Digital Forensics
Textbook Exam Questions
Course Introduction
Digital Forensics is the study and practice of uncovering, analyzing, and preserving digital evidence from electronic devices, networks, and systems to support investigations of cybercrimes, policy violations, and legal disputes. This course covers core concepts such as evidence collection and preservation, file system analysis, memory forensics, incident response, and legal considerations, with hands-on exposure to industry-standard tools and techniques. Students will learn to trace digital footprints, reconstruct cyber attack scenarios, and ensure the integrity and admissibility of digital evidence in compliance with legal and ethical standards.
Recommended Textbook
Computer Security Principles and Practice 3rd Edition by William Stallings
Available Study Resources on Quizplus
24 Chapters
1076 Verified Questions
1076 Flashcards
Source URL: https://quizplus.com/study-set/3981 Page 2
Chapter 1: Computer Systems Overview
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79973
Sample Questions
Q1) T F 4.Availability assures that systems works promptly and service is not denied to authorized users.
A)True
B)False
Answer: True
Q2) The assurance that data received are exactly as sent by an authorized entity is
A)authentication
B)access control
C)data confidentiality
D)data integrity
Answer: D
Q3) Establishing,maintaining,and implementing plans for emergency response,backup operations,and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________ plan.
Answer: contingency
Q4) The OSI security architecture focuses on security attacks,__________,and services.
Answer: mechanisms
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Cryptographic Tools
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79962
Sample Questions
Q1) __________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.
A)DSS
B)RSA
C)SHA
D)AES
Answer: B
Q2) Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits.
A)True
B)False
Answer: False
Q3) __________ is the scrambled message produced as output.
A)Plaintext
B)Ciphertext
C)Secret key
D)Cryptanalysis
Answer: B
Q4) Public-key encryption was first publicly proposed by __________ in 1976. Answer: Diffie and Hellman
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: User Authentication
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79956
Sample Questions
Q1) A host generated random number is often called a __________.
Answer: nonce
Q2) The __________ is the pattern formed by veins beneath the retinal surface.
Answer: retinal pattern
Q3) A __________ is a password guessing program.
A)password hash
B)password biometric
C)password cracker
D)password salt
Answer: C
Q4) Depending on the application,user authentication on a biometric system involves either verification or identification.
A)True
B)False
Answer: True
Q5) A __________ attack attempts to disable a user authentication service by flooding the service with numerous authentication attempts. Answer: denial-of-service
Q6) A __________ is an individual to whom a debit card is issued. Answer: cardholder
Page 5
To view all questions and flashcards with answers, click on the resource link above.
Chapter 4: Access Control
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79955
Sample Questions
Q1) Basic access control systems typically define three classes of subject: owner,__________ and world.
Q2) __________ access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do.
Q3) __________ is based on the roles the users assume in a system rather than the user's identity.
A)DAC
B)RBAC
C)MAC
D)URAC
Q4) X.800 defines __________ as the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.
Q5) __________ refers to setting a maximum number with respect to roles.
A)Cardinality
B)Prerequisite
C)Exclusive
D)Hierarchy
Q6) The three types of attributes in the ABAC model are subject attributes,object attributes,and _________ attributes.
6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Database and Cloud Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79954
Sample Questions
Q1) In addition to granting and revoking access rights to a table,in a ___________ administration the owner of the table may grant and revoke authorization rights to other users,allowing them to grant and revoke access rights to the table.
Q2) In relational database parlance,the basic building block is a __________,which is a flat table.
A)attribute
B)tuple
C)primary key
D)relation
Q3) __________ is an organization that receives the encrypted data from a data owner and makes them available for distribution to clients.
A)User
B)Client
C)Data owner
D)Server
Q4) An IDS is a set of automated tools designed to detect unauthorized access to a host system.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Malicious Software
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/79953
Sample Questions
Q1) Programmers use backdoors to debug and test programs.
A)True
B)False
Q2) The four phases of a typical virus are: dormant phase,triggering phase,execution phase and __________ phase.
Q3) In addition to propagating,a worm usually carries some form of payload.
A)True
B)False
Q4) A logic bomb is the event or condition that determines when the payload is activated or delivered.
A)True
B)False
Q5) A virus that attaches to an executable program can do anything that the program is permitted to do.
A)True
B)False
Q6) A macro virus infects executable portions of code.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 8
Q7) A __________ is a collection of bots capable of acting in a coordinated manner.
Chapter 7: Denial-Of-Service Attacks
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79952
Sample Questions
Q1) The SYN spoofing attack targets the table of TCP connections on the server.
A)True
B)False
Q2) TCP uses the _______ to establish a connection.
A)zombie
B)SYN cookie
C)directed broadcast
D)three-way handshake
Q3) Using forged source addresses is known as _________.
A)source address spoofing
B)a three-way address
C)random dropping
D)directed broadcast
Q4) It is possible to specifically defend against the ______ by using a modified version of the TCP connection handling code.
A)three-way handshake
B)UDP flood
C)SYN spoofing attack
D)flash crowd
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Intrusion Detection
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79951
Sample Questions
Q1) A (n)__________ is a hacker with minimal technical skill who primarily uses existing attack toolkits.
A)Master
B)Apprentice
C)Journeyman
D)Activist
Q2) __________ is a security service that monitors and analyzes system events for the purpose of finding,and providing real-time warning of attempts to access system resources in an unauthorized manner.
Q3) The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria.
A)protocol
B)direction
C)action
D)destination port
Q4) A ________ IDS monitors traffic at selected points on a network or interconnected set of networks.
Q5) ________ are decoy systems that are designed to lure a potential attacker away from critical systems.
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Firewalls and Intrusion Prevention Systems
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79950
Sample Questions
Q1) Distributed firewalls protect against internal attacks and provide protection tailored to specific machines and applications.
A)True
B)False
Q2) ________ control controls access to a service according to which user is attempting to access it.
A)User
B)Direction
C)Service
D)Behavior
Q3) A _________ firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.
Q4) The countermeasure to tiny fragment attacks is to discard packets with an inside source address if the packet arrives on an external interface.
A)True
B)False
Q5) A prime disadvantage of an application-level gateway is the additional processing overhead on each connection.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Buffer Overflow
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/79972
Sample Questions
Q1) There are several generic restrictions on the content of shellcode.
A)True
B)False
Q2) Shellcode is not specific to a particular processor architecture.
A)True
B)False
Q3) _________ is a tool used to automatically identify potentially vulnerable programs.
A)Slamming
B)Sledding
C)Fuzzing
D)All of the above
Q4) Buffer overflow exploits are no longer a major source of concern to security practitioners.
A)True
B)False
Q5) The __________ project produces a free,multiplatform 4.4BSD-based UNIX-like operating system.
Q6) Gaps,or __________ ,are flagged in the MMU as illegal addresses,and any attempt to access them results in the process being aborted.
Page 12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Software Security
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/79971
Sample Questions
Q1) A _______ attack is where the input includes code that is then executed by the attacked system.
A)SQL injection
B)cross-site scripting
C)code injection
D)interpreter injection
Q2) A number of widely used standard C _________ compound the problem of buffer overflow by not providing any means of limiting the amount of data transferred to the space available in the buffer.
Q3) The intent of ________ is to determine whether the program or function correctly handles all abnormal inputs or whether it crashes or otherwise fails to respond appropriately.
A)shell scripting
B)fuzzing
C)canonicalization
D)deadlocking
Q4) Security flaws occur as a consequence of sufficient checking and validation of data and error codes in programs.
A)True
B)False
Page 13
To view all questions and flashcards with answers, click on the resource link above.
Chapter 12: Operating System Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79970
Sample Questions
Q1) ______ virtualization systems are more common in clients,where they run along side other applications on the host OS,and are used to support applications for alternate operating system versions or types.
Q2) You should run automatic updates on change-controlled systems.
A)True
B)False
Q3) The purpose of the system does not need to be taken into consideration during the system security planning process.
A)True
B)False
Q4) The first critical step in securing a system is to secure the __________.
A)base operating system
B)system administrator
C)malware protection mechanisms
D)remote access privileges
Q5) The following steps should be used to secure an operating system:
A)test the security of the basic operating system
B)remove unnecessary services
C)install and patch the operating system
D)all of the above
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Trusted Computing and Multilevel Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79969
Sample Questions
Q1) ________ is a process that ensures a system is developed and operated as intended by the system's security policy.
A)Trust
B)Assurance
C)Evaluation
D)Functionality
Q2) The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria.
A)True
B)False
Q3) "No write down" is also referred to as the *-property.
A)True
B)False
Q4) To structure the need for assurance the CC defines a scale for rating assurance consisting of _____ evaluation assurance levels ranging from the least rigor and scope for assurance evidence to the most.
Q5) A subject is said to have a security _________ of a given level.
Q6) An object is said to have a security ________ of a given level.
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: It Security Management and Risk Assessment
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79968
Sample Questions
Q1) The _________ approach combines elements of the baseline,informal,and detailed risk analysis approaches.
Q2) _________ is a process used to achieve and maintain appropriate levels of confidentiality,integrity,availability,accountability,authenticity,and reliability.
Q3) The advantages of the _________ approach are that it doesn't require the expenditure of additional resources in conducting a more formal risk assessment and that the same measures can be replicated over a range of systems.
A)combined
B)informal
C)baseline
D)detailed
Q4) ________ specification indicates the impact on the organization should the particular threat in question actually eventuate.
A)Risk
B)Consequence
C)Threat
D)Likelihood
Q5) A(n)_________ is anything that has value to the organization.
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: It Security Controls,plans,and Procedures
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79967
Sample Questions
Q1) Incident response is part of the ________ class of security controls.
Q2) The implementation phase comprises not only the direct implementation of the controls,but also the associated training and general security awareness programs for the organization.
A)True
B)False
Q3) The recommended controls need to be compatible with the organization's systems and policies.
A)True
B)False
Q4) The _________ controls focus on the response to a security breach,by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources.
Q5) _______ management is concerned with specifically keeping track of the configuration of each system in use and the changes made to each.
Q6) When the implementation is successfully completed,_______ needs to authorize the system for operational use.
Q7) A _________ on an organization's IT systems identifies areas needing treatment.
To view all questions and flashcards with answers, click on the resource link above. Page 17
Chapter 16: Physical and Infrastructure Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79966
Sample Questions
Q1) Physical security must prevent misuse of the physical infrastructure that leads to the misuse or damage of the protected information.
A)True
B)False
Q2) Unauthorized physical access can lead to other threats.
A)True
B)False
Q3) ________ security protects computer-based data from software-based and communication-based threats.
A)Infrastructure
B)Premises
C)Physical
D)Logical
Q4) To deal with the threat of smoke,the responsible manager should install _______ in every room that contains computer equipment as well as under raised floors and over suspended ceilings.
Q5) The most essential element of recovery from physical security breaches is ____.
Q6) The _______ authentication has an attendant supervise the use of the PIV card and the submission of the PIN and the sample biometric by the cardholder.
Page 18
To view all questions and flashcards with answers, click on the resource link above.
Chapter 17: Human Resources Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79965
Sample Questions
Q1) Having all of the security functions and audit responsibilities reside in the same person is a wise decision on the part of the organization.
A)True
B)False
Q2) ________ need training on the development of risk management goals,means of measurement,and the need to lead by example in the area of security awareness.
A)Executives
B)Analysts
C)Managers
D)Trainers
Q3) The principal problems associated with employee behavior are errors and omissions,_______,and actions by disgruntled employees.
Q4) ________ can include computer viruses,Trojan horse programs,worms,exploit scripts,and toolkits.
A)Artifacts
B)Vulnerabilities
C)CSIRT
D)Constituencies
To view all questions and flashcards with answers, click on the resource link above. Page 19
Chapter 18: Security Auditing
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79964
Sample Questions
Q1) Monitoring areas suggested in ISO 27002 include: authorized access,all privileged operations,unauthorized access attempts,changes to (or attempts to change)system security settings and controls,and __________.
Q2) ______ software is a centralized logging software package similar to,but much more complex than,syslog.
A)NetScan
B)McAfee
C)IPConfig
D)SIEM
Q3) ______ is the process of defining normal versus unusual events and patterns.
Q4) ________ audit trail traces the activity of individual users over time and can be used to hold a user accountable for his or her actions.
Q5) Audit trails are different from audit logs.
A)True
B)False
Q6) All UNIX implementations will have the same variants of the syslog facility.
A)True
B)False
Page 20
To view all questions and flashcards with answers, click on the resource link above.
Chapter 19: Legal and Ethical Aspects
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79963
Sample Questions
Q1) Any intangible asset that consists of human knowledge and ideas is _______.
A)cyber property
B)personal property
C)intellectual property
D)real property
Q2) ________ is a function that removes specific identifying information from query results,such as last name and telephone number,but creates some sort of unique identifier so that analysts can detect connections between queries.
A)Anonymization
B)Data transformation
C)Immutable audit
D)Selective revelation
Q3) ________ rights may be used to prevent others from using a confusingly similar mark,but not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark.
Q4) _______ refers to a system of moral principles that relates to the benefits and harms of particular actions,and to the rightness and wrongness of motives and ends of those actions.
Q5) The three types of patents are: utility patents,design patents,and ________.
To view all questions and flashcards with answers, click on the resource link above. Page 21
Chapter 20: Symmetric Encryption and Message
Confidentiality
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79961
Sample Questions
Q1) With ______ encryption each vulnerable communications link is equipped on both ends with an encryption device.
Q2) The exact substitutions and transformations performed by the algorithm depend on the ________.
A)ciphertext
B)decryption algorithm
C)secret key
D)encryption algorithm
Q3) There are _____ modes of operation defined by NIST that are intended to cover virtually all the possible applications of encryption for which a block cipher could be used.
A)three
B)five
C)seven
D)nine
Q4) It is possible to convert any block cipher into a stream cipher by using the cipher feedback (CFB)mode.
A)True
B)False
22
Q5) _________ is the process of attempting to discover the plaintext or key.
To view all questions and flashcards with answers, click on the resource link above.
Chapter 21: Public-Key Cryptography and Message
Authentication
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79960
Sample Questions
Q1) Versions of SHA,with hash value lengths of 256,384,and 512 bits, (SHA-256,SHA-384,and SHA 512)are collectively known as _________.
Q2) Unlike RSA,DSS cannot be used for encryption or key exchange.
A)True
B)False
Q3) The principal attraction of __________ compared to RSA is that it appears to offer equal security for a far smaller bit size,thereby reducing processing overhead.
A)ECC
B)MD5
C)Diffie-Hellman
D)none of the above
Q4) A __________ type of attack exploits properties of the RSA algorithm.
A)timing
B)brute-force
C)chosen ciphertext
D)mathematical
Q5) Four possible approaches to attacking the RSA algorithm are: brute force,timing attacks,_________ attacks,and chosen ciphertext attacks.
To view all questions and flashcards with answers, click on the resource link above. Page 23
Chapter 22: Internet Security Protocols and Standards
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79959
Sample Questions
Q1) The default algorithms used for encrypting S/MIME messages are the triple DES and a public-key scheme known as _______.
Q2) A signed data message can only be viewed by a recipient with __________ capability.
Q3) _________ is a specification for cryptographically signing e-mail messages,permitting a signing domain to claim responsibility for a message in the mail stream.
Q4) A security association is uniquely identified by three parameters: security parameter index,protocol identifier,and ________________.
Q5) Recipients without S/MIME capability can view the message content, although they cannot verify the signature. A)True
B)False
Q6) SMTP is used between the message user agent and the mail submission agent.
A)True
B)False
Q7) The SSL record protocol provides two services for SSL connection: message integrity and _________.
24
To view all questions and flashcards with answers, click on the resource link above.
Chapter 23: Internet Authentication Applications
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79958
Sample Questions
Q1) A principal element of an identity management system is _______.
A)workflow automation
B)delegated administration
C)authentication
D)all of the above
Q2) _______ is the process whereby a user first makes itself known to a CA prior to that CA issuing a certificate or certificates for that user.
A)Authorization
B)Registration
C)Certification
D)Initialization
Q3) _______ certificates are used in most network security applications,including IP security,secure sockets layer,secure electronic transactions,and S/MIME.
A)X.509
B)PKI
C)FIM
D)SCA
Q4) In a generic identity management architecture a ________ is an identity holder.
To view all questions and flashcards with answers, click on the resource link above. Page 25
Chapter 24: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79957
Sample Questions
Q1) The purpose of the discovery phase is for an STA and an AP to recognize each other,agree on a set of security capabilities,and establish an association for future communication using those security capabilities.
A)True
B)False
Q2) In most data-link control protocols,the data-link protocol entity is responsible not only for detecting errors using the CRC,but for recovering from those errors by retransmitting damaged frames.
A)True
B)False
Q3) Any device that contains an IEEE 802.11 conformant MAC and physical layer is a basic service set.
A)True
B)False
Q4) A wireless access point is a _______.
A)cell tower
B)Wi-Fi hot spot
C)wireless access point to a LAN or WAN
D)all of the above
Q5) Like TKIP,CCMP provides two services: message integrity and ________.
Page 26
To view all questions and flashcards with answers, click on the resource link above.