Читаем CISSP Practice полностью

The other three choices are incorrect because they represent a state that is not accessible by the vulnerability testing tools. Generalized audit software or special utility programs can handle such events better.

146. What is oral testimony?

a. Cumulative evidence

b. Proffered evidence

c. Direct evidence

d. Negative evidence

146. c. Evidence means testimony, writings, material objects, or other things presented to the senses that are offered to prove the existence or nonexistence of a fact. Direct evidence proves a fact without having to use presumptions or inferences to establish that proof (e.g., oral testimony of a witness to a fact). It proves a consequential fact.

The other three choices are incorrect because they do not use oral testimony. Cumulative evidence is evidence introduced to prove a fact for which other evidence has already been introduced. Proffered evidence is evidence that a party seeks to introduce as evidence to prove or defeat some crime, claim, or defense. This can be pros or cons. Negative evidence is evidence that something did not happen or does not exist.

147. Which of the following phases of a security incident investigation process determines whether a computer crime has occurred?

a. Initiating the investigation

b. Testing and validating the incident hypothesis

c. Analyzing the incident

d. Presenting the evidence

147. c. There are four phases in the investigation process. Initiating the investigation (phase 1) includes securing the crime scene, collecting evidence, developing incident hypothesis, and investigating alternative explanations. Testing and validating the incident hypothesis (phase 2) deals with proving or disproving prior assumptions, opinions, conditions, and situations; and validating the accuracy of a computer system’s prior security parameters such as configuration settings, firewall rulesets, and account access privileges and authorizations. Analyzing the incident (phase 3) covers analysis of the evidence collected in the previous phases to determine whether a computer crime has occurred. Presenting the evidence (phase 4) involves preparing a report with findings and recommendations to management or law enforcement authorities.

The correct order of the investigation process is gather facts (phase 1), interview witnesses (phase 1), develop incident hypothesis (phase 1), test and validate the hypothesis (phase 2), analyze (phase 3), and report the results to management and others (phase 4).

148. Which of the following investigative tools is most effective when large volumes of evidence need to be analyzed?

a. Interviews

b. Questionnaires

c. Forensic analysis

d. Computer analysis

148. d. Computers can be used to collect and compile and analyze large amounts of data and provide statistics, reports, and graphs to assist the investigator in analysis and decision making. Forensic analysis is the art of retrieving computer data in such a way that will make it admissible in court. Interviews and questionnaires are examples of structured approach used in interrogations.

149. Which of the following methods is acceptable to handle computer equipment seized in a computer crime investigation?

a. Exposing the magnetic media to radio waves

b. Laying the magnetic media on top of electronic equipment

c. Subjecting the magnetic media to forensic testing

d. Leaving the magnetic media in the trunk of a vehicle containing a radio unit

149. c. Forensic analysis is the art of retrieving computer data in such a way that makes it admissible in court. Exposing magnetic media to magnetic fields, such as radio waves, may alter or destroy data. Do not carry magnetic media in the trunk of a vehicle containing a radio unit, and do not lay magnetic media on top of any electronic equipment.

150. To preserve the integrity of collected evidence in a criminal prosecution dealing with computer crime, who should not be invited to perform data retrieval and analysis of electronically stored information on a computer?

a. A law enforcement staff trained in computers

b. A computer consultant with requisite technical experience

c. A civilian witness with expertise in computers

d. A teenage hacker who is a computer expert