- (Exam Topic 2)
While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

1. A. The files have been marked as hidden
2. B. The files have been marked for deletion
3. C. The files are corrupt and cannot be recovered
4. D. The files have been marked as read-only

Correct Answer: B

- (Exam Topic 2)
When a router receives an update for its routing table, what is the metric value change to that path?

1. A. Increased by 2
2. B. Decreased by 1
3. C. Increased by 1
4. D. Decreased by 2

Correct Answer: C

- (Exam Topic 2)
A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

1. A. Searching for evidence themselves would not have any ill effects
2. B. Searching could possibly crash the machine or device
3. C. Searching creates cache files, which would hinder the investigation
4. D. Searching can change date/time stamps

Correct Answer: D

- (Exam Topic 2)
Before performing a logical or physical search of a drive in Encase, what must be added to the program?

1. A. File signatures
2. B. Keywords
3. C. Hash sets
4. D. Bookmarks

Correct Answer: B

- (Exam Topic 4)
In which loT attack does the attacker use multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks?

1. A. Replay attack
2. B. Jamming attack
3. C. Blueborne attack
4. D. Sybil attack

Correct Answer: D