FedVTE Cyber Fundamentals for Law Enforcement Investigations 50 Questions with Answers
What are passive footprints? - CORRECT ANSWER Data
... [Show More] unintentionally left behind during typical internet activities
If an investigator in New York state wants to document 2:15 PM on May 31, 2017, how would that moment in time be notated according the ISO 8601 directive? (New York is in the Eastern Time Zone which is -5 UTC, and observes daylight savings) - CORRECT ANSWER 2017-05-31T18:15:00Z
What is considered a common best practice for an analysis environment in terms of Internet connectivity? - CORRECT ANSWER Only be connected to the internet when it is absolutely necessary
Which of the following is the order of email packet encapsulation? - CORRECT ANSWER A. IP Header, Ethernet Header, TCP Header, Email MessageB. Email Message, Ethernet Header, IP Header, TCP HeaderC. Email Message, TCP Header, IP Header, Ethernet HeaderD. Ethernet Header, Email Header, TCP Header, IP Header; Not A
Which of the following best describes a domain name? - CORRECT ANSWER An identifier used for network and application addressing purposes
What website can be used to look up detailed archive data about a domain name? - CORRECT ANSWER domaintools.com
Information that a web browser reveals about a system or user during typical internet browsing activities is known as: - CORRECT ANSWER Browser leak
An investigator will get better results if s/he uses their own Facebook account to 'friend' the individual they're investigating. - CORRECT ANSWER False
When a data packet is being created and prepared for transport, whether the target computer?s IP address is on the same network or on a remote network, is not a consideration. - CORRECT ANSWER False
Which of the following is an indicator that encryption is in use on a system? - CORRECT ANSWER None of the above
Peer-to-Peer networks aren't popular because they're expensive and difficult to deploy. - CORRECT ANSWER False
What is a common tactic used by organizations to defend against domain name typo-squatting? - CORRECT ANSWER Domain Parking
Remote access software must be used between two identical device types. - CORRECT ANSWER False
Encrypted or zipped files by their very nature, contain unknown or untrusted files. - CORRECT ANSWER True
Which of the following is NOT a piece in the encryption process? - CORRECT ANSWER The passphrase
Which of the following is not necessary for peer-to-peer network communications? - CORRECT ANSWER Central Server
Domain Name Servers (DNS) translate IP addresses into Uniform Record Locators (URLs). - CORRECT ANSWER True
What type of malware executes when a specific condition is met? - CORRECT ANSWER Logic bomb
The Electronic Communications Privacy Act (ECPA) enacted in 1986 by the U.S. Congress is designed to do which of the following? - CORRECT ANSWER Expand telephone wiretap restrictions to include computer transmissions and data storage
Because of lessons learned and advancements in defense techniques, malware attacks still occur but the number of victims and monetary losses, have steadily declined over the years. - CORRECT ANSWER False
Which of the following options is the best tool for collecting memory data and making disk images? - CORRECT ANSWER Forensic Toolkit
Why would an examiner request images be returned as thumbnails? - CORRECT ANSWER Thumbnail galleries are more efficient to scroll through than filenames
Digital evidence can be either highly perishable or it can exist, essentially forever, depending on - CORRECT ANSWER Where and how it is stored
Once somebody buys a domain name from the registrar, they own it until they decide to sell it. - CORRECT ANSWER False
Wireshark, a special program, can: - CORRECT ANSWER A. Be used by computer technicians to examine a data packet capture B. Segment the packet into its different headers and data C. Be used as a packet capture and analysis tool D. All of the above
Purchasing a domain name is limited to organizations or individuals who demonstrate their ability to maintain a website. - CORRECT ANSWER False
How does the ISO 8601 Directive apply to dates and times? - CORRECT ANSWER A. Establishes a standard for documenting dates and times B. Details how time is globally synchronized C. Serves as official source for global UTC offset information D. All of the above
Which of the following is NOT an example of malware? - CORRECT ANSWER Shareware
Which one of the following is an example of an IPv4 Address? - CORRECT ANSWER 101.202.050.111
What are the two types of peering commonly used in peer-to-peer networks? - CORRECT ANSWER Anonymous and Direct
The Protect American Act was amended to remove the requirement of a warrant for surveillance of: - CORRECT ANSWER A. U.S. citizensB. U.S. citizens with dual citizenshipsC. foreign targetsD. All of the aboveE. None of the above
NOT D!
What is the best defense against malware infection? - CORRECT ANSWER Operator diligence following computing best practices
What are common signs of a virus infection? - CORRECT ANSWER A. New files or folders appear the user didn?t create B. Unusual or unrecognized file extensions C. Unexpected changes to software configuration files D. All of the above
Performing analysis on digital artifacts is best done on an investigator's personal system as they're most familiar with its setup and configuration. - CORRECT ANSWER False
Which of the following is a self-replicating program that doesn't require user intervention to spread, and exploits vulnerabilities in operating systems and applications? - CORRECT ANSWER Worm
Which of the following is a free tool for checking metadata of an image? - CORRECT ANSWER EXIFtool
Which of the following is NOT a form of digital evidence? - CORRECT ANSWER DNA
When a person changes their name on their Facebook account, their Facebook ID number changes in turn. - CORRECT ANSWER False
Sales or solicitations that are illegal to do face-to-face are also illegal to do online. - CORRECT ANSWER True
For consistency, and to elimination confusion, the UTC uses the AM/PM identifiers in 12 hour intervals. - CORRECT ANSWER False
What appears as a normal file, but provides unauthorized access or a 'back door' into a user's system? - CORRECT ANSWER Trojan
Convincing people to divulge confidential information or break good computing practices, describes: - CORRECT ANSWER Social engineering
Remote access is used to monitor or survey a remote device, but actions such as installing a program or launching an executable can only be performed by the local device. - CORRECT ANSWER False
Collecting all network data is a realistic and necessary goal during the investigation of a cyber incident. - CORRECT ANSWER False
Which of the following must an investigator have prior to going onsite of an incident with a cyber component to collect evidence? - CORRECT ANSWER A. Authority to collect digital evidence B. Equipment capable of collecting digital evidence C. Properly trained staff members D. All of the above
The process of documenting the collection, protection, custody, control, transfer and analysis of evidence is: - CORRECT ANSWER Chain of Custody
When looking at time written in UTC format, 12:00 is: - CORRECT ANSWER Noon
Which of the following should make one suspicious of illegal activity, when utilizing an online auction site? - CORRECT ANSWER Seller requesting payment via wire transfer
Which of the following on a Windows device contains important details, settings, options and other values for programs and hardware installed? - CORRECT ANSWER Registry
A hashtag is used to get messages out faster, and prioritized on trending lists. - CORRECT ANSWER False [Show Less]