1. The law of search and seizure protects the rights of all people, excluding people suspected of crimes. a. True b. False

2. The definition of digital forensics has evolved over the years from simply involving securing and analyzing digital information stored on a computer for use as evidence in civil, criminal, or administrative cases. a. True b. False

3. After a judge approves and signs a search warrant, its ready to be executed, meaning you can collect evidence as defined by the warrant. a. True b. False

4. If damage occurs to the floor, walls, ceilings, or furniture on your computer forensics lab, it does not need to be repaired immediately. a. True b. False

5. Computer investigations and forensics fall into the same category: public investigations. a. True b. False

6. For daily work production, several examiners can work together in a large open area, as long as they all have different levels of authority and access needs. a. True b. False

7. Maintaining credibility means you must form and sustain unbiased opinions of your cases. a. True b. False

8. When you work in the Enterprise Digital Group, you test and verify the integrity of standalone workstations and network servers. a. True b. False

9. Computing systems in a forensics lab should be able to process typical cases in a timely manner. a. True b. False

10. To be a successful computer forensics investigator, you must be familiar with more than one computing platform. a. True b. False

Indicate the answer choice that best completes the statement or answers the question.

11. What usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will? a. A warning banner b. A statement of responsibilities c. An alarm trigger d. A consent authorization

12. What term refers to the individual who has the power to conduct digital forensic investigations? a. Authorized requester b. Security chief c. Corporate investigator d. Independent ombudsperson

13. Which group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime? a. Network intrusion detection b. Digital investigations c. Incident response d. Litigation

14. What process refers to recording all the updates made to a workstation? a. Configuration management b. Risk minimization c. Recovery logging d. Change logging

15. What must be done, under oath, to verify that the information in the affidavit is true? a. It must be notarized. b. It must be examined. c. It must be recorded. d. It must be challenged.

16. Which group often works as part of a team to secure an organizations computers and networks? a. Computer analysts b. Data recovery engineers c. Forensics investigators d. Network monitors

17. How frequently does IACIS require recertification to demonstrate continuing work in the field of computer forensics? a. Every 2 years b. Every 3 years c. Every 4 years d. Every 5 years

18. What kind of forensic investigation lab best preserves the integrity of evidence? a. A shielded enclosure b. A protected entity c. A fortified workplace d. A secure facility

19. What does the investigator in a criminal or public-sector case submit, at the request of the prosecuting attorney, if he or she has enough information to support a search warrant? a. A blotter b. An exhibit report c. A litigation report d. An affidavit

20. What do published company policies provide for a business that enables them to conduct internal investigations? a. Absolute process b. Judicial authorization c. Legitimate justification d. Line of authority

21. When an investigator seeks a search warrant, which of the following must be included in an affidavit to support the allegation of a crime? a. Subpoena b. Exculpatory evidence c. Exhibits d. Authorized requester

22. A technician is trying to recover information on a computer that has been hidden or deleted on purpose in order to hide evidence of a crime. Which type of task is the technician performing? a. Data recovery b. Disk restoration c. Digital forensics d. Disaster recovery

23. What investigator characteristic, which includes ethics, morals, and standards of behavior, determines the investigator's credibility? a. Investigatory acumen b. Fidelity to oath of office c. Line of authority d. Professional conduct

24. At what location does the forensics investigator conduct investigations, store evidence, and do most of his or her work? a. The forensic workstation b. The digital forensics lab c. The data management room d. The computer analysis lab

25. What term refers to a person using a computer to perform routine tasks other than systems administration? a. Complainant b. Consumer c. End user d. Customer

26. What is most often the focus of digital investigations in the private sector? a. E-mail abuse b. Misuse of digital assets c. Internet abuse d. VPN abuse

27. What type of plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive youre analyzing? a. Disaster recovery b. Risk management c. Configuration management d. Security

28 At what levels should lab costs be broken down? a. Daily, weekly, and monthly b. Weekly, monthly, and annually c. Monthly, bimonthly, and quarterly d. Monthly, quarterly, and annually

29. Where should your computer backups be kept? a. Any convenient location b. A colleague's computer c. An off-site facility d. In the Cloud

30. In what process is the acquisition of newer and better resources for investigation justified? a. Conducting a risk evaluation b. Building a business case c. Modifying the configuration plan d. Creating an upgrade policy