Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
- 3rd side (hint)
, after an intrusion has occurred and the intruder has been removed from the system which of the following is the best next step or action to take |
Backup all logs an audit regarding the incident |
|
|
Which of the following is important aspect of evidence gathering |
Backing up all log files and audit trails |
|
|
which method can be used to verify that a bit level image copy of a hard drive is an exact clone of the original hard drive collected as evidence |
Hashing |
|
|
The immediate preservation of evidence is paramount when conducting a forensic analysis which of the following actions is most likely to destroy critical evidence |
Rebooting the system |
|
|
How can a criminal investigator ensure the integrity of removable media device found while collecting evidence |
Create a checksum using a hashing algorithm |
|
|
You manage to network for you company you have recently discovered information on a computer hard drive that might indicate evidence of illegal activity you want to perform forensic activities on the best to see what kind of information it contains what should you do first |
Make a bit level copy of the disc |
|
|
During a recent site survey you find the ROUGE wireless access point on your network which of the following actions with you take first protect your network while still preserving evidence |
Disconnect the access point from the network |
|
|
You have discovered a computer that is connected to your network that was used for an attack you have disconnected computer from the network to isolate it from the network and stop the attack what should you do next |
Perform a memory dump |
|
|
When conducting a forensic investigation in assuming that the attack has been stopped which of the following actions would you perform first |
Document what's on the screen |
|
|
From most to least volatile |
From most to least |
|
|
Best definition of security incident |
|
|
|
When conducting a forensic investigation which of the following initial actions is appropriate for preserving evidence |
Document what's on the screen |
|
|
What is most important element related to evidence in addition to the evidence itself |
Chain of Custody documents |
|
|
,chain of custody is used for what purpose |
Listing people coming into contact with evidence |
|
|
You have been asked to draft a document related to evidence gathering that contains details about personal and professional in control of evidence from the time of discovery up through the time of presentation in court what type of document is it,? |
Chain of custody |
|