Correct 1. You can use ____ to boot to Windows without writing any data to the evidence dis k.

A) a SCSI boot up disk B) a Windows boot up disk C) a write-blocker D) Windows XP Points Earned: 5.0/5.0 Correct Answer(s): C Correct 2. Computer investigations and forensics fall into the same category: public invest igations. A) True B) False Points Earned: 5.0/5.0 Correct Answer(s): B Correct 3. ____ investigations typically include spam, inappropriate and offensive message content, and harassment or threats. A) VPN B) Internet C) E-mail D) Phone Points Earned: 5.0/5.0 Correct Answer(s): C Correct 4. In the Pacific Northwest, ____ meets monthly to discuss problems that law enforc ement and corporations face. A) IACIS B) CTIN C) FTK D) FLETC Points Earned: 5.0/5.0 Correct Answer(s): B Correct 5. Without a warning banner, employees might have an assumed ____ when using a comp any s computer systems and network accesses. A) line of authority B) right of privacy C) line of privacy D) line of right Points Earned: 5.0/5.0 Correct Answer(s): B Correct 6. Corporations often follow the ____ doctrine, which is what happens when a civili an or corporate investigative agent delivers evidence to a law enforcement offic er. A) silver-tree B) gold-tree

C) silver-platter D) gold-platter Points Earned: 5.0/5.0 Correct Answer(s): C Correct 7. The law of search and seizure protects the rights of all people, excluding peopl e suspected of crimes. A) True B) False Points Earned: 5.0/5.0 Correct Answer(s): B Correct 8. A bit-stream image is also known as a(n) ____. A) backup copy B) forensic copy C) custody copy D) evidence copy Points Earned: 5.0/5.0 Correct Answer(s): B Correct 9. A bit-stream copy is a bit-by-bit duplicate of the original disk. You should use the original disk whenever possible. A) True B) False Points Earned: 5.0/5.0 Correct Answer(s): B Correct 10. The affidavit must be ____ under sworn oath to verify that the information in th e affidavit is true. A) notarized B) examined C) recorded D) challenged Points Earned: 5.0/5.0 Correct Answer(s): A Correct 11. A ____ is a bit-by-bit copy of the original storage medium. A) preventive copy B) recovery copy C) backup copy D) bit-stream copy Points Earned: 5.0/5.0 Correct Answer(s): D Correct 12. Use ____ to secure and catalog the evidence contained in large computer componen ts. A) Hefty bags B) regular bags

C) paper bags D) evidence bags Points Earned: 5.0/5.0 Correct Answer(s): D Correct 13. The ____ group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime. A) network intrusion detection B) computer investigations C) incident response D) litigation Points Earned: 5.0/5.0 Correct Answer(s): B Correct 14. A(n) ____ helps you document what has and has not been done with both the origin al evidence and forensic copies of the evidence. A) evidence custody form B) risk assessment form C) initial investigation form D) evidence handling form Points Earned: 5.0/5.0 Correct Answer(s): A Correct 15. In any computing investigation, you should be able to repeat the steps you took and produce the same results. This capability is referred to as ____. A) checked values B) verification C) evidence backup D) repeatable findings Points Earned: 5.0/5.0 Correct Answer(s): D Correct 16. When you write your final report, state what you did and what you ____. A) did not do B) found C) wanted to do D) could not do Points Earned: 5.0/5.0 Correct Answer(s): B Correct 17. You cannot use both multi-evidence and single-evidence forms in your investigati on. A) True B) False Points Earned: 5.0/5.0 Correct Answer(s): B Correct 18. It s the investigator s responsibility to write the affidavit, which must include __

__ (evidence) that support the allegation to justify the warrant. A) litigation B) prosecution C) exhibits D) reports Points Earned: 5.0/5.0 Correct Answer(s): C Correct 19. By the early 1990s, the ____ introduced training on software for forensics inves tigations. A) IACIS B) FLETC C) CERT D) DDBIA Points Earned: 5.0/5.0 Correct Answer(s): A Correct 20. To conduct your investigation and analysis, you must have a specially configured personal computer (PC) known as a ____. A) mobile workstation B) forensic workstation C) forensic lab D) recovery workstation Points Earned: 5.0/5.0 Correct Answer(s): B