II0-001 Exam Questions
228 real II0-001 exam questions with expert-verified answers and explanations. Page 2 of 5.
- Question #51
In order to access a desktop computer for a forensics investigation that has a BIOS boot password enabled, which of the following is not a technique to over-ride the password:
- Question #52
Many manufacturers of BIOS Chips have backdoor passwords in order to access the CMOS settings.
- Question #53
In certain cases, a system may have CMOS or Boot passwords that prevent an investigator from accessing the hard drive. What technique would be most effective in circumventing the p...
- Question #54
The SAM in a Microsoft XP system is:
- Question #55
In Microsoft's security architecture, the "SID" refers to:
- Question #56
As a private investigator, you are not required by law to report crimes discovered during an investigation (with a few exceptions), but the IISFA Code of Ethics does require you to...
- Question #57
"Backsplatter" is a conceptual method of identifying what type of malicious attack?
- Question #58
"Slack Space" refers to:
- Question #59
The MS Windows swap file is useful to an investigator because
- Question #60
An effective counter measure to prevent unauthorized viewing of sensitive data is to:
- Question #61
All of the following systems can be compromised by a malicious entity utilizing existing, commonly found and easily obtained, utilities except:
- Question #62
An area of discovery that may be utilized during an audit may be:
- Question #63
A subject machine may have evidence in the clipboard if
- Question #64
Step 1 in analyzing data during an investigation is:
- Question #65
All of the following are critical in the first stages of an investigation except:
- Question #66
An effective means of circumventing windows security is to:
- Question #67
Most BIOS manufacturers provide tools to disable passwords on the BIOS of their machines
- Question #68
Once a file has been removed from a Microsoft XP trashcan, the file is not recoverable
- Question #69
One method child pornographers use to hide images is to change the file extension. Once this is done it is impossible to determine if a file is an image or some other type of file.
- Question #70
The history file in Internet Explorer is a good source of evidence.
- Question #71
A bad guy discovers child pornography on a system he has illegally penetrated. He immediately reports it to law enforcement and the owner of the system is arrested and charged. The...
- Question #72
A file viewer is handy for an investigative toolkit because:
- Question #73
Steganography is:
- Question #74
It is critical for an investigator to understand counter measures and secure design fully in order to:
- Question #75
During a traceback, an investigator can perform a "footprint" that will identify much about the target host. This is an effective information gathering step, but is illegal in most...
- Question #76
Footprinting can be illegal if what condition exists?
- Question #77
Automated tools make up a large part of the forensic investigators tool kit and are very helpful in investigations. Which of the following statements is also true:
- Question #78
The required files to boot an MS-DOS system are:
- Question #79
Identify the statement below that best supports the term 'Rootkit':
- Question #80
It is critical during court testimony to have:
- Question #81
At the current time, tools commonly used by law enforcement investigators fall into one of three categories:
- Question #82
Challenges to the authenticity of computer records often take on one of three forms. Please select the statement that best describes one of the three challenges.
- Question #83
What should be in an electronic forensic tool kit?
- Question #84
A forensically safe file viewer can cross not only application but OS boundaries, and they offer the added benefit that:
- Question #85
Password protection, and especially file encryption, can cause the following problem for Forensic processes:
- Question #86
Why is it important to collect alarms that denote when external sources are targeting your network with a scan?
- Question #87
The IDS logs show scans directed at the network. What usefulness would an intruder gather in performing a scan against your network?
- Question #88
IP-based denial- of-service (DOS) and fragmented packet (TearDrop) attacks can be identified by looking at the packet headers as they travel across a network. This type of attack c...
- Question #89
It has been determined that a system on your network has been compromised. What should you do on your IDS and firewalls as soon as possible?
- Question #90
During your initial investigation of a compromised system, you will need to create a detailed time- based reconstruction of the attack and compromise. Which of these questions will...
- Question #91
In many cases, the trail of an investigation begins with an audit of:
- Question #92
An audit the is PRIMARY method of re-creating the cyber-crime.
- Question #93
Often, an audit is a ..... type of control that is useful in an investigation.
- Question #94
Why is an audit conducted by a 3rd party audit team?
- Question #95
Logs should be kept:
- Question #96
A syslog is a device/system that collects log files from various sources in an internet. Syslogs provide:
- Question #97
Log files are located:
- Question #98
Processes included in the investigative process are?
- Question #99
Mistakes an expert witness can make are which of the following:
- Question #100
Expertise in a team leader should include: