- (Exam Topic 1)
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to:

Correct Answer:D

- (Exam Topic 2)
Which of the following commands shows you all of the network services running on Windows-based servers?

Correct Answer:A

- (Exam Topic 1)
Why should you note all cable connections for a computer you want to seize as evidence?

Correct Answer:A

- (Exam Topic 2)
Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

Correct Answer:A

- (Exam Topic 2)
When is it appropriate to use computer forensics?

Correct Answer:A

- (Exam Topic 3)
Which of the following registry hive gives the configuration information about which application was used to open various files on the system?

Correct Answer:A