Question 1

Which of the following is a database in which information about every file and directory on an NT File

System (NTFS) volume is stored?

Options :

A :

Volume Boot Record

B :

Master Boot Record

C :

GUID Partition Table

D : Master File Table

Answer: D

Question 2

Jacob is a computer forensics investigator with over 10 years of experience in investigations and has written

over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy

and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used

for Jacob’s testimony in this case?

Options :

A : Certification

B : Justification

C : Reiteration

D : Authentication

Answer: D

Question 3

When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.

Options :

A : Hard Drive Failure

B : Scope Creep

C : Unauthorized expenses

D : Overzealous marketing

Answer: B

Question 4

You have compromised a lower-level administrator account on an Active Directory network of a small

company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the

Domain Controllers on port 389 using ldp.exe. What are you trying to accomplish here?

Options :

A :

Poison the DNS records with false records

B :

Enumerate MX and A records from DNS

C :

Establish a remote connection to the Domain Controller

D :

Enumerate domain user accounts and built-in groups

Answer: D

Question 5

An executive has leaked the company trade secrets through an external drive. What process should the

investigation team take if they could retrieve his system?

Options :

A :

Postmortem Analysis

B :

Real-Time Analysis

C : Packet Analysis

D :

Malware Analysis

Answer: A