CREST CPIA Exam Questions with 100% Correct Answers
10 views 0 purchase
Course
CREST CPIA
Institution
CREST CPIA
Accidental Breach Causes Correct Answer 1. Data Transportation
2. Misconfigured Settings
3. Misinterpretation of Instructions
4. OSINT
5. Loss of Data
6. Insider Threat
ACPO Correct Answer 1. Association of Chief Police Officers
2. They issued standardised forensic acquisition guidelines...
CREST CPIA Exam Questions with 100% Correct Answers Accidental Breach Causes Correct Answer 1. Data Transportation
2. Misconfigured Settings
3. Misinterpretation of Instructions
4. OSINT
5. Loss of Data
6. Insider Threat
ACPO Correct Answer 1. Association of Chief Police Officers
2. They issued standardised forensic acquisition guidelines for police officers in the UK
ACPO Guidelines - Principle 1 Correct Answer No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
ACPO Guidelines - Principle 1 in Practise Correct Answer 1. Overarching principle, should be adhered to unless: a. Volatile evidence may be lost b. Steps are required to secure disk image or logical evidence c. You believe that you must make steps to better secure evidence as above
ACPO Guidelines - Principle 2 Correct Answer In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
ACPO Guidelines - Principle 2 in Practise Correct Answer 1. You must be experienced, "qualified" and able to reason and document your decision
2. When making changes, you should record: a. What changes are made b. What the implications are c. Why you have chosen this action and what may be lost if you don't
ACPO Guidelines - Principle 3 Correct Answer An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. An independent Third Party should be able to examine those processes and achieve the same result.
ACPO Guidelines - Principle 3 in Practise Correct Answer 1. Investigation log - personal
log
2. Document imaging process - record any hash values you have for later integrity check
3. Document processes applied with each piece of forensic software
4. Thoroughly document difficult to find evidence, explain how you got there
ACPO Guidelines - Principle 4 Correct Answer The person in charge of the investigation
(the case officer) has overall responsibility for ensuring that the law and these principles
are adhered to
ACPO Guidelines - Principle 4 in Practise Correct Answer 1. The Case Officer is required to brief team and be clear on objectives, principles and methodologies
2. Any breaches to be clearly reported and options discussed
Adhering to RFC 3227 (Guidelines for Evidence Collection and Archiving). The following
list can be used (most to least volatile) Correct Answer 1. Registers, Cache
2. Routing table, ARP Cache, process table, kernel stats, memory
3. Temporary file systems
4. Disk
5. Remote logging and monitoring data that is relevant to the system in question
6. Physical configuration, network topology
7. Archival media
Bootkits Correct Answer 1. More expensive to develop than rootkits
2. Bootkits are specials kinds of Rootkit
3. Possible to maintain persistence by overwriting MBR
4. Bootskits typically load before the kernel
5. Returns legitimate copy of the MBR to hide itself
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ExamsGuru. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.