Question 1Digital forensics is commonly applied to which of the following activities?1 pointCriminal investigationIncident handlingData recoveryAll of the above2.Question 2NIST includes which three (3) as steps in collecting data? (Select 3)1 pointAcquire the dataDevelop a plan to aquire the dataNormalize the dataVerify the integrity of the data3.Question 3What is the primary purpose of maintaining a chain of custody?1 pointTo keep valuable hardware securely locked to tables or floors.To avoid allegations of mishandling or tampering of evidence.To allow for accurate client billingSo a person in possession of evidence will know who they are allowed to give it to next4.Question 4True or False. Digital forensics had been used to solve a number of high-profile violent crimes.1 pointTrueFalse5.Question 5True or False. Digital forensics report is a summary of your findings. If your case goes to trial, your testimony can, and usually does, involve far more detail than is in the report.1 pointTrueFalse6.Question 6Which section of a digital forensics report would include using the best practices of taking lots of screenshots, use built-in logging options of your digital forensics tools, and exporting key data items into a .csv or .txt file?1 pointOverview & Case SummaryForensic Acquisition & Examination PreparationFindings & AnalysisConclusion7.Question 7Which types of files are appropriate subjects for forensic analysis?1 pointData filesImage and video filesApplication filesAll of the above8.Question 8Deleting a file results in what action by most operating systems?1 pointThe memory registers used by the file are marked as available for new storage but are otherwise not changed.The file is copied to a trash or recycle folder and the original memory registers are erased.Random data is immediately copied into the memory registers used by the file to obfuscate the previous contents.The memory registers used by the file are erased and marked as available for new storage.9.Question 9Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from a live system that cannot be taken offline?1 pointAn incremental backupA logical backupA disk-to-file backupA disk-to-disk backup10.Question 10How does a forensic analysis use hash sets acquired from NIST's Software Reference Library project?1 pointThey provide a record of known encrypted malware.They can quickly eliminate known good operating system and application files from consideration.Hashes will help you quickly zero in on deleted files.They are useful in identifying files that were created outside the United States.11.Question 11Which three (3) of the following data types are considered non-volatile? (Select 3)1 pointSwap filesLogsFree spaceDump files12.Question 12Configuration files are considered which data type?1 pointStaticNon-volatileDynamicVolatile13.Question 13True or False. When collecting forensic data from a running system, you should always attempt to collect non-volatile data first.1 pointTrueFalse14.Question 14Which three (3) of the following are application components? (Select 3)1 pointOSI Application Layer protocolsData filesAuthentication mechanismsApplication architecture15.Question 15Which of these applications would likely be of the least interest in a forensic analysis?1 pointChatWeb host dataEmailPatch files16.Question 16The Internet layer of the TCP/IP stack, also known as the Network layer in the OSI model, contains which two (2) protocols that are very useful to a forensic investigation? (Select 2)1 pointIPv4 / IPv6LDAPICMPUDP17.Question 17Which device would you inspect if you were looking for event data correlated across a number of different network devices?1 pointIntrusion detection systemPacket snifferRemote access serverFirewall18.Question 18Which of these sources might require a court order in order to obtain the data for forensic analysis?1 pointSystem Event Management systemsFirewallsIntrusion detection systemsISP records