IISFA II0-001 CIFI Exam Questions Instant Access

Question 1

When investigating a malicious attack sourced from the Internet, the investigator would look for forensic evidence in:

AThe point of entry firewall log

BThe application logs of the target system

CThe IDS log

DAll of the above

Answer : D

Question 2

What should be in an electronic forensic tool kit?

AHard drive partitioning tools, File viewers, CD-R and ZIP disc utilities, Unerase and System Recovery utilities, Resource snapshot utilities, Text searching utilities, make up the complete list of tools needed.

BHard drive partitioning tools, File viewers, CD-R and ZIP disc utilities, erase and System Recovery utilities, Resource snapshot utilities, Text searching utilities, make up the complete list of tools needed.

CHard drive partitioning tools, File viewers, CD-R and ZIP disc utilities, erase and System Recovery utilities, Resource snapshot utilities, Text searching utilities, and tools specific to network and operating system type.

DHard drive partitioning tools, File viewers, CD-R and ZIP disc utilities, Unerase and System Recovery utilities, Resource snapshot utilities, Text searching utilities, and tools specific to network and operating system type.

Answer : D

Question 3

In order to access a desktop computer for a forensics investigation that has a BIOS boot password enabled, which of the following is not a technique to over-ride the password:

ARemove the CMOS Battery to reset the password

BShort the jumper block labeled 'PWD'

C'Flash' the BIOS with an update from the manufacturer.

DNone of the above

Answer : D

Question 4

When auditing log files for system discrepancies, why is NTP important?

ATo ensure that news protocols are not dumping into the log files

BTo ensure time synchronization on logs

CTo prevent future attacks of the same signature

DIt does not matter.

Answer : B

Question 5

The USA Patriot Act of 2001 has a significant impact to the investigation of computer related crime with stiffer penalties and greater latitude in investigation by law enforcement. This act was signed into law on:

A26-Oct-01

B14-Jan-01

CJuly 21, 2001 (in special session of Congress)

D19-Apr-01

Answer : A

Question 6

What method can be used to detect the use of rogue servers providing services such as illegal software distribution, music files, pornography in an environment?

AA network protocol sniffer/analyzer

BKeymapping on all workstations in the environment

CPort 4090 listening

DPort 4099 listening

Answer : A

Question 7

Compression of collected evidence can't be utilized because:

ACompression modifies the original evidence

BComplete drive imaging requires every bit to be identical, there's compression can't be utilized

CCompression can be utilized, but only if CRC on compression sequences are utilized

DCompression of original evidence can be utilized

Answer : D

IISFA Certified Information Forensics Investigator II0-001 CIFI Exam Questions