First Response - Review Questions
18 important questions on First Response - Review Questions
What is the very first consideration when responding to a scene?
A. Your safety
B. Safety of others
C. Preservation of evidence
D. Documentation
considerations can be accomplished.
What are some variables regarding a facility that you should consider
prior to responding to a scene?
A. What type of structure is it?
B. How large is the structure?
C. What are the hours of operation?
D. Is there a helpful person present to aid in your task?
E. All of the above
knowledge of the location, its hours of activity, and the people who occupy it.
What are some variables regarding items to be seized that you should
consider prior to responding to a scene?
A. Location(s) of computers
B. Type of operating system
C. Workstations or mainframes
D. System-critical or auxiliary machine
E. All of the above
and functions of the computers and their locations will help reduce any
unforeseen complications, thus easing the task.
- Higher grades + faster learning
- Never study anything twice
- 100% sure, 100% understanding
Generally speaking, if you encounter a computer running Windows Server
2000, how should you take down the machine?
A. Shut down using its operating system.
B. Shut down by pulling the power cord from the outlet.
C. Shut down by pulling the plug from the computer box.
D. All of the above.
be recovered if a server is not properly shut down. It is best to properly
shut down a Windows server and document your actions.
Generally speaking, if you encounter a Unix/Linux machine, how should
you take down the machine?
A. Shut down using its operating system.
B. Shut down by pulling the power cord from the outlet.
C. Shut down by pulling the plug from the computer box.
D. All of the above.
machine is improperly shut down.
When unplugging a desktop computer, from where is it best to pull the plug?
A. The back of the computer
B. The wall outlet
C. A or B
the back of the computer at the power supply. Unplugging a cord from the
outlet connected to an uninterrupted power supply (UPS) will not shut down
the computer.
What is the best method to shut down a notebook computer?
A. Unplug from the back of the computer.
B. Unplug from the wall.
C. Remove the battery.
D. Both A and C.
no electricity is being fed to the computer.
Which selection displays the incorrect method for shutting down a computer?
A. DOS: Pull the plug.
B. Windows 2000: Pull the plug.
C. Windows XP: Pull the plug.
D. Linux: Pull the plug.
shutdown using the operating system.
When shutting down a computer, what information is typically lost?
A. Data in RAM memory
B. Running processes
C. Current network connections
D. Current logged-in users
E. All of the above
the above live system-state data is lost.
All of the below are acceptable for “bagging” a computer workstation except:
A. Large paper bag
B. Brown wrapping paper
C. Plastic garbage bag
D. Large antistatic plastic bag
E. All of the above are acceptable for bagging a workstation
electricity discharge, which could damage sensitive computer components,
including media.
What are circumstances in which pulling the plug to shut down a computer system is considered the best practice?
A. When the OS is Linux /Unix
B. When the OS is Windows 2000 and known to be running a large business
database application
C. When the OS is Windows (NT/2K/2003) Server
D. When Macintosh OS X Server is running as a web server
E. None of the above
a normal shutdown, and thus pulling the plug would not be considered
best practice for any of these.
How is the chain of custody maintained?
A. By bagging evidence and sealing it to protect it from contamination or
tampering
B. By documenting what, when, where, how, and by whom evidence was seized
C. By documenting in a log the circumstances under which evidence was
removed from the evidence control room
D. By documenting the circumstances under which evidence was subjected to
analysis
E. All of the above
maintaining the chain of custody and hence the integrity of the evidence.
It is always safe to pull the plug on a Windows 2000 Professional operating system.
A. True
B. False
database could be hosted on a Windows 2000 operating system, as could
a number of other critical applications, which include access control
systems, critical process control software, life-support systems, life-safety
alarm monitoring, and so forth.
On a production Linux/Unix server, you must generally be which user to shut
down the system?
A. sysadmin
B. administrator
C. root
D. system
a Linux/Unix system in a production environment. This prevents a typical
user from stopping the system and halting mission-critical computing
processes.
When would it be acceptable to navigate through a live system?
A. To observe the operating system to determine the proper shutdown process
B. To document currently opened files (if Enterprise/FIM edition is not available)
C. To observe an encryption program running
D. To access virtual storage facility (if search warrant permits; some are very
specific about physical location)
E. All of the above
shut down. Given that, it is acceptable to access a system to retrieve
information of evidentiary value as long as the actions are justified,
documented, and explained.
A console prompt that displayed backslashes (\) as part of its display
would most likely be which of the following?
A. Red Hat Linux operating system
B. Unix operating system
C. Linux or Unix operating system logged in as root
D. MS-DOS
structure whereas Linux/Unix uses forward slashes (/) for the same purpose.
When called to large office complex with numerous networked machines,
is it always a good idea to request the assistance of the network
administrator.
A. True
B. False
about the computers than the responding examiner and may be of great help,
the idea of requesting that person’s assistance may be detrimental to
the investigation if the network administrator is the target of the
investigation. As part of your preplanning, you must determine if the
administrator is part of the problem or part of the solution before
you make such an approach.
Subsequent to a search warrant where evidence is seized, what items
shouldbe left behind?
A. Copy of the affidavit
B. Copy of the search warrant
C. List of items seized
D. A and B
E. B and C
and a list of items seized should be left behind.
The question on the page originate from the summary of the following study material:
- A unique study and practice tool
- Never study anything twice again
- Get the grades you hope for
- 100% sure, 100% understanding