IISFA II0-001 CIFI Exam Practice Test Instant Access

Question 1

As a private investigator, you are not required by law to report crimes discovered during an investigation (with a few exceptions), but the IISFA Code of Ethics does require you to report such crimes.

ATrue

BFalse

Answer : B

Question 2

In certain circumstances, it is necessary to penetrate remote systems (un-owned) in order to retrieve logs for evidence. If properly hashed at the remote site and once retrieved, will this evidence be valid for litigation?

ATrue

BFalse

Answer : B

Question 3

A forensically safe file viewer can cross not only application but OS boundaries, and they offer the added benefit that:

AThey don't tamper with the data in any way. Opening a Word file in a viewer usually changes nothing, for instance, but opening it in Word can change the modification date and other Properties-style information.

BThey don't tamper with the data in any way however they can change the modification date and other Properties-style information.

COpening a Word file in a viewer can change the modification date and other Properties-style information. When opening the same file in Word usually changes nothing.

DThey will tamper with the data in a subtle way.

Answer : A

Question 4

What technique of layered security design will allow for both investigation and recovery after an incident?

ARI Technology

BHighly available systems

COverlap design approach

DHoneypot placement

Answer : B

Question 5

In Microsoft's security architecture, the "SID" refers to:

ASecurity Intermodular Design

BSecurity Intramodular Design

CSecurity Identifier

DSecurity Identification Design

Answer : C

Question 6

Web anonymizers:

AAre intended to allow for a Web surfer to connect to a Web server without revealing their identity (IP address).

BCan be traced from the Web surfer's proxy or ISP if the anonymizer appends the URL of the distant server to its own URL.

CAllow a Web surfer to bypass Web blocking software being used by their own Web proxy or ISP.

DAll of the above.

Answer : D

Question 7

What is the difference between a zombie host and a reflector host?

AUnlike a zombie, a reflector is a laundering host that fundamentally transforms and/or delays
the attacker's communications before they continue down the attack path. (Zombie
technique)

BUnlike a zombie, a Traceback through the stepping stone host requires determining if two
communications streams, viewed at different points in the network, have the same origin and
are essentially the same stream. (stepping stone Traceback technique)

CUnlike a zombie host, the reflector is an uncompromised host that cooperates with the attack
in an innocent manner consistent with its normal function.

DA zombie is a version of a reflector host.

Answer : C

IISFA Certified Information Forensics Investigator II0-001 CIFI Exam Practice Test