Question 1: Which of the following is NOT the expected technology used in Data Centre?
A. Server uses Linux or Unix operating system.
B. May use Windows 98 as email server.
C. May use virtualization technology.
D. Database may be on a separate server.
Solution: May use Windows 98 as email server.
Question 2: A disk-to-disk copy acquisition method is required due to the following reasons:
(i) Hardware or software errors
(ii) Hardware or software incompatibilities
(iii) To acquire older drives
(iv) To capture only specific files of interest to the case
A. (ii), (iii) and (iv)
B. (i), (ii) and (iii)
C. (i), (ii) and (iv)
D. (i), (iii) and (iv)
Solution: (i), (ii) and (iii)
Question 3: Static acquisition is the process of acquiring data from a hard drive that remains unaltered when the system is powered off or shutdown. This acquisition type is performed due to the following reasons, EXCEPT:
A. Non-critical systems that can be shut down
B. Volatile data is more important than deleted files
C. Deleted files are more important than volatile data
D. The memory does not contains important data
Solution: Volatile data is more important than deleted files
Question 4: A deleted file is any file that has been ________ erased from the file system but may still remain ________ on storage media.
A. physically; logically
B. physically; forensically
C. logically; physically
D. logically; forensically
Solution: logically; physically
Question 5: To acquire RAID disks, you need to determine the _____ of RAID and which acquisition _____ to use.
A. type; tool
B. location; type
C. location; size
D. size; tool
Solution: type; tool
Question 6: Which of the following is NOT the expected exhibit that can be found at home?
A. Laptop
B. Wireless router
C. Desktop computer
D. RAID server
Solution: RAID server
Question 7: What is the biggest concern when acquiring data from a RAID server?
A. Size
B. Firewall program
C. Access permissions
D. Data transfer speeds
Solution: Size
Question 8: Live acquisition is the process of acquiring data from a running computer (already powered on when encountered at a crime scene) that would be lost when it powered off. This acquisition type is performed due to the following reasons, EXCEPT:
A. Deleted files are more important than volatile data.
B. Volatile data is more important than deleted files.
C. The memory contains important data.
D. Business-critical systems that cannot be shut down.
Solution: Deleted files are more important than volatile data.
No comments:
Post a Comment