CREST CPIA Exam Questions with 100% Correct Answers
10 keer bekeken 0 keer verkocht
Vak
CREST CPIA
Instelling
CREST CPIA
Accidental Breach Causes Correct Answer 1. Data Transportation
2. Misconfigured Settings
3. Misinterpretation of Instructions
4. OSINT
5. Loss of Data
6. Insider Threat
ACPO Correct Answer 1. Association of Chief Police Officers
2. They issued standardised forensic acquisition guidelines...
CREST CPIA Exam Questions with 100% Correct Answers Accidental Breach Causes Correct Answer 1. Data Transportation
2. Misconfigured Settings
3. Misinterpretation of Instructions
4. OSINT
5. Loss of Data
6. Insider Threat
ACPO Correct Answer 1. Association of Chief Police Officers
2. They issued standardised forensic acquisition guidelines for police officers in the UK
ACPO Guidelines - Principle 1 Correct Answer No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
ACPO Guidelines - Principle 1 in Practise Correct Answer 1. Overarching principle, should be adhered to unless: a. Volatile evidence may be lost b. Steps are required to secure disk image or logical evidence c. You believe that you must make steps to better secure evidence as above
ACPO Guidelines - Principle 2 Correct Answer In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
ACPO Guidelines - Principle 2 in Practise Correct Answer 1. You must be experienced, "qualified" and able to reason and document your decision
2. When making changes, you should record: a. What changes are made b. What the implications are c. Why you have chosen this action and what may be lost if you don't
ACPO Guidelines - Principle 3 Correct Answer An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent Third Party should be able to examine those processes and achieve the same result.
ACPO Guidelines - Principle 3 in Practise Correct Answer 1. Investigation log - personal
log
2. Document imaging process - record any hash values you have for later integrity check
3. Document processes applied with each piece of forensic software
4. Thoroughly document difficult to find evidence, explain how you got there
ACPO Guidelines - Principle 4 Correct Answer The person in charge of the investigation
(the case officer) has overall responsibility for ensuring that the law and these principles
are adhered to
ACPO Guidelines - Principle 4 in Practise Correct Answer 1. The Case Officer is required to brief team and be clear on objectives, principles and methodologies
2. Any breaches to be clearly reported and options discussed
Adhering to RFC 3227 (Guidelines for Evidence Collection and Archiving). The following
list can be used (most to least volatile) Correct Answer 1. Registers, Cache
2. Routing table, ARP Cache, process table, kernel stats, memory
3. Temporary file systems
4. Disk
5. Remote logging and monitoring data that is relevant to the system in question
6. Physical configuration, network topology
7. Archival media
Bootkits Correct Answer 1. More expensive to develop than rootkits
2. Bootkits are specials kinds of Rootkit
3. Possible to maintain persistence by overwriting MBR
4. Bootskits typically load before the kernel
5. Returns legitimate copy of the MBR to hide itself
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper ExamsGuru. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €12,34. Je zit daarna nergens aan vast.