IISFA II0-001 CIFI Exam Questions Instant Access

Question 1

In certain cases, a system may have CMOS or Boot passwords that prevent an investigator from accessing the hard drive. What technique would be most effective in circumventing the password protection?

AGuess the password.

BRemove the hard drive, install it as a slave drive, and boot from another system.

CBrute force attack of password.

DReplace motherboard on system with similar motherboard on which the password is known.

Answer : B

Question 2

When handling evidence, which of the following is not a common guideline?

ARemove all suspects away from the computer crime scene.

BContact your local law enforcement immediately

CDocument the crime scene.

DOne must have legal authority to seize and collect the evidence.

Answer : B

Question 3

Which of the following represents the data found at a NTFS hard drive, and lasts for 3 bytes?

AOEM ID

BJump Instruction

CBPD

DEnd of sector marker

Answer : B

Question 4

Step 1 in analyzing data during an investigation is:

ASecure the crime scene

BPerform a HASH on all evidence files/drives

CDisconnect all systems from networks and modems

DPlace all suspects into protective custody to ensure they do not alter evidence

Answer : A

Question 5

A new protocol that is designed to aid in intrusion protection and IP tracebacks is known as:

AIntruder Detection and Isolation Protocol (IDIP)

BIntrusion Detection and Traceback Protocol (IDTP)

CFacilitating Traceback Protocol (FTP)

DIntruder Detection and Internet Protocol (IDIP)

Answer : A

Question 6

Keyloggers are impossible to detect.

ATrue

BFalse

Answer : B

Question 7

An active traceback detects active network connections to a host.

ATrue

BFalse

Answer : A

IISFA Certified Information Forensics Investigator II0-001 CIFI Exam Questions