212-89 Practice Test

Which of the following is NOT one of the Computer Forensic types:

A.

USB Forensics

B.

Email Forensics

C.

Forensic Archaeology

D.

Image Forensics

Which of the following is an appropriate flow of the incident recovery steps?

A.

System Operation-System Restoration-System Validation-System Monitoring

B.

System Validation-System Operation-System Restoration-System Monitoring

C.

System Restoration-System Monitoring-System Validation-System Operations

D.

System Restoration-System Validation-System Operations-System Monitoring

Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies authorizes a group of users to perform a set of actions on a set of resources?

A.

Access control policy

B.

Audit trail policy

C.

Logging policy

D.

Documentation policy

An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?

A.

Creating new business processes to maintain profitability after incident

B.

Providing a standard for testing the recovery plan

C.

Avoiding the legal liabilities arising due to incident

D.

Providing assurance that systems are reliable

What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP
addresses on a victim computer to identify the established connections on it:

A.

“arp” command

B.

“netstat –an” command

C.

“dd” command

D.

“ifconfig” command