- (Exam Topic 3)
Graphics Interchange Format (GIF) is a RGB bitmap image format for images with up to 256 distinct colors per frame.

1. A. 8-bit
2. B. 32-bit
3. C. 16-bit
4. D. 24-bit

Correct Answer: A

- (Exam Topic 4)
An investigator wants to extract passwords from SAM and System Files. Which tool can the Investigator use to obtain a list of users, passwords, and their hashes In this case?

1. A. PWdump7
2. B. HashKey
3. C. Nuix
4. D. FileMerlin

Correct Answer: A

- (Exam Topic 4)
An investigator Is examining a file to identify any potentially malicious content. To avoid code execution and still be able to uncover hidden indicators of compromise (IOC), which type of examination should the investigator perform:

1. A. Threat hunting
2. B. Threat analysis
3. C. Static analysis
4. D. Dynamic analysis

Correct Answer: B

- (Exam Topic 2)
An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

1. A. Smurf
2. B. Ping of death
3. C. Fraggle
4. D. Nmap scan

Correct Answer: B

- (Exam Topic 1)
You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm’s employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?

1. A. Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned
2. B. Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment
3. C. Inform the owner that conducting an investigation without a policy is a violation of the employee’s expectation of privacy
4. D. Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies

Correct Answer: C