FACT and FACT Plus Exam 20 March 2022
Exam Name | FACT and FACT Plus Exam 20 March 2022 |
Test Date | 20/03/2022 |
Test Time : | 9:00 AM – 11:00 AM |
Subject | Cyber Forensics (FACT Plus) |
Contents
Section I: Aptitude in Forensic Science
Click Here
Section II: Cyber Forensics
Q.51. The terms wear levelling and garbage collection is associated with the following
- Magnetic Disks
- Solid State Disks
- Optical Disks
- None of these
Answer: 2. Solid State Disks
Q.52. A single common key is used to encrypt and decrypt the message, the key is called
- Asymmetric encryption key
- Anti-forensics key
- Symmetric encryption key
- Public key
Answer: 3. Symmetric Encryption Key
Q.53. The browser that keeps a list of web pages you have visited during the current session
- Favourites
- History
- Cache memory
- Trail
Answer: 2. History
Q.54. The MD5 hash algorithm produces a bit value of
- 128 bit
- 256 bit
- 64 bit
- 32 bit
Answer: 1. 128 bit
Q.55. The electrical pathway used to transport data from one component of the computer to another is called:
- CMOS
- Bus
- BIOS
- RAM
Answer: 2. Bus
Q.56. Which one of the following usually used in the process of wi-fi hacking?
- Nessus
- Aircrack-ng
- Wireshark
- Norton
Answer: 2. Aircrack-ng
Q.57. The following is the test method in which the internal structure, design, etc. is NOT known to the tester
- Blue box testing
- Black box testing
- Grey box testing
- White box testing
Answer: 2. Black box testing
Q.58. Dead Box forensic analysis means
- Live system analysis
- Eves dropping
- Network analysis
- Offline analysis of the media
Answer: 4. Offlline Analysis of the Media
Q.59. The service provider of mobile communication will identify its customer through
- Subscriber Secret Number
- Mobile Phone Number
- Mobile Equipment Number
- Subscriber Identity Module
Answer: 4. Subscriber Identity Module
Q.60. The following is a special form of attack using which hackers exploit human psychology:
- IT vulnerability
- Social Engineering
- Cross Site Scripting
- Reverse Engineering
Answer: 2. Social Engineering
Q.61. The NTFS file system does which of the following
- Supports large file sizes in excess of 4GB
- Compresses individual files and directories
- Supports long file names
- All of these
Answer: 4. All of These
Q.62. How many bytes a sector of hard disk hold?
- 512 bytes
- 1024 bytes
- 4096 bytes
- 256 bytes
Answer: 1. 512 bytes
Q.63. The credit card retailers are required to comply the standard known as:
- Payment Card Integrity-Data Security Standard
- Payment Cash Industry-Data Security Standard
- Payment Card Industry-Data Security Standard
- None of these
Answer: 3. Payment Card Industry- Data Security Standard
Q.64. Modem stands for
- Modulator Demodulator
- Module Demonstrator
- Monetary Demarcation
- Memory Demagnetization
Answer: 1. Modulator Demodulator
Q.65. What is the process of hiding text within an image called?
- Key logger
- Encryption
- Spyware
- Steganography
Answer: 4. Steganography
Q.66. In which type of RAID the data is mirrored
- RAID 0
- RAID 1
- RAID 5
- None of these
Answer: 2. RAID 1
Q.67. The following is embedded in the SIM card
- IMEI
- MSISDN
- IMSI
- All of These
Answer: IMSI
Q.68. Which type of the following malware does NOT replicate or clone themselves through infection?
- Viruses
- Rootkits
- Trojans
- Worms
Answer: 3. Trojans
Q.69. When a document is opened, a link file bearing the document file name is created in the following folder:
- History
- Temp
- Recent
- Shortcut
Answer: 3. Recent
Q.70. What is it called when someone changes the from section of an email, so that the message you receive appears to come from a person other than the one who sent it?
- Spoofing
- Trapper
- Unsolicited
- Spam
Answer: 1. Spoofing
Q.71. The Voice Phishing is referred as
- Calling customer care
- War dialling
- Washing
- Vishing
Answer: 4. Vishing
Q.72. The acronym I4C stands for
- Indian Cyber Crime Coordination Centre
- Independent Cyber Crime Coordination Centre
- Indoasian Cyber Crime Coordination Centre
- Integrated Cyber Crime Coordination Centre
Answer: 1. Indian Cyber Crime Coordination Centre
Q.73. What is the full form of RFID?
- Radio Frequency Identification
- Radio Frequency Dependent
- Radio Frequency interdependent
- Radio Frequency independent
Answer: 1. Radio Frequency Identification
Q.74. Which one is an example of IOT
- Remote Monitoring
- Fleet control
- Smart cities
- None of these
Answer: 3. Smart Cities
Q.75. How many layers are present in TCP/IP Model?
- 4
- 5
- 7
- 6
Answer: 1. 4
Q.76. In NTFS, information unique to a specific user is stored in the following file:
- System.dat
- Ntuser.dat
- Database.dat
- User.dat
Answer: 2. Ntuser.dat
Q.77. A business company wanted to outsource entire IT infrastructure to cloud service provider (CSP). Which of the following service models the company need to adopt?
- PAAS
- SAAS
- IAAS
- All of These
Answer: 3. IAAS
Q.78. The acronym NTFS stands for
- Newer Technique File System
- Next Technology File System
- New Technique File System
- New Technology File System
Answer: 4. New Technology File System
Q.79. What is the meaning of Smishing?
- A type of attack to send you a mail
- A type of attack to take control of your desktop
- A type of phishing attack using SMS
- None of these
Answer: 3. A type of phishing attack using SMS
Q.80. The acronym CMOS stands for
- Contact Metal Oxide Semiconductor
- Complementary Metal Oxide Semiconductor
- Complete Metal Oxide Semiconductor
- Complementary Mercury Oxide Semiconductor
Answer: 2. Complementary Metal Oxide Semiconductor
Q.81. Under which section of the Information Technology Act, the cyber forensic laboratories are declared as Examiner of Electronic Evidence?
- IT Act, Section 80
- IT Act, Section 79A
- IT Act, Section 65B
- IT Act, Section 66
Answer: 2. IT Act, Section 79A
Q.82. The acronym SNMP stands for
- Special Network Managed Protocol
- Simple Network Management Protocol
- Sample Network Management Protocol
- Standard Network Management Protocol
Answer: 2. Simple Network Management Protocol
Q.83. Which of the following describes a MAC address?
- It is provided by the manufacturer of the Network Interface Card
- It is a logical address
- It is a globally unique IP address
- All of these
Answer: 1. It is provided by the manufacturer of the Network Interface Card
Q.84. You are a computer forensic examiner, at crime scene found Linux server and came to know that it contains database records relevant to the case. What is the best practice for seizing the server?
- Photograph the screen, note running process etc., and pull the plug from the rear of the system.
- Photograph the screen, note the running process etc., and use the normal shut down procedure.
- Photograph the screen, note running process etc., and pull the plug from the wall.
- Any of these procedure
Answer: 2. Photograph the screen, note the running process etc., and use the normal shut down procedure.
Q.85. The 16 digit credit card number is the exclusive number embossed on the credit card. The first six digits of the card indicates the following
- Receiver identification
- Issuer identification
- Credit card number
- None of these
Answer: 2. Issuer Identification
Q.86. As a forensic examiner want to know when a user deleted a file contained in the recycle bin. In what file is the date and time information about the file deletion contained?
- Link file
- Info2
- Deleted.ini
- Index.dat
Answer: 2. Info2
Q.87. The following is most important cardinal rules of the digital forensics
- Can be used any software tools for analysis
- No documentation is required
- Never work on the original Evidence
- Work on the original media
Answer: 3. Never work on the original Evidence
Q.88. For what purpose, the tool “Volatility” is used
- To extract data from nonvolatile data
- To extract data from RAM dumps
- To capture RAM dump
- All of these
Answer: 2. To extract data from RAM dumps
Q.89. What can be assumed about a hard disk that is pinned as Cable Select?
- It is a SCSI disk
- It is an IDE disk
- It is a SATA disk
- All Of These
Answer: 2. It is an IDE dislk
Q.90. Computers use a numbering system with only two digits 0 and 1. This system is referred to as:
- ASCII
- Hexadecimal
- FAT
- Binary
Answer: 4. Binary
Q.91. Which of the following statements best describes a white-hat hacker?
- Former black hat
- Former grey hat
- Malicious hacker
- Security Professional
Answer: 4. Security Professional
Q.92. The IMEI number of the mobile phone at service provider is recorded in the following register:
- Visitors Location Register
- Authentication Centre
- Equipment Identity Register
- Home Location Register
Answer: 3. Equipment Identity Register
Q.93. Which describes a DCO?
- Was introduced in ATA-6 specification
- It may contain hidden data
- It is normally not seen by the BIOS
- All of these
Answer: 4. All of these
Q.94. The acronym ICMP Stands for
- Interim Control Message Protocol
- Internet Control Message Protocol
- Internet Control Managed Protocol
- Internet Compound Message Protocol
Answer: 2. Internet Control Message Protocol
Q.95. When data is encapsulated, which is the correct order
- Data, Segment, Frame, Packet, Bit
- Data, Segment, Packet, Frame, Bit
- Segment, Data, Packet, Frame, Bit
- Data, Frame, Packet, Segment, Bit
Answer: 2. Data, Segment, Packet, Frame, Bit
Q.96. What is meant of polymorphic viruses?
- The virus infection on the systems in the network
- A virus encrypt code in different way with each infection
- The virus infects different systems in the same way
- All of these.
Answer: 2. A Virus Encrypt Code in Different Way With Each Infection
Q.97. Identification, collection, preservation, examination and presentation of digital evidence in a legally acceptable manner:
- Testimony in court of law
- Computer forensics definition
- Chain of custody
- Live acquisition
Answer: 2. Computer Forensics Definitions
Q.98. Which is the following tool for performing footprinting undetected?
- Ping sweep
- Trace road
- Whois search
- Host scanning
Answer: 3. Whois Search
Q.99. What is a wrapper?
- A program used to combine a trojan and backdoor into a single executable
- A program used to combine a trojan and legitimate software into a single executable
- A way of accessing a trojan system
- A trojan system
Answer: 2. A Program used to combine a Trojan and Legitimate software into a single executable
Q.100. A person presented the card at the POS after shopping. The charge slip generated at POS does not match with the embossed card number, name etc. indicates the following:
- Card is expired
- Card is original
- Card is not valid
- Card is skimmed
Answer: 4. Card is Skimmed
Q.101. The magnetic strip of the credit card contains following number of tracks:
- 1
- 3
- 4
- 2
Answer: 2. 3
Q.102. When you are examining evidence that has been sent to a printer, which file contains an image of the actual print job?
- Shadow file
- The RAW file
- Enhanced metafile
- The spool file
Answer: 4. The Spool File
Q.103. What port number does HTTPS use?
- 443
- 53
- 21
- 80
Answer: 1. 443
Q.104. The acronym ICCID stands for
- International Circuit Card Identifier
- Independent Chip Card Identifier
- Integrated Circuit Card Identifier
- None of these
Answer: 3. Integrated Circuit Card Identifier
Q.105. An acquisition method where only specific files of interest to the case are acquired is called:
- Logical acquisition
- Sparse acquisition
- Live acquisition
- Physical Acquisition
Answer: 1. Logical Acquisition
Q.106. What is necessary in order to install a hardware key logger on a target system?
- telnet access to the system
- Admin user name and password
- Physical access to the system
- IP address of the system
Answer: 3. Physical Access to the System
Q.107. The last shutdown information is available in the following registry hive
- Ntuser.dat
- System
- SAM
- Software
Answer: 2. System
Q.108. The IMEI Number logically can be seen by inputing the following code
- *06##
- ##06*
- *#06*
- *#06#
Answer: 4. *#06#
Q.109. Degausser is used for
- To wipe data in a SATA hard disk
- To wipe data from thumb drives
- To wipe data from memory cards
- To wipe data from CDs/DVDs
Answer: 1. To wipe data in a SATA hard disk
Q.110. What is the maximum number of drive letters assigned to hard drive partitions on a system?
- Eight
- Twenty four
- Sixteen
- Thirty two
Answer: 2. Twenty four
Q.111. The space between the end of a file logical size and the file physical size is called:
- Unallocated sectors
- Unallocated clusters
- Unused disk area
- Slack space
Answer: 4. Slack Space
Q.112. What is called when a hacker pretends to be a valid user on the system
- Valid user
- Help desk
- Their person authorization
- Impersonation
Answer: 4. Impersonation
Q.113. What is skimmer?
- It is used to emboss the plastic card
- Making the magnetic strip of the card unreadable
- Reading/copying the data from the magnetic strip
- None of these
Answer: 3. Reading/Copying the data from the magnetic strip
Q.114. The length of Port address in TCP/IP is
- 16 bit long
- 32 bit long
- 8 bit long
- 4 bit long
Answer: 1. 16 bit long
Q.115. A social engineering technique of seeking entry to a restricted area by walking behind a person who has access to that location is known as:
- Quid pro quo
- Impersonation
- Tailgating
- Baiting
Answer: 3. Tailgating
Q.116. A video that has been edited digitally to replace the person in the original video with someone else is known as:
- Digitally fake
- Metadata
- Deepfake
- None of these
Answer: 3. Deepfake
Q.117. The acronym GSM stands for
- Geographical system for mobile communication
- Great system for mobile communication
- Global system for mobile communication
- None of these
Answer: 3. Global system for mobile communication
Q.118. Green dispenser is a malware attack on the following objects:
- Keyboard
- Bank lockers
- ATMs
- Servers
Answer: 3. ATMs
Q.119. The new contactless card released by the master card is known as
- Payway
- Paywalk
- PayWave
- PayPass
Answer: 4. PayPass
Q.120. What is the proper sequence of a TCP Connection?
- SYN – ACK – FIN
- SYN – SYN ACK – ACK
- SYN – PSH – ACK
- ALL THESE
Answer: 2. SYN-SYN ACK-ACK