- Email support@dumps4free.com
Topic 1: Exam Pool A
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an
investigation, what can you conclude?
A.
The system files have been copied by a remote attacker
B.
The system administrator has created an incremental backup
C.
The system has been compromised using a t0rnrootkit
D.
Nothing in particular as these can be operational files
Nothing in particular as these can be operational files
Law enforcement officers are conducting a legal search for which a valid warrant was obtained.
While conducting the search, officers observe an item of evidence for an unrelated crime
that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?
A.
Plain view doctrine
B.
Corpus delicti
C.
Locard Exchange Principle
D.
Ex Parte Order
Plain view doctrine
To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?
A.
Computer Forensics Tools and Validation Committee (CFTVC)
B.
Association of Computer Forensics Software Manufactures (ACFSM)
C.
National Institute of Standards and Technology (NIST)
D.
Society for Valid Forensics Tools and Testing (SVFTT)
National Institute of Standards and Technology (NIST)
You should make at least how many bit-stream copies of a suspect drive?
A.
1
B.
2
C.
3
D.
4
2
Which federal computer crime law specifically refers to fraud and related activity in
connection with access devices like routers?
A.
18 U.S.C. 1029
B.
18 U.S.C. 1362
C.
18 U.S.C. 2511
D.
18 U.S.C. 2703
18 U.S.C. 1029
| Page 1 out of 120 Pages |