FINAL ASSESSMENT TEST QUESTION BANK
1. The program that is typically started after the BIOS performing the initial power, hardware
device checks and tests is -----
a) Boot loader b) Operating system c) System Operations d) None
2. ……………… is the software which allows to run multiple operating systems on a server.
a) Multi user operating systems b) Guest operating system c) Hypervisor d) None
3. ………… is a type of malware which triggers on such as a specific date & time.
a) Trojan Horse b) Logic bomb c) Virus d) Keylogger
4. ……………… is a type of surveillance software that once installed on a systemhas the
capability to record every keystroke made on that system. The recording is saved in a log file,
usually encrypted.
a) Trojan Horse b) Logic bomb c) Virus d) Keylogger
5.WPA2 provides users with stronger data protection and network access control by using
……… encryption algorithm.
a) RC4-CCMP b) RC4-TKIP c) AES-CCMP d) AES-TKIP
6. From the following name the factors which affect the network performance?
a) Number of Users b) Type of transmission medium
c) Hardware & Software d) All of the above
7. __________is known as volatile memory.
a) RAM b) CD-ROM c) Hard disk d) USB
8. Which process eliminates the possibility of data recovery of hard disk?
a) Formatting b) Deleting c) Wiping d) None of these
9. OS clusters without allocating to any file are known as ___________.
a) Lost clusters b) Bad clusters c) Empty clusters d) Unused clusters
[Link] ______ protocol is based on end-to-end delivery.
a) SCTP b) TCP c) SMTP d) DCCP
11. A______________ attack is based on dictionary attack method by adding numbers and
symbols to dictionary words.
a) Brute forcing attack b) Hybrid attack c) Syllable attack d) Rule-based attack
12. For mac filtering ___________ is assigned to each network card to determine access to the
network.
a) 16-bit address b) 24-bit address c) 32-bit address d) 48-bit address
13. …………..is a command used to display the name of operating system for Linux/Unix based
operating system.
a) OS b) Unix c) Kernel d) uname
14. Which layer is responsible for packet-forwarding?
a) Transport layer b) Network layer c) Application layer d) Session layer
15. In layer 3 firewall works as a
a) Frame filter b) Packet filter
c) Both frame filter and packet filter d) None of the mentioned
16. ………………. accomplish by flooding the target with traffic that triggers a crash.
a) Denial-of-Service attack b) Virus attack c) Worms attack d) Botnet process
17. PGP is generally used to provide ……………
a) Browser security b) Email security c) FTP security d) None of the mentioned
18. …………… protocol is not used in VPN operations.
a) PPTP b) IPsec c) YMUM d) L2TP
19. Where does the IDS sensor has to be placed in order to give productive result?
a) Inside the firewall b) Outside the firewall
c) Both inside and outside the firewall d) Neither inside the firewall nor outside the firewall
20. ……………………………. is a methodology where DNS server accepts & uses incorrect
info from a host.
a) DNS lookup b) DNS hijacking c) DNS spoofing d) None of the mentioned
21. Which port is used to connect to the active directory in Windows Server?
a) 80 b) 445 c)139 d)389
22. In windows environment, ……………….. is a command used to access the ARP tables.
a) C:\arp –a b) C:\arp –d c)C:\arp –s d)C:\arp -b
[Link] command is used to obtain information about available active sessions on other
systems while investigating web attacks in a Windows Server?
a) Net sessions b) Net use c) Net config d) Net share
24. When a system is powered off, what information is lost?
a) Data in RAM memory b) Running processes
c) Current running processes d) All the above
25. Web applications give a graphical interface between users and web servers through web
pages.
a) True b) False
26. While investigating a case if you find that the DNS packets are being transmitted within the
network from a non-registered IP then the type of attack is called__________.
a) DNS Poisoning b) Cookie poisoning attack c) DNS Redirection d) Session poisoning
27. Which of the following can be considered as an aspect of organizational security?
a) Biometric information security b) Security from frauds
c) Application security d) Information copyright security
28. What program is used by an attacker to obtain admin access in a compromised system?
a) Bot b) Virus c) Rootkit d) Trojan
29. Log management will include all those processes that use to collect all system generated
messages.
a) True b) False
[Link] trying to manipulate the files with (../) notation is known as_____.
a) Directory traversal b) SQL Injection c) XSS attack d) File injection
31. Email client connects to the POP3 server at _______________by default to pull the mails.
a) Port 109 b) Port 110 c) Port 115 d) Port 143
32. An unauthorized access point is not authorized for operation by a particular firm or network.
a) True b) False
33. ------------- device that enables network packet routing as well as access point in LAN.
a) Wireless router b) Wireless modem c) Antenna d) Mobile station
34. ………………… attack allows an attacker to modify the target process's address space in
order to control the process execution.
a) Buffer overflow b) XSS Scripting c) CSRF d) None of these
35. ……………….... attack refers to sending huge volumes of email to an address in an attempt
to overflow the mailbox.
a) Email spamming b) Mail bombing c) Phishing d) Email spoofing
36. Syslog server provides a -------------platform to manage, access and monitor logs from local
system as well as remote systems.
a) TCP b) FTP c) SMTP d) POP
37. Which log contains records of login/logout activity and security related events?
a) Operating System (OS) logs b) Application logs c) Security logs d) Audit logs
38. …………………. passwords are sent over the wired or wireless network or stored on some
media as it is typed without any alteration.
a) Clear text b) Obfuscated c) Hashed d) Hex
39. ………………… networkbasedattack that refersto aprocess in which the attacker changes his
IP so that he can appear to be someone else.
a) IP address spoofing b) Man-in-the-middle attack
c) Denial of Service attack d) Session sniffing
40. …………………. data compression technique maintains data integrity.
a) Lossless compression b) Lossy compression
c) Speech encoding compression d) Lossy video compression
41. Which of the following is not suitable for first responder?
a) Identify and analyze the crime scene
b) Protect and secure the crime scene
c) Package and transport the electronic evidence to forensics lab
d) Prosecute the suspect in court of law
42. ……………..reports are delivered under oath to higher management of an organization.
a) Written informal Report b) Verbal Formal Report
c) Written Formal Report d) Verbal Informal Report
43. Identify the attack from following sequence of actions?
Step 1: A user logs into a trusted site and creates a new session
Step 2: The trusted site stores a session identifier for the session in a cookie in the web browser
Step 3: The user is tricked to visit a malicious site
Step 4: The malicious site sends a request from the user's browser using his session cookie
a) Web Application Denial-of-Service (DoS) Attack b) Security Misconfiguration
c) Cross-Site Request Forgery (CSRF) Attack d) Hidden Field Manipulation
44. __________refers to establishing the routes that data packets take on their way to a particular
destination.
a) Switching b) Routing c) Hub d) Broadcasting
45. Which type of correlation will you use if your organization wants to use different OS and
networkhardware platforms throughout the network?
a) Same platform correlation b) Cross platform correlation
c) Multiple platform correlation d) Network platform correlation
46. ……………………….. is a technique to achieve integrity of logs.
a) Encryption b) Correlation c) Event Log hashing d) All of the above
47. ___________ is a flexible and highly scalable system logging application that is ideal for
creating centralized and trusted logging solutions.
a) Syslog-ng b) Security Log c) Event Log d) None of these
48. …………. is a type of cross site scripting.
a) Stored b) Reflected c) DOM-based d) All the above
[Link] Management requires ……………………….
a) Agreement on incident statuses, categories, and priorities
b) Establishment of a major incident response process
c) Agreement on incident management role assignment
d) All the Above
50. Which of the following refers to the forging of the return address on an e-mail so that the e-
mailmessage appears to come from someone other than the actual sender?
a) Spoofing b) Redacting c) Spamming d) Pharming
51. MMC stands for ……………… card.
a) Mobile Media b) Multi Media
c) Mobile Message d) Media Mass storage
52. …………………………. ID audits the events that occur on a specific host.
a) Network-based intrusion detection b) Host-based intrusion detection
c) Log file monitoring d) File integrity checking
53. Data is stored into the ……… of the mobile device.
a) NAND Flash Memory b) AND Flash Memory
c) NOR Flash Memory d) SD card
54. A ___________ involves recording the physical observation of the gates on a NAND or
NOR chip with the use of an electron microscope.
a) Micro Read extraction b) Chip-Off extraction
c) File System extraction d) Logical extraction
55. Once installed on a device, each Android application lives in_______.
a) Device memory b) External memory
c) Security sandbox d) None of the above
56. Which one is not a nickname of a version of Android?
a) Froyo b) Gingerbread c) Eclairs d) Donut
57. The early FM based push-to-talk telephone systems were used in
a) Simplex mode b) Half duplex mode
c) Full duplex mode d) None of the above
58. ……………. is an extension for iOS applications.
a) .ipa b) .apk c) .exe d) .jpg
59. IMSI stands for……………………
a) International Mobile Subscriber Identity b) Internet Module Subscriber Identity
c) International Mobile Sim Identity d) None of these
60. From the following which can we consider as a continuity strategy plan?
a) Business continuity plan, Disaster recovery plan and Incident response plan
b) Incident recovery plan, Incident response plans, Incident plans
c) Incident detection plans, Incident reaction plan, Incident Recovery plan
d) Incident containment strategies plan, Incident detection plan, Incident reaction plan
61. Data backup is defined as ---------
a)It saves all the data prior to the incident and restores when any incident occurred
b) Retrieving the data when an unforeseen event occurred
c) Both A&B
d) None of the Above
62. In the LAN during the troubleshooting process a network interface port has collision detection
and carrier sensing enabled on a shared twisted pair network. The network interface port is about
a) The ethernet port operating at half duplex
b) Switch port is 10mb/s
c) In a Pc the port is on network interface card
d) The ethernet port operating at full duplex
63. Which allows to create a multiple logical network that exists within a single class?
a) Network mask b) Subnetting c) IP address d) None
64. In a connectivity problem on the network while troubleshooting, the ping command is issued
frompc command prompt but the output shows "request times out". The problem is associated in
which OSI layer.
a)The access layer b) The data link layer c) The network layer d) The application layer
65. _______________ is the abnormal activity on servers and endpoints that may be signs of
compromise, intrusion, or ex-filtration of data.
a) Threat Intelligence b) Threat hunting c) Cyber Security d) None of these
66. Which typically involves an investigation after there has been a warning of a potential threat
or anincident has occurred?
a) SIEM b) Firewalls c) Intrusion Detection systems d) All the above
67. What is the benefit of SOCs to organizations?
a) It allows for holistic, proactive approaches involving the whole organization
b) It gives management a clearer oversight of the threat
c) A company can put all of the cybersecurity skills in one place
d) It cuts costs for the business
68. Information Security audit tool is used to ensure
a) Safety and integrity of information and sensitive data
b) Measure an information system's performance against a list of criteria
c) To determine the security of an organization's information
d) All of the above
69. DHCP can be abbreviated as:
a) Dynamic host protocol b) Dynamic host configuration protocol
c) Dynamic hyper control protocol d) Dynamic hyper configuration protocol
70. Identify false statement
a) You can find deleted files in recycle bin
b) You can restore any files in recycle bin if you ever need
c) You can increase free space of disk by sending files in recycle bin
d) You can right click and choose Empty Recycle Bin to clean it at once
71. Which of the following contains records that corresponds to each deleted file in the recycle
bin?
a) INFO2 file b) INFO1 file c) LOGINFO2 file d) LOGINFO1 file
72. Which statement is true regarding Logical Imaging?
a) It can be used to recover only deleted data
b) It can be used to recover existing data
c) It can be used to recover existing and non existing data
d) It cannot be used to recover any data
73. Hashing of malware is known as ________.
a) Fingerprinting b) Digital mark c) Watermark d) None
74. RAM slack refers to --------------
a) End of the file to end of cluster b) End of the file to end of sector
c) End of the sector to end of the cluster d) All the above
75. Exif Viewer is used for
a) Viewing Images b) View Image Metadata
c) Image enhancement d) Detect morphed Images
76. Which of the following is an open source disk imaging tool?
a) FTK Imager b) Forensic Falcon c)Data Recovery System(DRS) d) None
77. Which of the following registry hive is incorrect?
a) HKEY_CURRENT_CONFIG b) HKEY_CURRENT_USER
c) HKEY_CLASSES_CONFIG d) HKEY_LOCAL_MACHINE
78. Which of the following is a commercial disk analysis tool?
a) Autopsy b) FTK 6.0 c) Imager Toolkit d) Recuva
79. ……………..is used to prevent any changes that may take place in the handheld device by
receiving a signal.
a) Faraday Bag b) Aluminum Foil c) Sponge d) None
80. Which of the following is a commercial Mobile Device Analysis Tool?
a) UFED b) Mobile Edit c) FTK Imager d) Nessus
81. Capturing packets from the network and reading the data content of any type of information
is known as ------
a) Phishing b) Eavesdropping c) Exploits d) Denial of service
82. ………………. is a technique to examine the cell tower details
a) CDR Analysis b) Log Analysis c) N/W Monitoring d) Cyber Intelligence
83. ………… is a shortcut that we use to check IMEI no of the device.
a) *#0000# b) *#06# c) *#06*# d) *#06#*
84. .………………. is an open source tool to examine the volatile memory.
a) Volatility b) DumpIt c) FTK Imager d) XRY
85. …………..is a package of more than 180 portable freeware utilities for Windows operating
system.
a) XRY Kit b) NirLauncher c) Imager Lite d) WinUFO
86. ………………………… is the operating system which is specially developed for the Digital
Forensics investigation purpose.
a) Helix b) DEFT c) Both (a) & (b) d) None
87. …………… is a hardware tool which we use for hard disk cloning purpose.
a) Super Imager Media Clone b) Image Master Solo4 c) Both (a) & (b) d) None
88. Write blocker allows …………… permissions.
a) Only Read b) Read & Write c) Write & Execute d) Read & Execute
89. What is the most significant legal issue in Computer Forensics?
a) Preserving evidence b) Seizing evidence
c) Admissibility of evidence d) Discovery of evidence
90. Which of the following is not a property of computer evidence?
a) Authentic and Accurate b) Complete and Convincing
c) Duplicated and Preserved d) Conform and Human Readable
91. Which of the following practice is not a dead forensics practice ?
a) Cloning b)Ram dump c) Imaging d) Chip-off technique
92. A software that draws the user information without user consent and forwards to some other
entity is known to be ____________
a)Backdoor b) Spyware c) Worm d)None of Above
93. Which of the following is a class of P2P network?
a) Structured network b) Centralized network c) Decentralized network d) None of these
94. If a computer is infected by a bot then the system is considered to be a
___________________.
a) Dirty Bot b) Zombie c) Both (a) & (b) d) None
95. Which of the following technique is used to prove the integrity of technical evidence?
a) a password authentication b) a hash analysis
c) disk to disk verification d) None of the above
96. Which of the following is a kind of computer crime?
a) Computer-related b) Computer-specific c) File related d) Both (a) & (b)
97. Which of the following technique is used by the user to authenticate once without any
otherregistration?
a) OpenID b) Sign-on system
c) Security Assertion Markup Language (SAML) d) Virtual Private Database (VPD)
98. In which of the following process the extracted copy performs all the functions as original?
a) Cloning b) Imaging c) Both d) None of above
99. Which of the following standard supports maximum speeds?
a)802.11a b) 802.11ac c) 802.11b d)802.11g
100. Which legal document allows the law enforcement to explore the place relating to an
alleged crime?
a) Bench warrant b) Wire tap c) Subpoena d) Search warrant
