identify the evidence source that contains the least volatile data as the digital information in such data sources does not automatically change, unless it is damaged under physical force. Archival media Gael, a forensic expert, was working on a case related to fake email broadcasting. Gael extracted the data from the victim system to investigate and find the source of the email server. In this process, Gael extracted only ".ost" files from the system as they can provide potential information about the incident. Which of the following types of data acquisition has Gael performed in the above scenario? Logical acquisition Arnold, a crime investigator, wants to retrieve all the deleted files and folders in the suspected media without affecting the original files. For this purpose, he uses a method that involves the creation of a cloned copy of the entire media and prevents the contamination of the original media. Identify the method utilized by Arnold in the above scenario. Bit-stream imaging George, a forensics specialist, was investigating a suspected machine found at a crime scene. He started inspecting the storage media of the device by creating a bit-by-bit copy of it but failed to do so as the suspected drive was very old and incompatible with the imaging software he was using. Which of the following data acquisition methods failed in the above scenario because the suspect system drive was old? Bit-stream disk-to-image file A data acquisition format creates a bit-by-bit copy of the suspected drive, and images in this format are usually obtained using the dd command. Identify this data acquisition format. Raw format Identify the AFF4 object that includes collections of RDF statements. Graphs Samuel, a computer forensic investigator, collects evidence data and verifies the integrity of the data. In this process, he uses a cryptographic hash algorithm that can create a unique and fixed-size 256-bit hash, which is ideal for anti-tamper technologies, password validation, digital signatures, and challenge hash authentication. Identify the algorithm utilized by Samuel to verify the integrity of the data. SHA Which of the following is a set of techniques that attackers use to avert or sidetrack the forensics investigation process or increase its difficulty? Anti-forensics
[Show More]
