4_5_4 Section 5 – Operations and Incident Response - 4.5 – Digital Forensics- Managing Evidence

Questions and Answers

What type of information might we gather from threat reports or third-party sources?

• Business, geographic, or country-specific information (correct)
• Information about a specific company's financial performance
• Only information about open source intelligence
• Only information about strategic counterintelligence

What is the main goal of performing strategic counterintelligence?

• To identify and disrupt someone gathering information on us (correct)
• To gather threat intelligence on foreign operations
• To track trends in threat intelligence over time
• To create internal threat reports

What is the term for gathering information about a potential threat over an extended period of time?

• Strategic counterintelligence
• OSINT
• Threat intelligence
• Tracking trends (correct)

What is the term for information gathered from publicly available sources?

Open source intelligence (C)

What is the ultimate goal of gathering and analyzing threat intelligence?

To understand and prepare for potential threats (A)

What is the primary purpose of creating a hash of collected data?

To verify that the data remains unchanged during analysis (B)

What is the term used to describe the documentation of the original source of data?

Provenance (A)

What is the purpose of a checksum in data communication?

To ensure the data is transmitted without corruption (C)

What technology can be used to provide detailed tracking of data provenance?

Blockchain (D)

What is the term used to describe the process of tracking the movement of data over time?

Chain of custody (A)

What is the purpose of verifying a hash during data analysis?

To ensure the data has not been tampered with (D)

What is the purpose of creating a copy of the original source of data?

To preserve the data and verify its integrity (D)

What is the challenge of imaging storage drives with full disk encryption?

Powering down the system could cause data inaccessibility (D)

What is the primary focus of e-discovery?

Gathering requested data and providing it to authorities (A)

What is the relationship between e-discovery and digital forensics?

E-discovery often works in conjunction with digital forensics (C)

What is the goal of data recovery in digital forensics?

To recover deleted files and data (D)

What is the significance of non-repudiation in data gathering?

It verifies the authenticity of the data sender (A)

What is the difference between a message authentication code and a digital signature?

A digital signature is used for authentication, while a message authentication code is used for non-repudiation (C)

What is the primary goal of strategic intelligence in data gathering?

To gather threat information about a specific domain (D)

What is the purpose of verifying the data gathering process in a court of law?

To ensure the data was gathered using best practices (D)

What is the risk of powering down a system with full disk encryption?

The data may be inaccessible (D)

Flashcards are hidden until you start studying