CIS 562 Week 5 Midterm Exam – Strayer NEW
Click On The Link Below To Purchase A+ Graded Material
Instant Download
http://budapp.net/CIS-562-Midterm-Exam-Week-5-Strayer-NEW-CIS562W5E.htm
Chapters 1 Through 6
Chapter 1: Computer Forensics and Investigations as a Profession
TRUE/FALSE
1. By the 1970s, electronic crimes were increasing, especially in the financial sector.
2. To be a successful computer forensics investigator, you must be familiar with more than one computing platform.
3. Computer investigations and forensics fall into the same category: public investigations.
4. The law of search and seizure protects the rights of all people, excluding people suspected of crimes.
5. After a judge approves and signs a search warrant, it’s ready to be executed, meaning you can collect evidence as defined by the warrant.
MULTIPLE CHOICE
1. The FBI ____ was formed in 1984 to handle the increasing number of cases involving digital evidence.
a. Federal Rules of Evidence (FRE)
b. Department of Defense Computer Forensics Laboratory (DCFL)
c. DIBS
d. Computer Analysis and Response Team (CART)
2. ____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.
a. Data recovery c. Computer forensics
b. Network forensics d. Disaster recovery
3. ____ involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring.
a. Computer forensics c. Disaster recovery
b. Data recovery d. Network forensics
4. The ____ group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime.
a. network intrusion detection c. incident response
b. computer investigations d. litigation
5. By the early 1990s, the ____ introduced training on software for forensics investigations.
a. IACIS c. CERT
b. FLETC d. DDBIA
6. In the Pacific Northwest, ____ meets monthly to discuss problems that law enforcement and corporations face.
a. IACIS c. FTK
b. CTIN d. FLETC
7. In a ____ case, a suspect is tried for a criminal offense, such as burglary, murder, or molestation.
a. corporate c. criminal
b. civil d. fourth amendment
8. In general, a criminal case follows three stages: the complaint, the investigation, and the ____.
a. litigation c. blotter
b. allegation d. prosecution
9. Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed.
a. litigation c. blotter
b. allegation d. prosecution
10. In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n) ____.
a. blotter c. litigation report
b. exhibit report d. affidavit
11. It’s the investigator’s responsibility to write the affidavit, which must include ____ (evidence) that support the allegation to justify the warrant.
a. litigation c. exhibits
b. prosecution d. reports
12. The affidavit must be ____ under sworn oath to verify that the information in the affidavit is true.
a. notarized c. recorded
b. examined d. challenged
13. Published company policies provide a(n) ____ for a business to conduct internal investigations.
a. litigation path c. line of allegation
b. allegation resource d. line of authority
14. A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.
a. warning banner c. line of authority
b. right of privacy d. right banner
15. A(n) ____ is a person using a computer to perform routine tasks other than systems administration.
a. complainant c. end user
b. user banner d. investigator
16. Without a warning banner, employees might have an assumed ____ when using a company’s computer systems and network accesses.
a. line of authority c. line of privacy
b. right of privacy d. line of right
17. In addition to warning banners that state a company’s rights of computer ownership, businesses should specify a(n) ____ who has the power to conduct investigations.
a. authorized requester c. line of right
b. authority of line d. authority of right
18. Most computer investigations in the private sector involve ____.
a. e-mail abuse c. Internet abuse
b. misuse of computing assets d. VPN abuse
19. Corporations often follow the ____ doctrine, which is what happens when a civilian or corporate investigative agent delivers evidence to a law enforcement officer.
a. silver-tree c. silver-platter
b. gold-tree d. gold-platter
20. Your ____ as a computer investigation and forensics analyst is critical because it determines your credibility.
a. professional policy c. line of authority
b. oath d. professional conduct
21. Maintaining ____ means you must form and sustain unbiased opinions of your cases.
a. confidentiality c. integrity
b. objectivity d. credibility
COMPLETION
1. ____________________ involves obtaining and analyzing digital information for use as evidence in civil, criminal, or administrative cases.
2. The ____________________ to the U.S. Constitution (and each state’s constitution) protects everyone’s rights to be secure in their person, residence, and property from search and seizure.
3. The term ____________________ refers to large corporate computing systems that might include disparate or formerly independent systems.
4. When you work in the ____________________ group, you test and verify the integrity of standalone workstations and network servers.
5. The ____________________ provides a record of clues to crimes that have been committed previously.
MATCHING
Match each item with a statement below:
a. Computer forensics f. HTCIA
b. Network forensics g. Affidavit
c. Litigation h. Industrial espionage
d. Xtree Gold i. Line of authority
e. Case law
1. the legal process of proving guilt or innocence in court
2. recognizes file types and retrieves lost or deleted files
3. investigates data that can be retrieved from a computer’s hard disk or other storage media
4. sworn statement of support of facts about or evidence of a crime that is submitted to a judge to request a search warrant before seizing evidence
5. allows legal counsel to use previous cases similar to the current one because the laws don’t yet exist
6. specifies who has the legal right to initiate an investigation, who can take possession of evidence, and who can have access to evidence
7. organization that exchanges information about techniques related to computer investigations and security
8. yields information about how a perpetrator or an attacker gained access to a network
9. involves selling sensitive or confidential company information to a competitor
SHORT ANSWER
1. Briefly describe the triad that makes up computer security.
2. Briefly describe the main characteristics of public investigations.
3. Briefly describe the main characteristics of private investigations.
4. What questions should an investigator ask to determine whether a computer crime was committed?
5. What are the three levels of law enforcement expertise established by CTIN?
6. What are some of the most common types of corporate computer crime?
7. What is embezzlement?
8. Briefly describe corporate sabotage.
9. What text can be used in internal warning banners?
10. Mention examples of groups that should have direct authority to request computer investigations in the corporate environment.
Chapter 2: Understanding Computer Investigations
TRUE/FALSE
1. Chain of custody is also known as chain of evidence.
2. Employees surfing the Internet can cost companies millions of dollars.
3. You cannot use both multi-evidence and single-evidence forms in your investigation.
4. Many attorneys like to have printouts of the data you have recovered, but printouts can present problems when you have log files with several thousand pages of data.
5. A bit-stream copy is a bit-by-bit duplicate of the original disk. You should use the original disk whenever possible.
MULTIPLE CHOICE
1. The ____ is the route the evidence takes from the time you find it until the case is closed or goes to court.
a. acquisition plan c. evidence path
b. chain of custody d. evidence custody
2. When preparing a case, you can apply ____ to problem solving.
a. standard programming rules c. standard systems analysis steps
b. standard police investigation d. bottom-up analysis
3. The list of problems you normally expect in the type of case you are handling is known as the ____.
a. standard risk assessment c. standard problems form
b. chain of evidence d. problems checklist form
4. The basic plan for your investigation includes gathering the evidence, establishing the ____, and performing the forensic analysis.
a. risk assessment c. chain of custody
b. nature of the case d. location of the evidence
5. A(n) ____ helps you document what has and has not been done with both the original evidence and forensic copies of the evidence.
a. evidence custody form c. initial investigation form
b. risk assessment form d. evidence handling form
6. Use ____ to secure and catalog the evidence contained in large computer components.
a. Hefty bags c. paper bags
b. regular bags d. evidence bags
7. ____ prevents damage to the evidence as you transport it to your secure evidence locker, evidence room, or computer lab.
a. An antistatic wrist band c. An antistatic pad
b. Padding d. Tape
8. ____ investigations typically include spam, inappropriate and offensive message content, and harassment or threats.
a. VPN c. E-mail
b. Internet d. Phone
9. To conduct your investigation and analysis, you must have a specially configured personal computer (PC) known as a ____.
a. mobile workstation c. f
No comments:
Post a Comment