Q1. Which of the following
techniques is used to recover deleted files in digital forensics?
a. File carving
b. File hashing
c. File encryption
d. File wiping
ANSWER:
a.
File carving
EXPLANATION:
File carving is a technique used
in digital forensics to recover deleted or fragmented files by searching for
file signatures and assembling file fragments from unallocated disk space.
Q2. Which of the following best describes a Trojan horse?
a. A type of computer virus that spreads rapidly
b. Malicious software disguised as legitimate software
c. A security mechanism that prevents unauthorized access
d. A technique used to bypass network firewalls
ANSWER:
b.
Malicious software disguised as legitimate
software
EXPLANATION:
A Trojan horse is a type of malware that appears to perform
a desirable function for the user before exploiting the user's trust to perform
malicious actions.
Q3. Which of the following is an example of a volatile
artifact in Windows operating systems?
a. Registry hives
b. Event logs
c. Pagefile.sys
d. RAM contents
ANSWER:
d. RAM contents
EXPLANATION:
RAM contents are volatile and can contain valuable forensic
artifacts such as running processes, open network connections, and user
activity that may not be preserved on disk.
Q4. What is the purpose of data carving in digital
forensics?
a. To recover deleted files from storage devices
b. To analyse network traffic for signs of intrusion
c. To decrypt encrypted files during investigations
d. To create forensic images of storage devices
ANSWER:
a.
To recover deleted files from storage devices
EXPLANATION:
Data carving is a technique used to recover fragmented or
deleted files from storage devices by searching for file signatures and
assembling file fragments from unallocated disk space.
Q5. What is the purpose of volatile memory analysis?
a. To recover deleted files from volatile memory
b. To analyse the contents of non-volatile storage devices
c. To identify running processes and system state
d. To decrypt encrypted data during investigations
ANSWER:
c. To identify running processes and system state
EXPLANATION:
Volatile memory analysis involves
examining the contents of volatile memory (RAM) to identify running processes,
network connections, and other system state information during a specific point
in time.
Q6. What does the term “rootkit” refers to?
a. Malicious software that encrypts files and demands ransom
b. Malicious software that disguises its presence on a system
c. A security mechanism that prevents unauthorized access
d. A technique used to exploit vulnerabilities in network protocols
ANSWER:
b.
Malicious software that disguises its presence
on a system
EXPLANATION:
A rootkit is a type of malicious software designed to
conceal its presence or actions on a computer system, often granting
unauthorized access or control to the attacker.
Q7. Which of the following
viruses evade detection by using a sophisticated form of encryption?
a. Stealth virus
b. Multipartite virus
c. Companion virus
d. Polymorphic virus
ANSWER:
d. Polymorphic virus
EXPLANATION:
Polymorphic viruses are malicious
programs that evade detection by constantly changing their appearance. They
achieve this by using a sophisticated form of encryption to encrypt their code,
making each instance of the virus appear different while retaining its
malicious functionality. This encryption technique alters the virus's binary
pattern without changing its core functions, making it difficult for antivirus
software to detect and identify the virus based on signature matching alone.
Q8. Which of the following are the formats of output
images when created using FTK imager?
A. dd
B. EXIF
C. SMART
D. AFF
Codes
a. A, B and C only
b. A, B and D only
c. A, C and D only
d. B, C and D only
ANSWER:
b. A, B and D only
EXPLANATION:
FTK Imager, a forensic imaging tool, primarily supports the
following output image formats:
A. dd (Raw disk image format)
B. EXIF (Exchangeable Image File Format)
D. AFF (Advanced Forensic Format)
Q9. What is it called when someone changes the from
section of an email so that the message you receive appears to come from a
person other than the one who actually sent it?
a. Spam
b. DoS
c. Spoofing
d. Trapper
ANSWER:
c.
Spoofing
EXPLANATION:
Spoofing is the act of falsifying information to deceive
recipients into believing that a communication originates from a trusted source
when it does not.
Spam refers to unsolicited bulk emails, DoS (Denial of
Service) involves disrupting or disabling access to a network or system, and
"Trapper" is not a recognized term in the context of email spoofing.
Q10. The length of port
address in TCP/IP is
a. 4 bit long
b. 8 bit long
c. 32 bit long
d. 16 bit long
ANSWER:
d. 16 bit long
EXPLANATION:
In TCP/IP, the port address is a
16-bit integer, allowing for a range of possible port numbers from 0 to 65535.
This addressing scheme provides for the identification of specific services or
processes running on a networked device. Each network communication involves
both an IP address (identifying the device) and a port number (identifying the
service or process on that device).
![Questioned Documents MCQ's [Part-1]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL71SsXmya3L8e9N13bVpT_n6hbRcjFkmt8XTwZfmisAdlhzUaWivkxoNM8O6qPlWTTDN_2Yli--Lclk7yA-_Uc91Z0PIwSwUJusZS_c5_AjiKbTwuPJ5J4B7lfll6lKBkVwzvRUzH5XbooU586fbb43cl4Brye2bp8BhbbPHLXVidnkNlKjoawHjAOw/w72-h72-p-k-no-nu/Photo_1619876558586.png)
0 Comments