This preview shows page 1. Sign up to view the full content.
Unformatted text preview: angible.
B. The evidence is mostly corrupted.
C. The evidence is mostly encrypted.
D. The evidence is mostly tangible.
11. The chain of custody of evidence describes who obtained the evidence and
A. Who secured it and stole it
B. Who controlled it and broke it
C. Who secured it and validated it
D. Who controlled it and duplicated it
12. Before shutting down a system suspected of an attack, the investigator should
A. Remove and back up the hard drive
B. Dump memory contents to disk
C. Remove it from the network
D. Save data in the spooler queue and temporary files
13. Why is computer-generated documentation usually considered unreliable
A. It is primary evidence.
B. It is too difficult to detect prior modifications.
C. It is corroborative evidence.
D. It is not covered under criminal law, but it is covered under civil law. ch10.indd 915 12/4/2009 11:39:15 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 916
14. Which of the following is a necessary characteristic of evidence for it to be
A. It must be real.
B. It must be noteworthy.
C. It must be reliable.
D. It must be important.
15. In the United States, what agency usually works with the FBI when
investigating computer crimes?
B. The Secret Service
C. The CIA
D. The state police
16. If a company deliberately planted a flaw in one of its systems in the hope of
detecting an attempted penetration and exploitation of this flaw, what would
this be called?
A. Incident recovery response
17. If an employee is suspected of wrongdoing in a computer crime, what
department must be involved?
A. Human resources
18. When would an investigator’s notebook be admissible in court?
A. When he uses it to refresh memory
B. When he cannot be present for testimony
C. When requested by the judge to learn the original issues of the investigations
D. When no other physical evidence is available
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12