II0-001 Exam Questions

In order to prevent footprinting of an environment, one method that is effective is:

Because of overlapping security domains, it is impossible to have two perimeter security devices (firewalls) in successive layers.

The "Stealth Rule" in a perimeter security device prevents it from being footprinted.

If a file is properly encrypted, it can not be read except by the file owner.

When electronic evidence has been encrypted, the best method of discovery is:

What method can be used to detect the use of rogue servers providing services such as illegal software distribution, music files, pornography in an environment?

How many port/services are available using the TCP/IP suite?

A rule that allows any traffic from the trusted network through to untrusted networks is a security risk because:

For many ISPs, placing a network protocol sniffer in their infrastructure allows them to be very effective in support law enforcement during an investigation.

A syslog server and a protocol sniffer perform the same basic function.

When investigating a malicious attack sourced from the Internet, the investigator would look for forensic evidence in:

During a brute force attack, an active trace may be initiated using what tool?

Many malicious attacks are sourced to ISP dial up accounts, what makes this type of attack source a challenge for an investigator?

A "listening post" usually refers to:

During an incident, an incident response team springs into action. What is one of the first steps the team will take?

As a private investigator, you are not required to report most crimes discovered during your investigation unless the crime is in the planning stages, is child exploitation, or iss...

The common practices of legal requirements of record retention is dependant upon the type of information.

When a hard drive is formatted. (other than partition table, boot record, root directory and other system areas) what character would be found over the entire disk

What is the currently accepted hashing algorithm used for digital signature standard (DSS) based on NIST documentation

The following log is an example of :

Some disk imaging techniques miss "hidden" or divergent operating system partitions. A method of ensuring that no partitions are missed during imaging is by:

An inode table is to Linux as:

When auditing log files for system discrepancies, why is NTP important?

What is the correct command in a Linux 6.0 or later system to check the hash of a hard drive attached to the system?

Which of the following is included in the ISFA code of Ethics?

There are a total of 7 ethics statements in the ISFA code of Ethics

Under the ISFA Code of Ethics, a CIFI may not disclose information gathered during an investigation except under duress.

According to the ISFA Code of Ethics, an ISFA member must conduct themselves with professionalism, honor, and honesty.

As a private CIFI investigator, you are not required to conduct your investigations according to the law as you are not an agent of the state.

Regardless of whether an incident is malicious or accidental, the impact is the same.

In certain circumstances, it is necessary to penetrate remote systems (un-owned) in order to retrieve logs for evidence. If properly hashed at the remote site and once retrieved, w...

Stone stepping or server hopping is the technique of hackers to mask their source identity.

SMTP headers in an email will contain the original host address even if that address is a reserved address space and therefore can reveal internal information of a network layout.

What term refers to the technique of utilizing inferential evidence and social engineering in order to identify a subject of an investigation when search warrant or subpoena is una...

An investigator's notes can be subpoena by opposing counsel if not protected by attorney privilege.

Auditing need only be completed prior to an incident. The forensics investigation following will provide more than adequate auditing information.

The following is an example of: Version: PGP 8.0 mQGiBD1ik/MRBAD10IH/NQZ1Qsh6ixloDYVoWZJd2raAWjmnT5PCj6VbDO2PIdpZ bStv5wRYiZTItiYhO2o0EHfhFnJTWPY01joUXT8PRRa5fYL9A1BSkJOwN8hupRiO t...

The Incident Response Team Leader (or IRT Leader) has more authority during an incident than:

If a private investigator determines a crime has been committed and contacts law enforcement to investigate, the investigation still is under the jurisdiction of the private invest...

The following graphic is an example of what tool?

The following tool output example can be used in a dynamic investigation. What will it demonstrate? Active Connections Proto Local Address Foreign Address StateTCP local:epmap 90.2...

Which of the following are not principles in the ISFA code of ethics?

A honeypot may be configured to allow a continuation of a malicious attack while preserving the target of the attack.

The Foreign Intelligence Surveillance Act (FISA) of 1978 was primarily dealing with:

The Counterfeit Access Device and Computer Fraud and Abuse Act of 1986 was designed to do the following except:

The Wiretap and Stored Communications Access Act adds an additional component to previous laws by:

The Computer Fraud and Abuse Act applies to:

The USA Patriot Act of 2001 has a significant impact to the investigation of computer related crime with stiffer penalties and greater latitude in investigation by law enforcement....

The following methods are used to ensure an employer is not violating Title III provisions for employee privacy except:

The following are laws that have impact on electronic media and/or investigations: