Question: Which attack takes advantage of poorly coded websites to allow commands to be executed by entering text in an online form?

Answer Choices:
– MySQL Dump
\n- SQL Injection
\n- DDOS
\n- ARP Poisoning

Answer: SQL Injection

 

Question: Which information is included in an email header?

Answer Choices:
– Number of pages
\n- Content-Type
\n- Sender’s MAC address
\n- Message-Digest

Answer: Content-Type

 

Question: A forensic investigator needs to know which file type to look for in order to find emails from a specific client. Which file extension is used by Eudora?

Answer Choices:
– .ost
\n- .pst
\n- .dbx
\n- .mbx

Answer: .mbx

 

Question: Which tool can be used to make a bit-by-bit copy of a Windows Phone 8?

Answer Choices:
– Forensic Toolkit (FTK)
\n- Wolf
\n- Pwnage
\n- Data Doctor

Answer: Forensic Toolkit (FTK)

 

Question: A forensic investigator suspects that spyware has been installed to a Mac OS X computer by way of an update. Which Mac OS X log or folder stores information about system and software updates?

Answer Choices:
– /var/vm
\n- /var/spool/cups
\n- /Library/Receipts
\n- /var/log/daily.out

Answer: /Library/Receipts

 

Question: Which term is defined by inspecting files for hidden content?

Answer Choices:
– Cryptanalysis
\n- Steganalysis
\n- Steganography
\n- Cryptography

Answer: Steganalysis

 

Question: Steven saved a message using the lease significant bit (LSB) method in a USB flash drive, and gave this USB flash drive to Mary. What is the payload in this example?

Answer Choices:
– Steven
\n- The USB flash drive
\n- The message
\n- Mary

Answer: The message

 

Question: A forensic examiner is reviewing a laptop running OS X which has been compromised. The examiner wants to know if any shell commands were executed by any of the accounts. Which log file or folder should be reviewed?

Answer Choices:
– /var/vm
\n- /Users/<user>/Library/Preferences
\n- /var/log
\n- /Users/<user>/.bash_history

Answer: /Users/<user>/.bash_history

 

Question: In a steganography class, the instructor is explaining the concept of the LSB to students. What is the LSB?

Answer Choices:
– It is the first number in an 8-bit byte
\n- It is the last number in an 8-bit byte
\n- It is the fifth bit in an 8-bit byte
\n- It is the seventh bit in an 8-bit byte

Answer: It is the last number in an 8-bit byte

 

Question: Which directory contains the system’s configuration files on a computer running Mac OS X?

Answer Choices:
– /var
\n- /etc
\n- /cfg
\n- /bin

Answer: /etc

 

Question: What is the purpose of steganography?

Answer Choices:
– To decrypt data
\n- To prove identity
\n- To alter images
\n- To hide information

Answer: To hide information

 

Question: A forensic investigator needs to identify where email messages are stored on a Microsoft Exchange server. Which file extension is used by Exchange email servers to store the mailbox database?

Answer Choices:
– .nsf
\n- .db
\n- .edb
\n- .mail

Answer: .edb

 

Question: A criminal organization has compromised a third-party web server and is using it to control a botnet. The botnet server hides command and control messages through the DNS protocol. Which steganographic component is the DNS protocol?

Answer Choices:
– Payload
\n- Carrier
\n- Channel
\n- Dead drop

Answer: Channel

 

Question: Which forensics tool can be used to bypass the passcode of an Apple iPhone running the iOS operating system?

Answer Choices:
– Ophcrack
\n- iStumbler
\n- LOphtCrack
\n- XRY

Answer: XRY

 

Question: Which Windows 7 operating system log stores events collected from remote computers?

Answer Choices:
– Application
\n- Security
\n- System
\n- ForwardedEvents

Answer: ForwardedEvents

 

Question: Where does Windows store passwords for local user accounts?

Answer Choices:
– HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
\n- Security file in Windows\System32
\n- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces
\n- SAM file in Windows\System32

Answer: SAM file in Windows\System32

 

Question: Which statement about deleting files on the iPhone is true?

Answer Choices:
– When a file is deleted, it is moved to a Trashes 501 folder and is there until it is overwritten
\n- Once a file is marked as deleted, it is immediately and permanently deleted
\n- Files are never deleted unless the DeleteAll app is used
\n- Deleted items are logged in the setupapi.log file

Answer: When a file is deleted, it is moved to a Trashes 501 folder and is there until it is overwritten

 

Question: Which operating system creates a swap file to temporarily store information from memory on the hard drive when needed?

Answer Choices:
– Mac
\n- Windows
\n- Linux
\n- Unix

Answer: Windows

 

Question: During an investigation, a forensic investigator discovers an ost file on a hard drive. Which type of email system has been utilized?

Answer Choices:
– Gmail webmail
\n- IMAP email
\n- Microsoft Outlook
\n- Oracle Communications server

Answer: Microsoft Outlook

 

Question: How is a local password stored in a Windows operating system?

Answer Choices:
– In a hash of the password
\n- In plain text
\n- In an encrypted copy
\n- In cipher text

Answer: In a hash of the password