Top 250+ Solved Information Cyber Security (ICS) MCQ Questions Answer
Q. An investigation can be hindered by the following:
a. preconceived theories
b. improperly handled evidence
c. offender concealment behavior
d. all of the above
Q. Forensic analysis involves the following:
a. assessment, experimentation, fusion, correlation, and validation
b. seizure and preservation
c. recovery, harvesting, filtering, organization, and search
d. all of the above
Q. The first step in applying the scientific method to a digital investigation is to:
a. form a theory on what may have occurred
b. experiment or test the available evidence to confirm or refute your prediction
c. make one or more observations based on events that occurred
d. form a conclusion based on the results of your findings
Q. The process model whose goal is to completely describe the flow of information in a digital investigation is known as:
a. the physical model
b. the staircase model
c. the evidence flow model
d. the subphase model
Q. The crime scene preservation process includes all but which of the following:
a. protecting against unauthorized alterations
b. acquiring digital evidence
c. confirming system date and time
d. controlling access to the crime scene
Q. Investigative reconstruction is composed of three different forms. Which of the following is NOT one of those three forms?
a. functional
b. intentional
c. relational
d. temporal
Q. In crimes against individuals the ______ period leading up to the crime often contains the most important clues regarding the relationship between the offender and the victim.
a. 24-hour
b. 28-hour
c. 60-minute
d. 15-minute
Q. The type of report that is a preliminary summary of findings is known as:
a. sitrep
b. threshold assessment report
c. full investigative report
d. field notes
Q. Creating a histogram of times to reveal periods of high activity is an example of which form of investigative reconstruction?
a. functional
b. intentional
c. relational
d. temporal
Q. Investigators should not rely on one piece of digital evidence when examining an alibi – they should look for an associated _______.
a. cybertrail
b. piece of physical evidence
c. statement
d. none of the above
Q. It is quite difficult to fabricate an alibi on a network successfully because:
a. an offender may not have the proper access.
b. an offender would need system administrator access level to make the necessary changes.
c. an individual rarely has the ability to falsify digital evidence on all the computers that are involved.
d. creating an alibi on a network could take months of work.
Q. Types of digital evidence that might corroborate an alibi include:
a. evidence of computer usage when the offense was supposed to occurred
b. computer records from credit cards, the telephone company, or subway ticket usage
c. gps information from mobile devices indicating the user’s location and time
d. all of the above
Q. To demonstrate that someone is lying about an alibi, it is necessary to:
a. find evidence that clearly demonstrates the lie
b. require the suspect to submit to a polygraph
c. interrogate the suspect using a number of methods
d. show that no evidence confirming the alibi is available
Q. In confirming an alibi involving an obscure piece of equipment, if no documentation is available, the manufacturer is no longer in business, or the equipment/network is so complicated that nobody fully understands how it works, you should:
a. state that the alibi is considered unproven
b. search the internet for any pertinent information
c. recreate the events surrounding the alibi
d. contact other investigators and average their opinions
Q. What is full form of DDoS?
a. derived denial of service
b. distributed denial ofservice
c. denial of service
d. none of these