- (Exam Topic 3)
What malware analysis operation can the investigator perform using the jv16 tool?

1. A. Files and Folder Monitor
2. B. Installation Monitor
3. C. Network Traffic Monitoring/Analysis
4. D. Registry Analysis/Monitoring

Correct Answer: D

- (Exam Topic 1)
You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printer out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the in order to track the emails back to the suspect.

1. A. Routing Table
2. B. Firewall log
3. C. Configuration files
4. D. Email Header

Correct Answer: D

- (Exam Topic 4)
The information security manager at a national legal firm has received several alerts from the intrusion detection system that a known attack signature was detected against the organization's file server. What should the information security manager do first?

1. A. Report the incident to senior management
2. B. Update the anti-virus definitions on the file server
3. C. Disconnect the file server from the network
4. D. Manually investigate to verify that an incident has occurred

Correct Answer: C

- (Exam Topic 1)
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

1. A. The system files have been copied by a remote attacker
2. B. The system administrator has created an incremental backup
3. C. The system has been compromised using a t0rnrootkit
4. D. Nothing in particular as these can be operational files

Correct Answer: D

- (Exam Topic 2)
What must an investigator do before disconnecting an iPod from any type of computer?

1. A. Unmount the iPod
2. B. Mount the iPod
3. C. Disjoin the iPod
4. D. Join the iPod

Correct Answer: A