1. Which of the following is a simple protocol for retrieving emails from an email server, where the emails are stored on the server until the user requests it?
Mail user agent
✔ POP3 server
SMTP server
Mail delivery agent
2. Which of the following is a program that allows bundling all files together into a single executable file via compression to bypass security software detection?
Dropper
Obfuscator
Payload
✔ Packer
3. Identify the malware distribution technique using which attackers use tactics such as keyword stuffing, doorway pages, page swapping, and addition of unrelated keywords to get a higher ranking on the web for their malware pages.
Spear phishing sites
✔ Blackhat search engine optimization
Drive-by downloads
Social engineered clickjackingg
4. Which of the following layers in the IoT architecture consists of all the hardware components, including sensors, RFID tags, and readers, and plays an important part in data collection and connecting devices within the network?
Access gateway layer
Middleware layer
Internet layer
✔ Edge technology layer
5. In which of the following methods do attackers often use packers to compress, encrypt, or modify a malware executable file to avoid detection?
Performing string search
Malware disassembly
✔ Obfuscation
File fingerprinting
6. Which of the following is a dedicated high-speed network that provides access to consolidated block-level storage, is a network by itself, and is not affected by network traffic such as bottlenecks in LAN?
✔ SAN
SSD
HDD
NAS
7. Which of the following types of jailbreaks allows users to reboot the iOS device any number of times because after every reboot, the device gets jailbroken automatically?
Semi-untethered jailbreak
Tethered jailbreak
Semi-tethered jailbreak
✔ Untethered jailbreak
8. Which of the following fields of an IIS log entry can be reviewed to determine whether a request made by a client is fulfilled without an error?
cs(User-Agent)
✔ sc-status
cs-method
cs-username
9. Identify the element of Apache core that is responsible for managing routines, interacting with the client and handling all the data exchange and socket connections between the client and the server.
http_main
http_core
✔ http_protocol
http_request
10. In which of the following attacks does an attacker exploit “http” to gain access to unauthorized directories and execute commands outside the web server’s root directory?
✔ Path traversal
Buffer overflow
Unvalidated input
Denial of service (DoS)
11. Which of the following factors of cloud forensics involves assisting organizations in following appropriate rules and adhering to requirements such as securing critical data, maintaining records for audit, and notifying the parties affected by sensitive data exposure?
System recovery
Data recovery
Log monitoring
✔ Regulatory compliance
12. Which of the following steps of event correlation compiles repeated events into a single event and avoids the duplication of an event?
✔ Event aggregation
Event filtering
Event masking
Root-cause analysis
13. Which of the following event correlation approaches checks and compares all fields systematically for positive and negative correlations among them to determine correlations across one or multiple fields?
Rule-based approach
Codebook-based approach
✔ Automated field correlation
Field-based approach
14. Kevin, a cybercriminal, installed a Tor browser on his system to perform illegal activities. Using the Tor browser, Kevin performed nefarious activities such as drug trafficking and anti-social campaigns online without leaving any traces. Identify the type of web accessed by Kevin using Tor browser in the above scenario.
Surface web
Indexed web
✔ Dark web
Deep web
15. Identify the registry location that stores Tor browser artifacts and can provide information on user activities on the dark web.
✔ HKEY_USERS\SID>\SOFTWARE\Mozilla\Firefox\Launcher
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{GUID}
16. Jedidiah, a forensic investigator, was tasked with inspecting a suspected machine running server software. In this process, he examined the binary code of the software, calculated its cryptographic hashes to identify its functionality, and compared it with other binary codes to check for the presence of any malicious code. Which of the following techniques did Jedidiah employ in the above scenario?
Malware Disassembly
String search
✔ File fingerprinting
Identifying file dependencies
17. Which of the following Azure logs are a type of Azure platform logs that record information on the Azure subscription layer as well as the write operations performed on Azure resources?
Azure Resource Logs
✔ Azure Activity Logs
Network Security Group Flow Logs
Azure Active Directory Reports
18. Identify the SQLite file that contains currently logged-in users in the Alexa device, and whenever a user signs out, the data in the database is erased.
✔ map_data_storage.db
DataStore.db
gservices.db
complications.db
19. Given below is the syntax of netstat command. netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval] Identify the netstat parameter that is used to display active TCP connections and includes the process ID (PID) for each connection.
✔ -o
-n
-p
-r
20. Identify the SrvMan command that helps administrators create services on Windows machine.
srvman.exe delete service name>
srvman.exe run driver.sys> [service name] [/copy:yes] [/overwrite:no] [/stopafter:msec>]
✔ srvman.exe add file.exe/file.sys> [service name] [display name] [/type:service type>][/start:start mode>] [/interactive:no] [/overwrite:yes]
srvman.exe stop service name> [/nowait] [/delay:delay in msec>]
21. Which of the following is an online service that allows forensic investigators to determine the domain name of an IP address and obtain the point of contact for the domain name?
WhatChanged Portable
✔ ARIN Whois
HashMyFiles
Logcat
22. Which of the following tools allows forensic investigators to trace back the web-based emails sent by an attacker?
✔ Social Catfish
KFSensor
LogonSessions
ThreatStream
23. Which of the following tools allows investigators to extract data from different mobile and digital devices using both the physical and logical extraction methods for Android, iOS, Windows OS, Tizen OS, and other mobile OSes?
Infoga
TinEye
Mention
✔ MD-NEXT
24. Which of the following tools is used by a forensic investigator to search, analyze, and visualize VPN logs in multiple formats?
✔ Elastic Stack
JumpListsView
DevCon
ShellBagsView
25. Which of the following is an open-source forensics tool that allows investigators to extract and analyze artifacts such as files, images, emails, user credentials, screenshots, keystrokes, clipboard data, etc., from PCAP, PcapNG, and ETL packet captures?
pwdump7
✔ NetworkMiner
tasklist
LogonSessions
2. Which of the following is a program that allows bundling all files together into a single executable file via compression to bypass security software detection?
✔ GuardDuty
XRY LOGICAL
ModSecurity
Autopsy
27. Which of the following tools assists investigators in retrieving deleted email messages from Outlook and Thunderbird email clients?
Encase
✔ Paraben's E3
THC-Hydra
LiME
28. Identify the command that allows investigators to perform logical acquisition on an Android wearable device.
netstat
✔ adb pull
lsof
istat