On This Page

This set of Information Cyber Security (ICS) Multiple Choice Questions & Answers (MCQs) focuses on Information Cyber Security Set 2

Q1 | DNS can use services of________using the well known port 53
  • udp
  • tcp
  • either (a) or (b)
  • none of the above
Q2 | In the DNS the names are defined in _____ sturucture
  • a linear list
  • an invertred tree
  • a graph
  • none
Q3 | The root of DNS tree is____
  • a string of characters
  • a string of 63 characters
  • an empty string
  • none
Q4 | A full domain name is sequence of lables seperated by____
  • semicolons
  • dots
  • colons
  • none
Q5 | When discussing IDS/IPS, what is a signature?
  • an electronic signature used to authenticate the identity of a user on the network
  • patterns of activity or code corresponding to attacks
  • normal," baseline network behavior
  • none of the above
Q6 | Which is true of a signature-based IDS?
  • it cannot work with an ips
  • it only identifies on known signatures
  • it detects never-before-seen anomalies
  • it works best in large enterprises.
Q7 | A false positive can be defined as:
  • an alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior
  • an alert that indicates nefarious activity on a system that, upon further inspection, turns out to truly be nefarious activity
  • the lack of an alert for nefarious activity
  • all of the above
Q8 | The features of traditional IPSes are found in all of these modern systems, except:
  • next-generation firewalls
  • antimalware
  • unified threat management appliances
  • network behavior analysis systems
Q9 | How does machine learning benefit IDSes/IPSes?
  • by lowering the volume of attacks analyzed
  • by adding heuristic anomaly detection capabilities
  • by searching for similar patterns to known attacks
  • by helping identify signatures more quickly
Q10 | A valid definition of digital evidence is:
  • none of the below
  • data stored or transmitted using a computer
  • digital data of probative value
  • any digital evidence on a computer
Q11 | What are the three general categories of computer systems that can contain digital evidence?
  • desktop, laptop, server
  • personal computer, internet, mobile telephone
  • hardware, software, networks
  • open computer systems, communication systems, embedded systems
Q12 | In terms of digital evidence, the Internet is an example of:
  • open computer systems
  • communication systems
  • embedded computer systems
  • none of the above
Q13 | Cybertrails are advantageous because:
  • they are not connected to the physical world.
  • nobody can be harmed by crime on the internet.
  • they are easy to follow.
  • offenders who are unaware of them leave behind more clues than they otherwise would have.
Q14 | Personal computers and networks are often a valuable source of evidence. Those involved with _______ should be comfortable with this technology.
  • criminal investigation
  • prosecution
  • defense work
  • all of the above
Q15 | Computers can play the following roles in a crime:
  • target, object, and subject
  • evidence, instrumentality, contraband, or fruit of crime
  • object, evidence, and tool
  • symbol, instrumentality, and source of evidence
Q16 | The following specializations exist in digital investigations:
  • first responder (a.k.a. digital crime scene technician)
  • forensic examiner
  • digital investigator
  • all of the above
Q17 | The process of documenting the seizure of digital evidence and, in particular, when that evidence changes hands, is known as:
  • chain of custody
  • field notes
  • interim report
  • none of the above
Q18 | When assessing the reliability of digital evidence, the investigator is concerned with whether the computer that generated the evidence was functioning normally, and:
  • whether chain of custody was maintained
  • whether there are indications that the actual digital evidence was tampered with
  • whether the evidence was properly secured in transit
  • whether the evidence media was compatible with forensic machines
Q19 | The fact that with modern technology, a photocopy of a document has become acceptable in place of the original is known as:
  • best evidence rule
  • due diligence
  • quid pro quo
  • voir dire
Q20 | An investigation can be hindered by the following:
  • preconceived theories
  • improperly handled evidence
  • offender concealment behavior
  • all of the above
Q21 | Forensic analysis involves the following:
  • assessment, experimentation, fusion, correlation, and validation
  • seizure and preservation
  • recovery, harvesting, filtering, organization, and search
  • all of the above
Q22 | The first step in applying the scientific method to a digital investigation is to:
  • form a theory on what may have occurred
  • experiment or test the available evidence to confirm or refute your prediction
  • make one or more observations based on events that occurred
  • form a conclusion based on the results of your findings
Q23 | The process model whose goal is to completely describe the flow of information in a digital investigation is known as:
  • the physical model
  • the staircase model
  • the evidence flow model
  • the subphase model
Q24 | The crime scene preservation process includes all but which of the following:
  • protecting against unauthorized alterations
  • acquiring digital evidence
  • confirming system date and time
  • controlling access to the crime scene
Q25 | Investigative reconstruction is composed of three different forms. Which of the following is NOT one of those three forms?
  • functional
  • intentional
  • relational
  • temporal