Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CHFI 2nd Exam Questions and Answers: Cybersecurity and Digital Forensics, Exams of Nursing

A collection of multiple-choice questions and answers related to the chfi (computer hacking forensic investigator) 2nd exam. It covers various topics in cybersecurity and digital forensics, including child exploitation, evidence admissibility, network protocols, and forensic tools. The questions are designed to test knowledge and understanding of key concepts and practices in the field.

Typology: Exams

2024/2025

Available from 12/31/2024

kelvin-smith-3
kelvin-smith-3 🇺🇸

780 documents

Partial preview of the text

Download CHFI 2nd Exam Questions and Answers: Cybersecurity and Digital Forensics and more Exams Nursing in PDF only on Docsity!

CHFI 2ST EXAM Questions with Correct

Answers Latest Updates 2024 TOP

RATED+

Choose one answer naming what the FBI developed as part of its Cybercrimes Program for the purpose of identifying, investigating and prosecuting those who use computers for child sexual exploitation and child pornography.

  • Innocent Images National Initiative (IINI)
  • Internet Crimes Against Children (ICAC)
  • Project Safe Childhood
  • Anti-Child Porn.org (ACPO) - CORRECT ANSWER-Innocent Images National Initiative (IINI) was developed by the FBI as part of its Cybercrimes Program for the purpose of identifying, investigating and prosecuting those who use computers for child sexual exploitation and child pornography. Which two were created by the Department of Justice to safeguard children?
  • Innocent Images National Initiative (IINI)
  • Internet Crimes Against Children (ICAC)
  • Project Safe Childhood (PSC)
  • Anti-Child Porn.org (ACPO) - CORRECT ANSWER-The Department of Justice created ICAC and PSC.

Internet Crimes Against Children (ICAC) is a network of regional task forces to provide federal assistance to state and local law enforcement so they could better investigate computer and internet-based crimes that sexually exploit children. Project Safe Childhood (PSC) is an initiative developed to provide a coordinated effort in combating child porn. It strives to help local communities create programs to investigate child exploitation and identify and rescue victims. Choose the volunteer organization focused on issues related to child exploitation, online predators and child pornography.

  • Innocent Images National Initiative (IINI)
  • Internet Crimes Against Children (ICAC)
  • Project Safe Childhood (PSC)
  • Anti-Child Porn.org (ACPO) - CORRECT ANSWER-Anti-Child porn.org is a volunteer organization focused on issues related to child porn. What are the FRE Article VII rules of evidence?
  • Rule 701 - Opinion Testimony by Lay Witness
  • Rule 702 - Testimony by Experts
  • Rule 703 - Basis of Opinion Testimony by Experts
  • Rule 704 - opinon on Ultimate Issue
  • Rule 705 - Disclosure of Facts or Data Underlying Expert Opinion
  • Rule 706 - Court Appointed Experts
  • Rule 707 - Self Appointed Experts - CORRECT ANSWER-Federal Rules of Evidence Article VII rules of evidence includes: Rule 701 - Opinion Testimony by Lay Witness Rule 702 - Testimony by Experts Rule 703 - Basis of Opinion Testimony by Experts Rule 704 - Opinon on Ultimate Issue Rule 705 - Disclosure of Facts or Data Underlying Expert Opinion Rule 706 - Court Appointed Experts Choose USA sexual harassment laws:
  • Equal Protection Clause of the 14th Amendment
  • Civil Rights Act of 2011
  • Civil Rights Act of 1991
  • 1964 Civil Rights Act, Title VII - CORRECT ANSWER-Equal Protection Clause of the 14th Amendment Civil Rights Act of 1991

1964 Civil Rights Act, Title VII Dr. Nelson is a technical expert with a PhD in computer science along with several important computer certifications. she has spoken about computer science in many venues around the world and written a book on the subject. Suppose Dr. Nelson has been asked to be a witness, what type of witness is Dr. Nelson?

  • Lay
  • Evidentiary
  • Expert - CORRECT ANSWER-Evidentiary witness is limited to presenting facts of the case Expert witness can testify as an evidentiary witness and also make opinons based on scientific, technical or other expert knowledge The Rules of Evidence provide a framework of what a witness can and cannot discuss There are many types of expert witnesses. Which are commonly used in trials?
  • Civil Litigation, Criminal Litigation, Computer forensics, Medical, - Pyschological, Construction, Architecture
  • Civil and criminal litigation
  • Tourist - CORRECT ANSWER-Civil Litigation, Criminal Litigation, Computer forensics, Medical, Pyschological, Construction, and Architecture experts are common expert witnesses Psychological experts provide specialized assistance in which areas?
  • Dentistry
  • Prescription medication or illegal drugs
  • Mental illness, psychotropic drugs, standards of care, emotional distress - CORRECT ANSWER-Medical experts provide expertise in dentistry, drugs, prescription medications and malpractise. Psychological experts provide expertise in diagnosis and treatment of mental illness, medications and psychotropic drugs, standards of care, emotional distress and effects of crime or event What are the file types for Linux?
  • 1,4,6,
  • d, - , c, b, s, p, l
  • r,w,x,s - CORRECT ANSWER-File types for Linux are: d - directory
    • regular file c - character b - block s - Unix domain socket p - named pipe l - symbolic link What are the FRE Article VII rules of evidence?
  • Rule 701 - Opinion Testimony by Lay Witness
  • Rule 702 - Testimony by Experts
  • Rule 703 - Basis of Opinion Testimony by Experts
  • Rule 704 - opinon on Ultimate Issue
  • Rule 705 - Disclosure of Facts or Data Underlying Expert Opinion
  • Rule 706 - Court Appointed Experts
  • Rule 707 - Self Appointed Experts - CORRECT ANSWER-Federal Rules of Evidence Article VII rules of evidence includes: Rule 701 - Opinion Testimony by Lay Witness Rule 702 - Testimony by Experts Rule 703 - Basis of Opinion Testimony by Experts Rule 704 - opinon on Ultimate Issue Rule 705 - Disclosure of Facts or Data Underlying Expert Opinion Rule 706 - Court Appointed Experts Rule 702 includes which of the following?
  • Testimony based on sufficient facts
  • Testimony based on facts
  • Testimony is the product of reliable principles and methods
  • Testimony is the product of any known principles and methods
  • Witness has applied reliable principles and methods reliably to the facts of the case
  • Witness has applied reliable principles and methods to the facts of the case - CORRECT ANSWER-Rule 702 includes: Testimony based on sufficient facts Testimony is the product of reliable principles and methods Witness has applied reliable principles and methods reliably to the facts of the case Rule 703 includes which of the following?
  • Facts are disclosed to expert
  • Facts disclosed to the expert must also be disclosed to the jury
  • Court decides whether probative value in assisting jury to evaluate expert opinion outweighs prejudicial nature of facts used by said expert - CORRECT ANSWER-Rule 703 allows the Court to determine whether facts disclosed to the expert are revealed to the jury based on whether the

probative nature of said facts in assisting the jury to evaluate the expert opinion outweighs the prejudicial effect. What are the requirements for evidence to be admissible in court?

  • Competent
  • Relevant
  • Maternal
  • Material - CORRECT ANSWER-Competent, Relevant & Material Federal Rules of Evidence Rule 402 states that all relevant evidence is admissible. Evidence must be competent and material. Rule 401 defines relevant as any evidence having a tendency to make the existence of any fact that is of consequence to the determination of the action more or less probable than it would be without the evidence. The Frye standard says that the scientific technique must be generally accepted in the field before the results of said technique can be admitted. Choose tools used to combat child porn:
  • Anti-Child Porn.org
  • Reveal
  • iProtectYou
  • Child Exploitation Tracking System - CORRECT ANSWER-Reveal is not a forensic tool. It was developed by Protect Your Family to identify objectionable material on hard disks so parents and other concerned parties can scan a computer using keywords to determine whether any files are illegal or offensive. iProtectYou is a parental control and filtering software intended to control what users on a computer are allowed to access on the internet Child Exploitation Tracking System (CETS) is a tool for law enforcement to organize, analyze, share and search information related to child exploitation cases. What does POST stand for?
  • Power On Self Test
  • Power Off Self Test
  • Power Only Startup Test - CORRECT ANSWER-POST - Power On Self Test What is the port for SMTP?
  • 25
  • 389
  • 443 - CORRECT ANSWER-FTP - Ports 20 and 21 SSH - Port 22 SMTP - Port 25 SFTP - Port 115 (Simple File Transfer Protocol) LDAP - Port 389 SSL - Port 443 SMB - Port 445 (137 - NetBIOS Name Service, 139 - NetBIOS Datagram Service)

Where is the startup-configuration file for a Cisco router?

  • ROM
  • RAM
  • NVRAM - CORRECT ANSWER-Startup-configuration file is in NVRAM Where is the running-configuration file for a Cisco router?
  • ROM
  • RAM
  • NVRAM - CORRECT ANSWER-Running-configuration file is in RAM What is a DoS?
  • Device operating system
  • Means of making a system unavailable to users
  • Operating system for PC prior to Windows - CORRECT ANSWER-DoS stands for Denial of Service, a means for making a computer unavailable to users. Which range of HTTP Status Codes reveals client error status?
  • 100 - 101
  • 200 - 206
  • 300 - 307
  • 500 - 505 - CORRECT ANSWER-**HTTP Status Codes 400- 416 - Client Error Status Codes ** HTTP Status Codes 100- 101 - Informational Status Codes HTTP Status Codes 200- 206 - Successful Status Codes HTTP Status Codes 300- 307 - Redirection Status Codes HTTP Status Codes 500- 505 - Server Error Status Codes Which range of HTTP Status Codes reveals server error status?
  • 100 - 101
  • 200 - 206
  • 300 - 307
  • 400 - 416
  • 500 - 505 - CORRECT ANSWER-**HTTP Status Codes 500- 505 - Server Error Status Codes ** HTTP Status Codes 100- 101 - Informational Status Codes HTTP Status Codes 200- 206 - Successful Status Codes HTTP Status Codes 300- 307 - Redirection Status Codes

HTTP Status Codes 400- 416 - Client Error Status Codes Which statements are true regarding EFS?

  • EFS can encrypt files stored on Windows 2000, Windows XP Pro, and Windows Server 2003
  • EFT protects data in transit
  • EFS uses symmetric and asymmetric cryptography - CORRECT ANSWER-YES! EFS encyrpts files stored on Windows 2000, XP Pro and Server 2003. It is NOT designed to protect data in transit from one system to another. EFS uses symmetric and asymmetric cryptography. EFS encyryption occurs at the file system level not the application level. It is transparent to the user and to the application. If a folder marked for encryption, then every file created in or moved to said folder will be encrypted. There is no back door. File encryption uses a symmetric key. This symmetric key is then encrypted with an asymmetric public key. EFS keys are protected by the user's password EFS-encrypted files do not remain encrypted during transport if saved to or opened from a folder on a remote server. The file is decrypted, traverses the network in plaintext and if saved to a folder with encryption, re-encrypted. Which statements are true regarding EnCase?
  • Evidence can be viewed in table, gallery, timeline or report formats
  • Cases group information
  • Evidence data can be view as text, hex or picture - CORRECT ANSWER-All the above: EnCase organizes evidence into cases. Evidence can be viewed in various formats. From which devices can EnCase acquire data?
  • Evidence file (E01), raw image or dd image
  • Local Device
  • Smartphones - CORRECT ANSWER-Local Device, Smartphones: Technically, EnCase would not acquire data from a raw image file or evidence file but these can be viewed in EnCase EnCase is divided into three panes. What are the names of these panes?
  • Tree
  • Table
  • View
  • Data - CORRECT ANSWER-Tree - Case information Table, Timeline, Gallery View - text, hex, picture, fields... Which are true about MD5?
  • Produces 128-bit hash value (SHA-1 produces 160-bit has value)
  • Used to check data integrity
  • Typically expressed as a 32-digit hexadecimal number
  • suitable for SSL certificates and digital signatures - CORRECT ANSWER-MD5 produces 128-bit hash value (SHA-1 produces 160-bit has value). MD5 is used to check data integrity. MD5 is typically expressed as a 32-digit hexadecimal number Which are true about FAT16?
  • FAT16 - filenames limited to 8 characters with 3 character extension
  • 64 KB allocation units
  • Less efficient on partitions larger than 32 MB
  • Suitable for large file servers - CORRECT ANSWER-FAT16 is a 16-bit file system. Filenames are 8 characters long with a 3 character file extension. Uses a 64 KB allocation units that becomes less efficient on partitions larger than 32 MB. Not suitable for file servers. Which are true about NTFS?
  • When formatted, the Master File Table (MFT) is created
  • Has enhanced security and file encryption
  • Suitable for file servers
  • Designed for floppy disks - CORRECT ANSWER-NTFS provides enhanced security, file-by-file compression, quotas and encryption. Designed for large hard disks. When a volume is formatted, the Master File Table (MFT) is created. MFT is the first file on the NTFS volume and contains information about all the files and folders on the volume. Which are true about FAT12?
  • When formatted, the Master File Table (MFT) is created
  • Has enhanced security and file encryption
  • Suitable for file servers
  • Designed for floppy disks - CORRECT ANSWER-FAT12 was designed for floppy diskettes Which are true about FAT32?
  • When formatted, the Master File Table (MFT) is created
  • Smaller clusters for more efficient storage capacity
  • 32 - bit version of File Allocation Table
  • Designed for floppy diskettes - CORRECT ANSWER-FAT32 is the 32-bit version of the FAT file system that uses smaller clusters which results in more efficient storage capacity. It supports drives up to 2 TB. It can relocate the root directory and use the backup copy rather than the default copy. It can dynamically resize a partition. What is slack space?
  • Space left over between the last byte of a file and the first byte of the next cluster
  • White space used to hide information via steganography
  • White space in a digital photograph - CORRECT ANSWER-Slack space is the space left over between the last byte of a file and the first byte of the next cluster What is CMOS?
  • Computer Maintenance On System
  • Computer Metadata On Start
  • Complementary Metal-Oxide Semiconductor - CORRECT ANSWER-Complementary Metal-Oxide Semiconductor (CMOS) is a chip powered by a CMOS battery inside computers that stores information such as the system time and date and system hardware settings. Which file system runs on Sun Solaris?
  • ZFS
  • HFS+
  • FAT
  • NTFS
  • HFS
  • UFS
  • ext - CORRECT ANSWER-ZFS - Sun Solaris Which file system runs on Mac?
  • ZFS
  • HFS+
  • FAT

- NTFS

- HFS

- UFS

  • ext - CORRECT ANSWER-HFS - Mac OS Which file system runs on Linux?
  • ZFS
  • HFS+
  • FAT
  • NTFS
  • HFS
  • UFS
  • ext - CORRECT ANSWER-ext1, ext2, ext3 - Linux Which file system runs on Unix?
  • ZFS
  • HFS+
  • FAT

- NTFS

- HFS

- UFS

  • ext - CORRECT ANSWER-UFS - Unix Which dd command is used to make a complete physical backup of a hard disk?
  • dd if=/dev/hda of=/dev/case5img
  • dd if=/dev/sda2 of=/dev/sdb2 bs=4096 conv=notrunc,noerror
  • dd if=/dev/hdc of=/home/sam/mycd.iso bs=2048 conv=notrunc - CORRECT ANSWER-dd if=/dev/hda of=/dev/case5img make a complete backup of a hard disk Which dd command is used to copy one hard disk partition to another hard disk?
  • dd if=/dev/hda of=/dev/case5img
  • dd if=/dev/sda2 of=/dev/sdb2 bs=4096 conv=notrunc,noerror
  • dd if=/dev/hdc of=/home/sam/mycd.iso bs=2048 conv=notrunc - CORRECT ANSWER-dd if=/dev/sda of=/dev/sdb2 bs=4096 conv=notrunc,noerror Copy one hard disk partition to another hard disk

What directory is used to store commands needed for system operability?

  • /bin
  • /dev
  • /etc - CORRECT ANSWER-** /bin - commands needed for minimal system operability ** /dev - devices for terminals, disks... /etc - critical startup and configuration files /lib - libraries /sbin - commands for booting, repairing aor recovering the system Which dd command is used to make an image of a CD?
  • dd if=/dev/hda of=/dev/case5img
  • dd if=/dev/sda2 of=/dev/sdb2 bs=4096 conv=notrunc,noerror
  • dd if=/dev/hdc of=/home/sam/mycd.iso bs=2048 conv=notrunc - CORRECT ANSWER-dd if=/dev/hdc of=/home/sam/mycd.iso bs=2048 conv=notrunc Make an image of a CD Which dd command is used to copy a floppy?
  • dd if=/dev/fd0 of=/home/sam/floppy.image conv=notrunc
  • dd if=/home/sam/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror
  • dd if=/dev/mem of=/home/sam/mem.bin bs=1024 - CORRECT ANSWER-dd if=/dev/fd of=/home/sam/floppy.image conv=notrunc Make a copy of a floppy disk Which dd command is used to copy RAM memory to a file?
  • dd if=/dev/fd0 of=/home/sam/floppy.image conv=notrunc
  • dd if=/home/sam/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror
  • dd if=/dev/mem of=/home/sam/mem.bin bs=1024 - CORRECT ANSWER-dd if=/dev/mem of=/home/sam/mem.bin bs= Used to copy RAM memory to a file Which dd command is used to restore a disk partiiton from an image file?
  • dd if=/dev/fd0 of=/home/sam/floppy.image conv=notrunc
  • dd if=/home/sam/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror
  • dd if=/dev/mem of=/home/sam/mem.bin bs=1024 - CORRECT ANSWER-dd if=/home/sam/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror Used to restore a disk partition from an image file From largest to smallest what is the platter organization?
  • Platter, track, sector
  • Sector, track, Platter
  • Platter, track, cluster - CORRECT ANSWER-Platter, Track, Sector: Each platter has two read-write heads - one on top and one on bottom. Platters are divided into tracks. Tracks are concentric circles that are divided into sectors. Each sector holds 512 bytes. Clusters are groups of sectors, eg. 128-sector cluster would have about 65536 bytes. Clusters are the smallest logical storage units on a hard disk. Identify all required for setting up a forensics lab:
  • Office space
  • Storage for evidentiary materials
  • Interview facility
  • Operational laboratory
  • All of the Above - CORRECT ANSWER-All of the Above: The forensics laboratory must have office space, storage for evidentiary materials, interview facility, and operational laboratory Is a vault needed in a forensic lab?
  • Yes
  • No - CORRECT ANSWER-Yes, a vault protects against flood, fire, theft... /var is used for system-specific data and configuration files.
  • Yes
  • No - CORRECT ANSWER-YES: /var is used for system-specific data and configuration files

Choose the true statements about SIMPLE:

  • Developed by Australian university students using Linux Live CD
  • Customized kernal and OS so it is impossible to write to the hard disk
  • Will only launch on Windows - CORRECT ANSWER-Developed by Aussies, live CD. Customized Kernal: SIMPLE launches from a CD What does Visual TimeAnalyzer do?
  • Automatically tracks computer usage
  • Manually tracks computer usage
  • Presents detailed reports - CORRECT ANSWER-VisualAnalyzer automatically tracks all computer usage and presents detailed illustrated reports Which are true about X-Ways Forensics?
  • Viewing and dumping RAM and virtual memory
  • Disk cloning and imaging
  • Advanced work environment - CORRECT ANSWER-X-Ways Forensics is a work environment including: Disk cloning and imaging Examining complete directory structure and disk space including slack space Viewing and dumping memory including virtual memory

Support for FAT, NTFS, ext2/3 Which are true about Evidor?

  • Search text on hard disks and retrieves the context of keyword occurrences on computer media
  • Examines entire allocated space including swap space, hibernate files and unallocated space on hard drives
  • Local and remote hard disks - CORRECT ANSWER-1 & 2: Evidor cannot access remote networked hard disks What are some standard /usr sub-directories?
  • bin
  • local
  • dev - CORRECT ANSWER-/bin & /local: Typical /user sub-directories include: bin - support files for programs local - software (stuff you install) sbin - more commands for system adminstration and repair share - items common to multiple systems src - source code for nonlocal software

Which are true about EasyRecovery?

  • Repairs and restores corrupt or inaccessible Microsoft Office and Zip files
  • Includes EmailRepair
  • Disk imaging - CORRECT ANSWER-1 & 2: EasyRecovery does not do disk imaging Which of these statements are true regarding 18 U.S.C. 2318?
  • Trafficking in counterfeit computer programs
  • Trafficking in counterfeit motion pictures
  • Trafficking in child porn - CORRECT ANSWER-1 & 2: 18 U.S.C. 2318 involves trafficking in counterfeit phone records, computer programs, motion pictures, audio visual works or computer program documentation Which of these statements are true regarding 18 U.S.C. 2319?
  • Unauthorized distribution of computer programs
  • Unauthorized distribution of video games
  • Unauthorized distribution of sound recordings and music videos of live musical performances - CORRECT ANSWER-18 U.S.C. 2319 involves trafficking in unauthorized sound recordings and music video of live musical performances Decipher the results of ls - l. (Choose all that apply) drwxr-xr-x 27 root root 4096 Apr 15 2012 /usr/include
  • This is a directory
  • Owner can read, write and execute files
  • This is a regular file - CORRECT ANSWER-The file type is "d" meaning directory. The first group of rwx means the owner can read, write and execute files Which of these statements are true regarding 18 U.S.C. 2320?
  • Unauthorized distribution of computer programs
  • Trafficking in counterfeit goods
  • Trafficking in counterfeit services - CORRECT ANSWER-18 U.S.C. 2320 involves trafficking in counterfeit goods or services Which law is applicable to theft of trade secrets? (Choose one)
  • 18 U.S.C 1832
  • 18 U.S.C 1833
  • 18 U.S.C 1834 - CORRECT ANSWER-18 U.S.C. 1832 applies to theft of trade secrets 18 U.S.C. 1833 - exceptions to prohibitions 18 U.S.C. 1834 - criminal forfeiture Which law is applicable to fraudulent copyright notice? (Choose one)