Endpoint Security Fundamentals

Questions and Answers

What is the most effective way to avoid leaving evidence of activity?

Avoid creating the data in the first place (correct)

Use a virtual machine

Run the OS from a removable drive

Use a portable app

What is the importance of encryption in removing evidence of activity?

It deletes all files created by the registry

It secures data on a removable disk

It makes data recoverable without a key (correct)

It makes data readable without a key

What is the advantage of running the OS from a removable drive?

It deletes all files created by the registry

It makes data unrecoverable without the encryption key

It allows for physical security or destruction of the data (correct)

It makes data readable without a key

What is the promise of using a virtual machine?

It allows for deletion of the VM with all the data

What is the benefit of using portable apps?

It makes retrieving the data more difficult

What can be used if none of the previous methods were used?

Programs like CCleaner and BleachBit

What is the availability of CCleaner?

Windows, Mac, and Linux

What is the availability of BleachBit?

Windows and Linux

Why is it important to avoid creating data in the first place?

A forensic expert will always find some data left behind

What is the purpose of securely wiping the VM?

To delete all the data after use

A forensic expert can always recover deleted data from a computer.

True

Encryption can make data unrecoverable even if it is found.

True

Running the OS from a removable drive can completely eliminate evidence of activity.

False

Using a virtual machine can completely delete all files created by the registry.

True

CCleaner is only available on Windows.

False

BleachBit is available on all operating systems.

False

Portable apps can make it impossible to retrieve data.

False

CCleaner and BleachBit can be used to securely wipe data.

True

Running the OS from a removable drive can make data retrieval easier.

False

Using encryption can make data readable without the encryption key.

False

Using a virtual machine can make it impossible to retrieve data.

False

CCleaner is only available on Windows and Linux.

True

A forensic expert will always find some data left behind.

True

BleachBit is only available on Windows.

False

Running the OS from a removable drive can eliminate all evidence of activity.

False

Encryption can make data readable without the encryption key.

False

Avoiding creating data in the first place is the most effective way to remove evidence of activity.

True

CCleaner and BleachBit can be used to securely wipe data.

True

Using portable apps can make it impossible to retrieve data.

False

Encryption can make data unrecoverable even if it is found.

True

Avoiding creating data in the ______ place is the most effective way to remove evidence of activity.

first

A forensic expert will always find some data left behind either on ______ or in the operating system registry.

ram

Using ______ can make retrieving the data much more difficult.

portable apps

The third option is running the OS from a ______ drive.

removable

Using ______ can make data unrecoverable even if it is found.

encryption

We can use programs like ______ if none of the previous methods were used.

CCleaner

BleachBit is available on ______ and Linux.

Windows

The promise of using a ______ machine is that we can delete the VM with all the data after we are done with our work.

virtual

CCleaner is available on ______, Mac, and Linux.

Windows

Running the OS from a ______ drive can make retrieving the data much more difficult.

removable