Information Cyber Security Set 2
On This Page
This set of Information Cyber Security (ICS) Multiple Choice Questions & Answers (MCQs) focuses on Information Cyber Security Set 2
Q1 | DNS can use services of________using the well known port 53
- udp
- tcp
- either (a) or (b)
- none of the above
Q2 | In the DNS the names are defined in _____ sturucture
- a linear list
- an invertred tree
- a graph
- none
Q3 | The root of DNS tree is____
- a string of characters
- a string of 63 characters
- an empty string
- none
Q4 | A full domain name is sequence of lables seperated by____
- semicolons
- dots
- colons
- none
Q5 | When discussing IDS/IPS, what is a signature?
- an electronic signature used to authenticate the identity of a user on the network
- patterns of activity or code corresponding to attacks
- normal," baseline network behavior
- none of the above
Q6 | Which is true of a signature-based IDS?
- it cannot work with an ips
- it only identifies on known signatures
- it detects never-before-seen anomalies
- it works best in large enterprises.
Q7 | A false positive can be defined as:
- an alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior
- an alert that indicates nefarious activity on a system that, upon further inspection, turns out to truly be nefarious activity
- the lack of an alert for nefarious activity
- all of the above
Q8 | The features of traditional IPSes are found in all of these modern systems, except:
- next-generation firewalls
- antimalware
- unified threat management appliances
- network behavior analysis systems
Q9 | How does machine learning benefit IDSes/IPSes?
- by lowering the volume of attacks analyzed
- by adding heuristic anomaly detection capabilities
- by searching for similar patterns to known attacks
- by helping identify signatures more quickly
Q10 | A valid definition of digital evidence is:
- none of the below
- data stored or transmitted using a computer
- digital data of probative value
- any digital evidence on a computer
Q11 | What are the three general categories of computer systems that can contain digital evidence?
- desktop, laptop, server
- personal computer, internet, mobile telephone
- hardware, software, networks
- open computer systems, communication systems, embedded systems
Q12 | In terms of digital evidence, the Internet is an example of:
- open computer systems
- communication systems
- embedded computer systems
- none of the above
Q13 | Cybertrails are advantageous because:
- they are not connected to the physical world.
- nobody can be harmed by crime on the internet.
- they are easy to follow.
- offenders who are unaware of them leave behind more clues than they otherwise would have.
Q14 | Personal computers and networks are often a valuable source of evidence. Those involved with _______ should be comfortable with this technology.
- criminal investigation
- prosecution
- defense work
- all of the above
Q15 | Computers can play the following roles in a crime:
- target, object, and subject
- evidence, instrumentality, contraband, or fruit of crime
- object, evidence, and tool
- symbol, instrumentality, and source of evidence
Q16 | The following specializations exist in digital investigations:
- first responder (a.k.a. digital crime scene technician)
- forensic examiner
- digital investigator
- all of the above
Q17 | The process of documenting the seizure of digital evidence and, in particular, when that evidence changes hands, is known as:
- chain of custody
- field notes
- interim report
- none of the above
Q18 | When assessing the reliability of digital evidence, the investigator is concerned with whether the computer that generated the evidence was functioning normally, and:
- whether chain of custody was maintained
- whether there are indications that the actual digital evidence was tampered with
- whether the evidence was properly secured in transit
- whether the evidence media was compatible with forensic machines
Q19 | The fact that with modern technology, a photocopy of a document has become acceptable in place of the original is known as:
- best evidence rule
- due diligence
- quid pro quo
- voir dire
Q20 | An investigation can be hindered by the following:
- preconceived theories
- improperly handled evidence
- offender concealment behavior
- all of the above
Q21 | Forensic analysis involves the following:
- assessment, experimentation, fusion, correlation, and validation
- seizure and preservation
- recovery, harvesting, filtering, organization, and search
- all of the above
Q22 | The first step in applying the scientific method to a digital investigation is to:
- form a theory on what may have occurred
- experiment or test the available evidence to confirm or refute your prediction
- make one or more observations based on events that occurred
- form a conclusion based on the results of your findings
Q23 | The process model whose goal is to completely describe the flow of information in a digital investigation is known as:
- the physical model
- the staircase model
- the evidence flow model
- the subphase model
Q24 | The crime scene preservation process includes all but which of the following:
- protecting against unauthorized alterations
- acquiring digital evidence
- confirming system date and time
- controlling access to the crime scene
Q25 | Investigative reconstruction is composed of three different forms. Which of the following is NOT one of those three forms?
- functional
- intentional
- relational
- temporal