Cyber Forensics QnA (FACT Plus 2022)

FACT and FACT Plus Exam 20 March 2022

Exam NameFACT and FACT Plus Exam 20 March 2022
Test Date20/03/2022
Test Time :9:00 AM – 11:00 AM
SubjectCyber Forensics (FACT Plus)

Contents

Section I: Aptitude in Forensic Science

Click Here

Section II: Cyber Forensics

Q.51. The terms wear levelling and garbage collection is associated with the following

  1. Magnetic Disks
  2. Solid State Disks
  3. Optical Disks
  4. None of these

Answer: 2. Solid State Disks

Q.52. A single common key is used to encrypt and decrypt the message, the key is called

  1. Asymmetric encryption key
  2. Anti-forensics key
  3. Symmetric encryption key
  4. Public key

Answer: 3. Symmetric Encryption Key

Q.53. The browser that keeps a list of web pages you have visited during the current session

  1. Favourites
  2. History
  3. Cache memory
  4. Trail

Answer: 2. History

Q.54. The MD5 hash algorithm produces a bit value of

  1. 128 bit
  2. 256 bit
  3. 64 bit
  4. 32 bit

Answer: 1. 128 bit

Q.55. The electrical pathway used to transport data from one component of the computer to another is called:

  1. CMOS
  2. Bus
  3. BIOS
  4. RAM

Answer: 2. Bus

Q.56. Which one of the following usually used in the process of wi-fi hacking?

  1. Nessus
  2. Aircrack-ng
  3. Wireshark
  4. Norton

Answer: 2. Aircrack-ng

Q.57. The following is the test method in which the internal structure, design, etc. is NOT known to the tester

  1. Blue box testing
  2. Black box testing
  3. Grey box testing
  4. White box testing

Answer: 2. Black box testing

Q.58. Dead Box forensic analysis means

  1. Live system analysis
  2. Eves dropping
  3. Network analysis
  4. Offline analysis of the media

Answer: 4. Offlline Analysis of the Media

Q.59. The service provider of mobile communication will identify its customer through

  1. Subscriber Secret Number
  2. Mobile Phone Number
  3. Mobile Equipment Number
  4. Subscriber Identity Module

Answer: 4. Subscriber Identity Module

Q.60. The following is a special form of attack using which hackers exploit human psychology:

  1. IT vulnerability
  2. Social Engineering
  3. Cross Site Scripting
  4. Reverse Engineering

Answer: 2. Social Engineering

Q.61. The NTFS file system does which of the following

  1. Supports large file sizes in excess of 4GB
  2. Compresses individual files and directories
  3. Supports long file names
  4. All of these

Answer: 4. All of These

Q.62. How many bytes a sector of hard disk hold?

  1. 512 bytes
  2. 1024 bytes
  3. 4096 bytes
  4. 256 bytes

Answer: 1. 512 bytes

Q.63. The credit card retailers are required to comply the standard known as:

  1. Payment Card Integrity-Data Security Standard
  2. Payment Cash Industry-Data Security Standard
  3. Payment Card Industry-Data Security Standard
  4. None of these

Answer: 3. Payment Card Industry- Data Security Standard

Q.64. Modem stands for

  1. Modulator Demodulator
  2. Module Demonstrator
  3. Monetary Demarcation
  4. Memory Demagnetization

Answer: 1. Modulator Demodulator

Q.65. What is the process of hiding text within an image called?

  1. Key logger
  2. Encryption
  3. Spyware
  4. Steganography

Answer: 4. Steganography

Q.66. In which type of RAID the data is mirrored

  1. RAID 0
  2. RAID 1
  3. RAID 5
  4. None of these

Answer: 2. RAID 1

Q.67. The following is embedded in the SIM card

  1. IMEI
  2. MSISDN
  3. IMSI
  4. All of These

Answer: IMSI

Q.68. Which type of the following malware does NOT replicate or clone themselves through infection?

  1. Viruses
  2. Rootkits
  3. Trojans
  4. Worms

Answer: 3. Trojans

Q.69. When a document is opened, a link file bearing the document file name is created in the following folder:

  1. History
  2. Temp
  3. Recent
  4. Shortcut

Answer: 3. Recent

Q.70. What is it called when someone changes the from section of an email, so that the message you receive appears to come from a person other than the one who sent it?

  1. Spoofing
  2. Trapper
  3. Unsolicited
  4. Spam

Answer: 1. Spoofing

Q.71. The Voice Phishing is referred as

  1. Calling customer care
  2. War dialling
  3. Washing
  4. Vishing

Answer: 4. Vishing

Q.72. The acronym I4C stands for

  1. Indian Cyber Crime Coordination Centre
  2. Independent Cyber Crime Coordination Centre
  3. Indoasian Cyber Crime Coordination Centre
  4. Integrated Cyber Crime Coordination Centre

Answer: 1. Indian Cyber Crime Coordination Centre

Q.73. What is the full form of RFID?

  1. Radio Frequency Identification
  2. Radio Frequency Dependent
  3. Radio Frequency interdependent
  4. Radio Frequency independent

Answer: 1. Radio Frequency Identification

Q.74. Which one is an example of IOT

  1. Remote Monitoring
  2. Fleet control
  3. Smart cities
  4. None of these

Answer: 3. Smart Cities

Q.75. How many layers are present in TCP/IP Model?

  1. 4
  2. 5
  3. 7
  4. 6

Answer: 1. 4

Q.76. In NTFS, information unique to a specific user is stored in the following file:

  1. System.dat
  2. Ntuser.dat
  3. Database.dat
  4. User.dat

Answer: 2. Ntuser.dat

Q.77. A business company wanted to outsource entire IT infrastructure to cloud service provider (CSP). Which of the following service models the company need to adopt?

  1. PAAS
  2. SAAS
  3. IAAS
  4. All of These

Answer: 3. IAAS

Q.78. The acronym NTFS stands for

  1. Newer Technique File System
  2. Next Technology File System
  3. New Technique File System
  4. New Technology File System

Answer: 4. New Technology File System

Q.79. What is the meaning of Smishing?

  1. A type of attack to send you a mail
  2. A type of attack to take control of your desktop
  3. A type of phishing attack using SMS
  4. None of these

Answer: 3. A type of phishing attack using SMS

Q.80. The acronym CMOS stands for

  1. Contact Metal Oxide Semiconductor
  2. Complementary Metal Oxide Semiconductor
  3. Complete Metal Oxide Semiconductor
  4. Complementary Mercury Oxide Semiconductor

Answer: 2. Complementary Metal Oxide Semiconductor

Q.81. Under which section of the Information Technology Act, the cyber forensic laboratories are declared as Examiner of Electronic Evidence?

  1. IT Act, Section 80
  2. IT Act, Section 79A
  3. IT Act, Section 65B
  4. IT Act, Section 66

Answer: 2. IT Act, Section 79A

Q.82. The acronym SNMP stands for

  1. Special Network Managed Protocol
  2. Simple Network Management Protocol
  3. Sample Network Management Protocol
  4. Standard Network Management Protocol

Answer: 2. Simple Network Management Protocol

Q.83. Which of the following describes a MAC address?

  1. It is provided by the manufacturer of the Network Interface Card
  2. It is a logical address
  3. It is a globally unique IP address
  4. All of these

Answer: 1. It is provided by the manufacturer of the Network Interface Card

Q.84. You are a computer forensic examiner, at crime scene found Linux server and came to know that it contains database records relevant to the case. What is the best practice for seizing the server?

  1. Photograph the screen, note running process etc., and pull the plug from the rear of the system.
  2. Photograph the screen, note the running process etc., and use the normal shut down procedure.
  3. Photograph the screen, note running process etc., and pull the plug from the wall.
  4. Any of these procedure

Answer: 2. Photograph the screen, note the running process etc., and use the normal shut down procedure.

Q.85. The 16 digit credit card number is the exclusive number embossed on the credit card. The first six digits of the card indicates the following

  1. Receiver identification
  2. Issuer identification
  3. Credit card number
  4. None of these

Answer: 2. Issuer Identification

Q.86. As a forensic examiner want to know when a user deleted a file contained in the recycle bin. In what file is the date and time information about the file deletion contained?

  1. Link file
  2. Info2
  3. Deleted.ini
  4. Index.dat

Answer: 2. Info2

Q.87. The following is most important cardinal rules of the digital forensics

  1. Can be used any software tools for analysis
  2. No documentation is required
  3. Never work on the original Evidence
  4. Work on the original media

Answer: 3. Never work on the original Evidence

Q.88. For what purpose, the tool “Volatility” is used

  1. To extract data from nonvolatile data
  2. To extract data from RAM dumps
  3. To capture RAM dump
  4. All of these

Answer: 2. To extract data from RAM dumps

Q.89. What can be assumed about a hard disk that is pinned as Cable Select?

  1. It is a SCSI disk
  2. It is an IDE disk
  3. It is a SATA disk
  4. All Of These

Answer: 2. It is an IDE dislk

Q.90. Computers use a numbering system with only two digits 0 and 1. This system is referred to as:

  1. ASCII
  2. Hexadecimal
  3. FAT
  4. Binary

Answer: 4. Binary

Q.91. Which of the following statements best describes a white-hat hacker?

  1. Former black hat
  2. Former grey hat
  3. Malicious hacker
  4. Security Professional

Answer: 4. Security Professional

Q.92. The IMEI number of the mobile phone at service provider is recorded in the following register:

  1. Visitors Location Register
  2. Authentication Centre
  3. Equipment Identity Register
  4. Home Location Register

Answer: 3. Equipment Identity Register

Q.93. Which describes a DCO?

  1. Was introduced in ATA-6 specification
  2. It may contain hidden data
  3. It is normally not seen by the BIOS
  4. All of these

Answer: 4. All of these

Q.94. The acronym ICMP Stands for

  1. Interim Control Message Protocol
  2. Internet Control Message Protocol
  3. Internet Control Managed Protocol
  4. Internet Compound Message Protocol

Answer: 2. Internet Control Message Protocol

Q.95. When data is encapsulated, which is the correct order

  1. Data, Segment, Frame, Packet, Bit
  2. Data, Segment, Packet, Frame, Bit
  3. Segment, Data, Packet, Frame, Bit
  4. Data, Frame, Packet, Segment, Bit

Answer: 2. Data, Segment, Packet, Frame, Bit

Q.96. What is meant of polymorphic viruses?

  1. The virus infection on the systems in the network
  2. A virus encrypt code in different way with each infection
  3. The virus infects different systems in the same way
  4. All of these.

Answer: 2. A Virus Encrypt Code in Different Way With Each Infection

Q.97. Identification, collection, preservation, examination and presentation of digital evidence in a legally acceptable manner:

  1. Testimony in court of law
  2. Computer forensics definition
  3. Chain of custody
  4. Live acquisition

Answer: 2. Computer Forensics Definitions

Q.98. Which is the following tool for performing footprinting undetected?

  1. Ping sweep
  2. Trace road
  3. Whois search
  4. Host scanning

Answer: 3. Whois Search

Q.99. What is a wrapper?

  1. A program used to combine a trojan and backdoor into a single executable
  2. A program used to combine a trojan and legitimate software into a single executable
  3. A way of accessing a trojan system
  4. A trojan system

Answer: 2. A Program used to combine a Trojan and Legitimate software into a single executable

Q.100. A person presented the card at the POS after shopping. The charge slip generated at POS does not match with the embossed card number, name etc. indicates the following:

  1. Card is expired
  2. Card is original
  3. Card is not valid
  4. Card is skimmed

Answer: 4. Card is Skimmed

Q.101. The magnetic strip of the credit card contains following number of tracks:

  1. 1
  2. 3
  3. 4
  4. 2

Answer: 2. 3

Q.102. When you are examining evidence that has been sent to a printer, which file contains an image of the actual print job?

  1. Shadow file
  2. The RAW file
  3. Enhanced metafile
  4. The spool file

Answer: 4. The Spool File

Q.103. What port number does HTTPS use?

  1. 443
  2. 53
  3. 21
  4. 80

Answer: 1. 443

Q.104. The acronym ICCID stands for

  1. International Circuit Card Identifier
  2. Independent Chip Card Identifier
  3. Integrated Circuit Card Identifier
  4. None of these

Answer: 3. Integrated Circuit Card Identifier

Q.105. An acquisition method where only specific files of interest to the case are acquired is called:

  1. Logical acquisition
  2. Sparse acquisition
  3. Live acquisition
  4. Physical Acquisition

Answer: 1. Logical Acquisition

Q.106. What is necessary in order to install a hardware key logger on a target system?

  1. telnet access to the system
  2. Admin user name and password
  3. Physical access to the system
  4. IP address of the system

Answer: 3. Physical Access to the System

Q.107. The last shutdown information is available in the following registry hive

  1. Ntuser.dat
  2. System
  3. SAM
  4. Software

Answer: 2. System

Q.108. The IMEI Number logically can be seen by inputing the following code

  1. *06##
  2. ##06*
  3. *#06*
  4. *#06#

Answer: 4. *#06#

Q.109. Degausser is used for

  1. To wipe data in a SATA hard disk
  2. To wipe data from thumb drives
  3. To wipe data from memory cards
  4. To wipe data from CDs/DVDs

Answer:  1. To wipe data in a SATA hard disk

Q.110. What is the maximum number of drive letters assigned to hard drive partitions on a system?

  1. Eight
  2. Twenty four
  3. Sixteen
  4. Thirty two

Answer: 2. Twenty four

Q.111. The space between the end of a file logical size and the file physical size is called:

  1. Unallocated sectors
  2. Unallocated clusters
  3. Unused disk area
  4. Slack space

Answer: 4. Slack Space

Q.112. What is called when a hacker pretends to be a valid user on the system

  1. Valid user
  2. Help desk
  3. Their person authorization
  4. Impersonation

Answer: 4. Impersonation

Q.113. What is skimmer?

  1. It is used to emboss the plastic card
  2. Making the magnetic strip of the card unreadable
  3. Reading/copying the data from the magnetic strip
  4. None of these

Answer: 3. Reading/Copying the data from the magnetic strip

Q.114. The length of Port address in TCP/IP is

  1. 16 bit long
  2. 32 bit long
  3. 8 bit long
  4. 4 bit long

Answer:  1. 16 bit long

Q.115. A social engineering technique of seeking entry to a restricted area by walking behind a person who has access to that location is known as:

  1. Quid pro quo
  2. Impersonation
  3. Tailgating
  4. Baiting

Answer: 3. Tailgating

Q.116. A video that has been edited digitally to replace the person in the original video with someone else is known as:

  1. Digitally fake
  2. Metadata
  3. Deepfake
  4. None of these

Answer: 3. Deepfake

Q.117. The acronym GSM stands for

  1. Geographical system for mobile communication
  2. Great system for mobile communication
  3. Global system for mobile communication
  4. None of these

Answer: 3. Global system for mobile communication

Q.118. Green dispenser is a malware attack on the following objects:

  1. Keyboard
  2. Bank lockers
  3. ATMs
  4. Servers

Answer: 3. ATMs

Q.119. The new contactless card released by the master card is known as

  1. Payway
  2. Paywalk
  3. PayWave
  4. PayPass

Answer: 4. PayPass

Q.120. What is the proper sequence of a TCP Connection?

  1. SYN – ACK – FIN
  2. SYN – SYN ACK – ACK
  3. SYN – PSH – ACK
  4. ALL THESE

Answer: 2. SYN-SYN ACK-ACK

Also Read

error: Content is protected !!

Discover more from Forensic's blog

Subscribe now to keep reading and get access to the full archive.

Continue reading