Introduction to Information Security Final
Exam
Course Introduction
Introduction to Information Security offers a comprehensive overview of the foundational concepts, principles, and practices essential for protecting information assets in todays digital world. This course explores key topics such as confidentiality, integrity, and availability, as well as threats, vulnerabilities, and common attack vectors. Students will learn about security technologies, cryptography basics, risk management, security policies, and incident response strategies. Through real-world examples and case studies, the course emphasizes the importance of ethical behavior, legal considerations, and best practices in safeguarding digital information across various environments.
Recommended Textbook Guide to Computer Forensics and Investigations 4th Edition by Bill Nelson
Available Study Resources on Quizplus
16 Chapters
768 Verified Questions
768 Flashcards
Source URL: https://quizplus.com/study-set/1690
Page 2
Chapter 1: Computer Forensics and Investigations As a Profession
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33478
Sample Questions
Q1) To be a successful computer forensics investigator, you must be familiar with more than one computing platform.
A)True
B)False
Answer: True
Q2) In addition to warning banners that state a company's rights of computer ownership, businesses should specify a(n) ____ who has the power to conduct investigations.
A) authorized requester
B) authority of line
C) line of right
D) authority of right
Answer: A
Q3) ____________________ involves obtaining and analyzing digital information for use as evidence in civil, criminal, or administrative cases.
Answer: Computer forensics
Q4) The ____________________ provides a record of clues to crimes that have been committed previously.
Answer: police blotter
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Understanding Computer Investigations
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33479
Sample Questions
Q1) also known as a computer forensics workstation
A)FTK's Internet Keyword Search
B)Data recovery
C)Free space
D)Interrogation
E)Forensic workstation
F)Norton DiskEdit
G)MS-DOS 6.22
H)Multi-evidence form
I)Self-evaluation
Answer: E
Q2) Chain of custody is also known as chain of evidence.
A)True
B)False
Answer: True
Q3) You cannot use both multi-evidence and single-evidence forms in your investigation.
A)True
B)False
Answer: False
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: The Investigators Office and Laboratory
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33480
Sample Questions
Q1) In the ____, you justify acquiring newer and better resources to investigate computer forensics cases.
A) risk evaluation
B) business case
C) configuration plan
D) upgrade policy
Answer: B
Q2) If damage occurs to the floor, walls, ceilings, or furniture on your computer forensics lab, it does not need to be repaired immediately.
A)True
B)False
Answer: False
Q3) ____ was created by police officers who wanted to formalize credentials in computing investigations.
A) HTCN
B) NISPOM
C) TEMPEST
D) IACIS
Answer: D
To view all questions and flashcards with answers, click on the resource link above.
Page 5
Chapter 4: Data Acquisition
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33481
Sample Questions
Q1) Dr. Simson L. Garfinkel of Basis Technology Corporation recently developed a new open-source acquisition format called ____________________.
Q2) If your time is limited, consider using a logical acquisition or ____ acquisition data copy method.
A) lossless
B) disk-to-disk
C) sparse
D) disk-to-image
Q3) Linux ISO images are referred to as ____.
A) ISO CDs
B) Live CDs
C) Forensic Linux
D) Linux in a Box
Q4) Typically, a(n) ____ acquisition is done on a computer seized during a police raid, for example.
A) live
B) online
C) real-time
D) static
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Processing Crime and Incident Scenes
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33482
Sample Questions
Q1) One technique for extracting evidence from large systems is called ____.
A) RAID copy
B) RAID imaging
C) large evidence file recovery
D) sparse acquisition
Q2) fingerprints can be tested with these systems
A)Innocent information
B)AFIS
C)EnCase Enterprise Edition
D)FOIA
E)IOCE
F)Low-level investigations
G)Hearsay
H)Spector
I)HAZMAT
Q3) Some computer cases involve dangerous settings. For these types of investigations, you must rely on the skills of _________________________ teams to recover evidence from the scene.
Q4) How can you secure a computer incident or crime scene?
Q5) Briefly describe the process of obtaining a search warrant.
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Working With Windows and Dos Systems
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33483
Sample Questions
Q1) The type of file system an OS uses determines how data is stored on the disk.
A)True
B)False
Q2) How can you make sure a subject's computer boots to a forensic floppy disk or CD?
Q3) How are disk clusters numbered by Microsoft file structures?
Q4) When Microsoft introduced Windows 2000, it added built-in encryption to NTFS called ____.
A) EFS
B) VFAT
C) LZH
D) RAR
Q5) ____ refers to the number of bits in one square inch of a disk platter.
A) Head skew
B) Areal density
C) Cylinder skew
D) ZBR
Q6) On Windows and DOS computer systems, the ____________________ stores information about partitions on a disk and their locations, size, and other important items.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Current Computer Forensics Tools
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33484
Sample Questions
Q1) ____ can be software or hardware and are used to protect evidence disks by preventing you from writing any data to the evidence disk.
A) Drive-imaging
B) Disk editors
C) Workstations
D) Write-blockers
Q2) The Windows platforms have long been the primary command-line interface OSs.
A)True
B)False
Q3) command-line disk acquisition tool from New Technologies, Inc.
A)JFIF
B)Lightweight workstation
C)Pagefile.sys
D)Salvaging
E)Raw data
F)PDBlock
G)Norton DiskEdit
H)Stationary workstation
I)SafeBack
Q4) Explain the validation of evidence data process.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Macintosh and Linux Boot Processes and File Systems
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33485
Sample Questions
Q1) With Mac OSs, a system application called ____ tracks each block on a volume to determine which blocks are in use and which ones are available to receive data.
A) Extents overflow file
B) Volume Bitmap
C) Master Directory Block
D) Volume Control Block
Q2) Explain the use of B*-trees on Mac OS 9 file system.
Q3) groups of contiguous allocation blocks
A)File Manager
B)Inode blocks
C)ISO 9660
D)LILO
E)Clumps
F)Volume
G)ls
H)Catalog
I)Finder
Q4) GPL and BSD variations are examples of open-source software.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Computer Forensics Analysis and Validation
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33486
Sample Questions
Q1) AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data.
A) KFF
B) PKFT
C) NTI
D) NSRL
Q2) ____ search can locate items such as text hidden in unallocated space that might not turn up in an indexed search.
A) Online
B) Inline
C) Active
D) Live
Q3) For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses.
A)True
B)False
Q4) What are the basic guidelines to identify steganography files?
Q5) FTK provides two options for searching for keywords: indexed search and ____________________ search.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Recovering Graphics Files
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33487
Sample Questions
Q1) In the following list, ____ is the only steg tool.
A) EnCase
B) iLook
C) DriveSpy
D) Outguess
Q2) With many computer forensics tools, you can open files with external viewers.
A)True
B)False
Q3) are also called steg tools
A)Pixels
B)Hex Workshop
C)Adobe Illustrator
D)Microsoft Office Picture Manager
E)JPEG
F)Steganalysis tools
G)GIMP
H)XIF
I)Metafile graphics
Q4) Give a brief overview of copyright laws pertaining to graphics within and outside the U.S.
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Virtual Machines, Network Forensics, and Live Acquisitions
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33488
Sample Questions
Q1) ____ is the text version of Ethereal, a packet sniffer tool.
A) Tcpdump
B) Ethertext
C) Etherape
D) Tethereal
Q2) ____ hide the most valuable data at the innermost part of the network.
A) Layered network defense strategies
B) Firewalls
C) Protocols
D) NAT
Q3) Most packet sniffer tools can read anything captured in ____ format.
A) SYN
B) DOPI
C) PCAP
D) AIATP
Q4) ____________________ logs record traffic in and out of a network.
Q5) Explain The Auditor tool.
Q6) When are live acquisitions useful?
Q8) What are some of the tools included with Knoppix STD? Page 13
Q7) Why is testing networks as important as testing servers?
To view all questions and flashcards with answers, click on the resource link above.
Page 14
Chapter 12: E-Mail Investigations
Available Study Resources on Quizplus for this Chatper
48 Verified Questions
48 Flashcards
Source URL: https://quizplus.com/quiz/33489
Sample Questions
Q1) GroupWise has ____ ways of organizing the mailboxes on the server.
A) 2
B) 3
C) 4
D) 5
Q2) To view AOL e-mail headers click Action, ____ from the menu.
A) More options
B) Message properties
C) Options
D) View Message Source
Q3) You can send and receive e-mail in two environments:via the ____________________ or an intranet (an internal network).
Q4) Administrators usually set e-mail servers to ____________________ logging mode.
Q5) Briefly explain how to use AccessData FTK to recover e-mails.
Q6) Vendor-unique e-mail file systems, such as Microsoft .pst or .ost, typically use ____________________ formatting, which can be difficult to read with a text or hexadecimal editor.
Q7) What are the steps for viewing e-mail headers in Hotmail?
Q8) What are the steps for retrieving e-mail headers on Pine?
Q9) Explain how to handle attachments during an e-mail investigation. Page 15
To view all questions and flashcards with answers, click on the resource link above.
Page 16
Chapter 13: Cell Phone and Mobile Device Forensics
Available Study Resources on Quizplus for this Chatper
37 Verified Questions
37 Flashcards
Source URL: https://quizplus.com/quiz/33490
Sample Questions
Q1) proprietary protocol developed by Motorola
A)CDMA
B)iDEN
C)EDGE
D)ROM
Q2) Many people store more information on their cell phones than they do on their computers.
A)True
B)False
Q3) What is the bandwidth offered by 3G mobile phones?
Q4) The ____ network is a digital version of the original analog standard for cell phones.
A) TDMA
B) EDGE
C) CDMA
D) D-AMPS
Q5) Global System for Mobile Communications (GSM) uses the ______________________ technique, so multiple phones take turns sharing a channel.
Q6) Identify and define three kinds of peripheral memory cards used with PDAs.
Q7) Identify several uses of SIM cards.
To view all questions and flashcards with answers, click on the resource link above. Page 17
Chapter 14: Report Writing for High-Tech Investigations
Available Study Resources on Quizplus for this Chatper
48 Verified Questions
48 Flashcards
Source URL: https://quizplus.com/quiz/33491
Sample Questions
Q1) a witness testifying to personally observed facts
A)Decimal numbering
B)Lay witness
C)FTK
D)Examination plan
E)Signposts
F)Verbal report
G)Spoliation
H)Conclusion section
I)MD5
Q2) Explain how hypothetical questions can be used to ensure that you as a witness are basing your opinion on facts expected to be supported by evidence.
Q3) Explain how to use supportive material on a report.
Q4) As with any research paper, write the report abstract last.
A)True
B)False
Q5) Lawyers use services called _________________________ (libraries), which store examples of expert witnesses' previous testimony.
Q6) Briefly explain how to limit your report to specifics.
To view all questions and flashcards with answers, click on the resource link above. Page 18
Chapter 15: Expert Testimony in High-Tech Investigations
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33492
Sample Questions
Q1) The ____ is the most important part of testimony at a trial.
A) cross-examination
B) direct examination
C) rebuttal
D) motions in limine
Q2) What are the procedures followed during a trial?
Q3) ____ evidence is evidence that exonerates or diminishes the defendant's liability.
A) Rebuttal
B) Plaintiff
C) Inculpatory
D) Exculpatory
Q4) What are some of the questions you should consider when preparing your testimony?
Q5) Explain the differences between discovery deposition and testimony preservation deposition.
Q6) What should you do when preparing for testimony?
Q7) What should you do when you find exculpatory evidence?
Q8) The ______________________ of evidence supports the integrity of your evidence.
Q9) What are some of the reasons to avoid contact with news media during a case? Page 19
To view all questions and flashcards with answers, click on the resource link above.
Page 20
Chapter 16: Ethics for the Expert Witness
Available Study Resources on Quizplus for this Chatper
35 Verified Questions
35 Flashcards
Source URL: https://quizplus.com/quiz/33493
Sample Questions
Q1) Attorneys search ____ for information on expert witnesses.
A) disqualification banks
B) deposition banks
C) examination banks
D) cross-examination banks
Q2) The ABA's ____ contains provisions limiting the fees experts can receive for their services.
A) Code 703
B) Model Code
C) Rule 26
D) Code 26-1.a
Q3) Some attorneys contact many experts as a ploy to disqualify them or prevent opposing counsel from hiring them; this practice is called "____________________."
Q4) The ____ has stated that, unlike attorneys, expert witnesses do not owe a duty of loyalty to their clients.
A) ISFCE
B) IACIS
C) ABA
D) HTCIA
To view all questions and flashcards with answers, click on the resource link above. Page 21