Hard disk data addressing is a method of allotting addresses to each ___________of data on a hard disk

A. Physical block

B. Logical block

C. Operating system block

D. Hard disk block

Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details of the incident and should be clear to understand. Which of the following attributes of a forensics report can render it inadmissible in a court of law?

A. It includes metadata about the incident

B. It includes relevant extracts referred to In the report that support analysis or conclusions

C. It is based on logical assumptions about the incident timeline

D. It maintains a single document style throughout the text

Which of the following statements is incorrect when preserving digital evidence?

A. Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals

B. Verily if the monitor is in on, off, or in sleep mode

C. Remove the power cable depending on the power state of the computer i.e., in on. off, or in sleep mode

D. Turn on the computer and extract Windows event viewer log files

An image is an artifact that reproduces the likeness of some subject. These are produced by optical devices (i.e. cameras, mirrors, lenses, telescopes, and microscopes).

Which property of the image shows you the number of colors available for each pixel in an image?

A. Pixel

B. Bit Depth

C. File Formats

D. Image File Size

A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this?

A. He should search in C:\Windows\System32\RECYCLED folder

B. The Recycle Bin does not exist on the hard drive

C. The files are hidden and he must use switch to view themThe files are hidden and he must use ? switch to view them

D. Only FAT system contains RECYCLED folder and not NTFS

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She

implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security

measures were taken, none of the hosts on her network can reach the Internet.

Why is that?

A. IPSEC does not work with packet filtering firewalls

B. Statefull firewalls do not work with packet filtering firewalls

C. NAT does not work with IPSEC

D. NAT does not work with statefull firewalls

Which of these rootkit detection techniques function by comparing a snapshot of the file system, boot

records, or memory with a known and trusted baseline?

A. Signature-Based Detection

B. Integrity-Based Detection

C. Cross View-Based Detection

D. Heuristic/Behavior-Based Detection

Centralized binary logging is a process in which many websites write binary and unformatted log data to a single log file. What extension should the investigator look to find its log file?

A. .cbl

B. .log

C. .ibl

D. .txt

Which of the following are small pieces of data sent from a website and stored on the user's computer by the user's web browser to track, validate, and maintain specific user information?

A. Temporary Files

B. Open files

C. Cookies

D. Web Browser Cache

What must an attorney do first before you are called to testify as an expert?

A. Qualify you as an expert witness

B. Read your curriculum vitae to the jury

C. Engage in damage control

D. Prove that the tools you used to conduct your examination are perfect