- (Exam Topic 2)
Which of the following is NOT a part of pre-investigation phase?

1. A. Building forensics workstation
2. B. Gathering information about the incident
3. C. Gathering evidence data
4. D. Creating an investigation team

Correct Answer: C

- (Exam Topic 2)
Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?

1. A. Network
2. B. Transport
3. C. Physical
4. D. Data Link

Correct Answer: C

- (Exam Topic 2)
Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?

1. A. netstat – r
2. B. netstat – ano
3. C. netstat – b
4. D. netstat – s

Correct Answer: B

- (Exam Topic 2)
What is the size value of a nibble?

1. A. 0.5 kilo byte
2. B. 0.5 bit
3. C. 0.5 byte
4. D. 2 bits

Correct Answer: C

- (Exam Topic 2)
Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups?

1. A. Inode bitmap block
2. B. Superblock
3. C. Block bitmap block
4. D. Data block

Correct Answer: B