Type
Quiz
Book Title
Computer Security Fundamentals (Pearson IT Cybersecurity Curriculum (ITCC)) 3rd Edition
ISBN 13
978-0789757463

978-0789757463 Chapter 14

February 27, 2021
1. Frequently the first responder to a computer crime is the network administrator.
2. netstat is a command you can use with a forensic copy of a machine to compare two
3. The Windows Registry contains a list of USB devices that have been connected to the
machine.
4. In Linux the command to set up a target forensics server to receive a copy of a drive is
5. The chain of custody accounts for the handling of evidence and documents that
handling.
6. Most Windows logs are turned on automatically.
7. Windows stores web browsing information in a file called index.dat.
8. Windows logging can be turned on and off with a tool called auditpol.exe.
9. The Windows command fc lists all active sessions to the computer.
10. The Windows Registry lists USB devices that have been connected to the machine.
Multiple Choice
1. Frequently the first responder to a computer crime is ________.
a. The network administrator
b. A law enforcement officer
c. The news media
d. None of the above
2. If you fail to handle evidence properly ___________.
a. You may damage the hard drive.
b. It may be unusable in court.
c. Law enforcement may not look at it.
d. None of the above.
3. You may use Linux to make a ______________ of the hard drive.
a. Bootable copy
b. Screen shot
c. New version
d. Forensically valid copy
4. Using Linux to wipe the target drive, the command-line command would be ___ .
a. cc
b. dd
c. nd
d. md5sum
5. Using Linux to backup your hard drive, if you want to create a hash, you would use
the command-line command ___________.
a. cc
b. dd
c. nd
d. md5sum
6. Documentation of every person who had access to evidence, how they interacted with
it, and where it was stored is called the ________________.
a. Forensic trail
b. Chain of custody
c. Audit trail
d. None of the above
7. Usually, the first thing you do to a computer to prevent further tampering is to
_________.
a. Make a backup.
b. Make a copy.
c. Take it offline.
d. Lock it in a secure room.
8. _________ can include logs, portable storage, emails, tablets, and cell phones.
a.Computer evidence
b.Ancillary hardware
c. Network devices
d. None of the above
9. Windows stores information on web address, search queries, and recently opened files
in a file called___________.
a. internet.txt
b. index.dat
c. default.dat
d. explore.exe
10. In Windows, the log that stores events from a single application or component rather
than events that might have system wide impact is the ____________ log.
a. Application
b. System
c. Forwardedevents
d. Applications and services
11. In Windows the log that contains events collected from remote computers is the
____________ log.
a. Application
b. System
c. Forwardedevents
d. Applications and services
12. The Linux log file that contains activity related to the web server is ______.
a. /var/log/kern.log
b. /var/log/apache2/*
c. /var/log/lighttpd/*
d. /var/log/apport.log
13. The Linux log file that can reveal attempts to compromise the system or the presence
of a virus or spyware is ______________.
a. /var/log/kern.log
b. /var/log/apache2/*
c. /var/log/lighttpd/*
d. /var/log/apport.log
14. _______ is a free tool that can be used to recover Windows files.
a. SearchIt
b. Disk Digger
c. FileRecover
d. None of the above
15. The Windows command to list any shared files that are currently open is
___________.
a. openfiles
b. fc
c. netstat
d. None of the above
Matching
a. Windows Registry
b. Linux
c. Chain of custody
d. Computer evidence
e. Security log
f. Auditpol.exe
g. Disk Digger
h. Netstat
i. Windows Registry
j. Openfiles
1. frequently the first responder to a computer crime is ________. a. the network administrator b. a law enforcement officer c. the news media d. none of the above answer a. it is important that you handle the evidence properly. 2. if you fail to handle evidence properly ___________. a. you may damage the hard drive. b. it may be unusable in court. c. law enforcement may not look at it. d. none of the above. answer b. 3. you may use linux to make a ______________ of the hard drive. a. bootable copy b. screen shot c. new version d. forensically valid copy answer d. two linux versions are knoppix and backtrack. 4. using linux to wipe the target drive, the command-line command would be ___ . a. cc b. dd c. nd d. md5sum answer b. 5. using linux to backup your hard drive, if you want to create a hash, you would use the command-line command ___________. a. cc b. dd c. nd d. md5sum answer d. 6. documentation of every person who had access to evidence, how they interacted with it, and where it was stored is called the ________________. a. forensic trail b. chain of custody c. audit trail d. none of the above answer b. 7. usually, the first thing you do to a computer to prevent further tampering is to _________. a. make a backup. b. make a copy. c. take it offline. d. lock it in a secure room. answer c. 8. _________ can include logs, portable storage, emails, tablets, and cell phones. a.computer evidence b.ancillary hardware c. network devices d. none of the above answer a. 9. windows stores information on web address, search queries, and recently opened files in a file called___________. a. internet.txt b. index.dat c. default.dat d. explore.exe answer b. there are tools you can download from the internet that will allow you to retrieve and review the index.dat file. 10. in windows, the log that stores events from a single application or component rather than events that might have system wide impact is the ____________ log. a. application b. system c. forwardedevents d. applications and services answer d. 11. in windows the log that contains events collected from remote computers is the ____________ log. a. application b. system c. forwardedevents d. applications and services answer c. this log will have data in it only if event forwarding has been configured. 12. the linux log file that contains activity related to the web server is ______. a. /var/log/kern.log b. /var/log/apache2/ c. /var/log/lighttpd/ d. /var/log/apport.log answer b. 13. the linux log file that can reveal attempts to compromise the system or the presence of a virus or spyware is ______________. a. /var/log/kern.log b. /var/log/apache2/ c. /var/log/lighttpd/ d. /var/log/apport.log answer d. this log records application crashes. 14. _______ is a free tool that can be used to recover windows files. a. searchit b. disk digger c. filerecover d. none of the above answer a. 15. the windows command to list any shared files that are currently open is ___________. a. openfiles b. fc c. netstat d. none of the above answer a. matching a. windows registry b. linux c. chain of custody d. computer evidence e. security log f. auditpol.exe g. disk digger h. netstat i. windows registry j. openfiles a. lists all usb devices that have been connected to the machine b. can be used to make a forensic copy of a drive c. accounts for evidence d. logs, portable storage device, emails, storage data, and cell phones e. windows log that contains both successful and unsuccessful login events f. tool that turns on and off windows logging g. tool that can be used to recover windows files h. command in windows that lists all current network connections i. contains list of all usb devices that have been connected to the machine j. windows command that lists any shared files that are currently open