MCQs Preparation for Manager Digital Forensics and Malware Analysis

By: Prof. Fazal Rehman Shamil
Last modified on March 25th, 2021

MCQs Preparation for Assistant Manager (Digital Forensics. Malware Analysis)

  • Computer Hacking Forensic Investigator (CHFI)
    • CHFI Syllabus
      • Computer Forensics Nowadays MCQs.
      • Process of Computer Forensics Investigation MCQs.
      • Understanding File Systems MCQs.
      • Understanding Hard Disks MCQs.
      • Malware Forensics MCQs.
      • Defeating Anti-Forensics Techniques MCQs.
      • Data Acquisition and Duplication MCQs.
      • Investigating E-mail Crimes MCQs.
      • Mobile Forensics MCQs.
      • Operating System Forensics MCQs.
      • Investigating Web Attacks MCQs.
      • Database Forensics MCQs.
      • Cloud Forensics MCQs.
      • Investigative Reports MCQs.
      • Network Forensics MCQs.
  • Cyber Security Forensic Analyst (CSFA)
    • Syllabus
      • Windows Operating Systems print spool files MCQs.
      • Windows Operating Systems Prefetch MCQs.
      • Windows Operating Systems registry MCQs.
      • Windows Operating Systems shortcuts MCQs.
      • Windows Operating Systems swap file MCQs.
      • Windows Operating Systems Volume Shadow Copy MCQs.
      • Working as an expert technical witness MCQs.
      • Active, archival and latent data MCQs.
      • Affidavits, motions, and subpoenas MCQs.
      • Compact Disc analysis MCQs.
      • Metadata for Microsoft Office and PDF documents MCQs.
      • NTFS MCQs.
      • Overcoming encryption mechanisms and password protection MCQs.
      • PC hardware concepts MCQs.
      • Privacy issues MCQs.
      • Rules of evidence MCQs.
      • Conducting keyword boolean searches MCQs.
      • Creating understandable and accurate reports MCQs.
      • Interpreting Internet History and HTTP concepts MCQs.
      • Manual and automated data recovery MCQs.
      • Creating forensically fit working copies of media MCQs.
      • Interpretation of various log formats MCQs.
      • TCP/IP concepts MCQs.
      • Documentation, chain of custody, and evidence handling procedures MCQs.
      • FAT 16/32 file systems MCQs.
      • File Headers and Footers MCQs.
      • Unallocated space, RAM slack, drive slack, and File slack MCQs.
      • Hashes and Checksums MCQs.
      • Imaging handheld devices MCQs.
      • Insurance/liability issues MCQs.
  • Certified Ethical Hacker (CEH)
    • COURSE OUTLINE

      INTRO TO ETHICAL HACKING
      • Knowledge of Current Security Trends
      • Knowledge of Elements of Information Security
      • Knowledge of Information Security Threats and Attack Vectors
      • Knowledge of hacking concepts, types, and phases
      • Knowledge of ethical hacking concepts and scope
      • Knowledge of information security management and defense-in-depth
      • Knowledge of policies, procedures, and awareness
      • Knowledge of physical security and controls
      • Knowledge of incidence management process
      • Knowledge of vulnerability assessment and penetration testing
      • Knowledge of information security acts and laws
      CRYPTOGRAPHY
      • Knowledge of Cryptography concepts
      • Knowledge of encryption algorithms
      • Cryptography tools
      • Knowledge of Public Key Infrastructure (PKI)
      • Knowledge of email encryption
      • Knowledge of disk encryption
      • Knowledge of Cryptography attacks
      • Cryptanalysis Tools

       

      FOOTPRINTING AND RECONNAISSANCE
      • Knowledge of footprinting concepts
      • Footprinting through search engines
      • Footprint using advanced google hacking techniques
      • Footprint through social networking sites
      • Knowledge of different techniques for website footprinting
      • Knowledge of different techniques for email footprinting
      • Knowledge of different techniques of competitive intelligence
      • Knowledge of different techniques for WHO IS footprinting
      • Knowledge of different techniques for network footprinting
      • Knowledge of different techniques of footprinting through social engineering
      • Footprinting tools
      • Footprinting countermeasures
      • Knowledge of footprinting Pen Testing
      ENUMERATION
      • Knowledge of Enumeration Concepts
      • Knowledge of different techniques for NetBIOS Enumeration
      • Knowledge of different techniques for SNMP enumeration
      • Knowledge of different techniques for LDAP enumeration
      • Knowledge of different techniques for NTP enumeration
      • Knowledge of different techniques for SMTP and DNS enumeration countermeasures
      • Knowledge of enumeration pen testing
      VULNERABILITY ANALYSIS
      • Vulnerability of the management life cycle
      • Knowledge of various approaches to vulnerability analysis
      • Tools used to perform the vulnerability assessments
      • Vulnerability analysis tools and techniques
      SCANNING NETWORKS
      • Knowledge of networking scanning
      • Knowledge of different techniques to check for Live Systems
      • Knowledge of different techniques to check for Open Ports
      • Knowledge of various scanning techniques
      • Knowledge of various IDS Evasion Techniques
      • Knowledge of banner grabbing
      • Knowledge of Vulnerability scanning
      • Drawing network diagrams
      • Using Proxies and Anonymizer for attack
      • Knowledge of IP Spoofing and various detection techniques
      • Knowledge of scanning and Pen Testing

       

      SYSTEM HACKING
      • Knowledge of CEH Hacking Methodology
      • Knowledge of different techniques to gain access to the system
      • Knowledge of privilege escalation techniques
      • Knowledge of different techniques to create and maintain remote access to the system
      • Knowledge of different types of Rootkits
      • Knowledge of Steganography and Steganalysis
      • Knowledge of techniques to hide the evidence of compromise
      • Knowledge of system hacking penetration testing
      SOCIAL ENGINEERING
      • Knowledge of social engineering
      • Knowledge of various social engineering techniques
      • Knowledge of insider threats
      • Knowledge of impersonation on social networking sites
      • Knowledge of identity theft
      • Social engineering countermeasures
      • Identify theft countermeasures
      • Knowledge of Social Engineering Pen Testing
      DENIAL-OF-SERVICE
      • Knowledge of Denial of Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
      • Overview different DoS/DDoS) attack techniques
      • Knowledge of the botnet network
      • Knowledge of various DoS and DDoS Attack Tools
      • DoS/DDoS Countermeasures
      • Knowledge of DoS Attack Penetration Testing
      SESSION HIJACKING
      • Knowledge of session hijacking concepts
      • Knowledge of application-level session hijacking
      • Knowledge of network-level session hijacking
      • Session hijacking tools
      • Session hijacking countermeasures
      • Knowledge of session hijacking penetration testing
      MALWARE THREATS
      • Introduction to malware and malware propagation techniques
      • Knowledge of Trojans, their types, and how to infect systems
      • Knowledge of viruses, their types, and how they infect files
      • Introduction to computer worm
      • Knowledge of the Malware Analysis Process
      • Knowledge of different techniques to detect malware
      • Malware countermeasures
      • Knowledge of Malware penetration testing
      SNIFFING
      • Knowledge of sniffing concepts
      • Knowledge of MAC attacks
      • Knowledge of DHCP attacks
      • Knowledge of ARP Poisoning
      • Knowledge of MAC Spoofing attacks
      • Knowledge of DNS poisoning
      • Sniffing tools
      • Sniffing countermeasures
      • Knowledge of various techniques to detect sniffing
      • Knowledge of sniffing Pen Testing
      EVADING IDS, FIREWALLS, AND HONEYPOTS
      • Knowledge of IDS, Firewall, and honeypot concepts
      • IDS, Firewall and honeypot solutions
      • Knowledge of different techniques to bypass IDS
      • Knowledge of different techniques to bypass firewalls
      • IDS/Firewall evading tools
      • Knowledge of different techniques to detect honeypots
      • IDS/Firewall evasion countermeasures
      • Knowledge of IDS and firewall Penetration Testing
      HACKING WEB APPLICATIONS
      • Knowledge of web application concepts
      • Knowledge of web application threats
      • Knowledge of web application hacking methodology
      • Web application hacking tools
      • Knowledge of web application countermeasures
      • Web application security tools
      • Knowledge of web application penetration testing
      IOT HACKING
      • Knowledge of IoT concepts
      • Cryptography tools
      • Knowledge of various IoT threats and attacks
      • Knowledge of IoT Hacking
      • Knowledge of IoT attacks
      • IoT security Tools

       

      SQL INJECTION
      • Knowledge of SQL injection concepts
      • Knowledge of various types of SQL injection attacks
      • Knowledge of SQL injection methodology
      • SQL injection tools
      • Knowledge of different IDS evasion techniques
      • SQL injection countermeasures
      • SQL injection detection tools
      HACKING WEB SERVERS
      • Knowledge of web server concepts
      • Knowledge of webserver attacks
      • Knowledge of web server attack methodology
      • Webserver attack tools
      • Countermeasures against webserver attacks
      • Knowledge of Patch Management
      • Webserver security tools
      • Knowledge of Web server penetration testing

       

      HACKING WIRELESS NETWORKS
      • Knowledge of wireless concepts
      • Knowledge of wireless encryption algorithms
      • Knowledge of wireless threats
      • Knowledge of wireless hacking methodology
      • Wireless hacking tools
      • Knowledge of Bluetooth hacking techniques
      • Knowledge of wireless hacking countermeasures
      • Wireless security tools
      • Knowledge of wireless penetration testing
      HACKING MOBILE PLATFORMS
      • Knowledge of mobile attack platform vectors
      • Knowledge of various android threat and attacks
      • Knowledge of various iOS threats and attacks
      • Knowledge of various Windows Phone OS threats and attacks
      • Knowledge of various blackberry threats and attacks
      • Knowledge of mobile device management (MDM)
      • Mobile Security Guidelines and security tools
      • Knowledge of Mobile Penetration Testing
      CLOUD COMPUTING
      • Knowledge of Cloud Computing Concepts
      • Knowledge of Cloud Computing Threats
      • Knowledge of Cloud Computing Attacks
      • Knowledge of Cloud Computing Security
      • Cloud computing Security tools
      • Knowledge of Cloud Penetration testing

       

  • EC-Council Certified Security Analyst
    • Syllabus
      • Penetration Testing General Concepts
      • Introduction to Penetration Testing Methodologies MCQs and Processes MCQs.
      • Penetration Testing Scoping and Engagement Methodologies MCQs
      • Open-Source Intelligence (OSINT) Methodologies MCQs
      • Social Engineering Penetration Testing Methodologies MCQs
      • External Network Penetration Testing Methodologies MCQs
      • Internal Network Penetration Testing Methodologies MCQs
      • Perimeter Network Penetration Testing Methodologies MCQs
      • Web Application Penetration Testing Methodologies MCQs
      • Database Penetration Testing Methodologies MCQs
      • Wireless Penetration Testing Methodologies MCQs
      • Cloud Penetration Testing Methodologies MCQs
      • Report Writing and Post Testing Actions MCQs

Syllabus of Certified Information Systems

Working Area 1-> Information System Auditing Process

Planning

  • Planning of IS Audit Standards, Guidelines, and Codes of Ethics
  • Planning of Business Processes
  • Planning of Types of Controls
  • Planning of Risk-based Audit Planning
  • Planning of Types of Audits and Assessments

Execution

  • Execution of Audit Project Management
  • Execution of Sampling Methodology
  • Execution of audit Evidence Collection Techniques o Data Analytics
  • Execution of reporting and Communication Techniques
  • Execution of Quality Assurance and Improvement of the Audit Process

Working Area 2-> Governance and Management of IT

 IT Governance and IT Strategy 

  • IT Standards, Policies and Procedures o Organizational Structure
  • Enterprise Architecture
  • Enterprise Risk Management o Maturity Models
  • Laws, Regulations and Industry Standards Affecting the Organization
  • IT Management
  •  IT Resource Management
  • IT Service Provider Acquisition and Management of IT Performance Monitoring and Reporting
  • Quality Assurance and Quality Management of IT

Working Area 3-> Information Systems Acquisition, Development and Implementation

  • Information Systems Acquisition and Development o Project Governance and Management
  • Business Case and Feasibility Analysis o System Development Methodologies
  • Control Identification and Design
  • Information Systems Implementation
  • Testing Methodologies
  • Configuration and Release Management
  • System Migration, Infrastructure Deployment, and Data Conversion
  • Post-implementation Review

Working Area 4-> IS Operations and Business Resilience

 

  • Information Systems Operations
  • Common Technology Components
  • IT Asset Management
  • Job Scheduling and Production Process Automation
  • System Interfaces
  • End-user Computing
  • Data Governance
  • Systems Performance Management
  • Problem and Incident Management
  • Change, Configuration, Release and Patch Management
  • T Service Level Management
  • Database Management
  • Business Resilience
  • Business Impact Analysis
  • System Resiliency
  • Data Backup, Storage and Restoration o Business Continuity Plan
  • Disaster Recovery Plans

Working Area 5-> Information Asset Security and Control

 

  • Information Asset Security Frameworks, Standards, and Guidelines o Privacy Principles
  • Physical Access and Environmental Controls o Identity and Access Management
  • Network and End-point Security o Data Classification
  • Data Encryption and Encryption-related Techniques o Public Key Infrastructure
  • Web-based Communication Technologies o Virtualized Environments
  • Mobile, Wireless and Internet-of-things Devices
  • Security Event Management
  • Security Awareness Training and Programs
  • Information System Attack Methods and Techniques o Security Testing Tools and Techniques
  • Security Monitoring Tools and Techniques o Incident Response Management
  • Evidence Collection and Forensics

 

Security Professional (CISSP)

Syllabus

  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Business Continuity and Disaster Recovery Planning
  • Telecommunications and Network Security
  • Legal, Regulations, Investigations and Compliance
  • Physical Security
  • Access Control

Syllabus of EC-Council Certified SOC Analyst (CSA)

 

Understanding cyber threats, IoCs, and attack methodology

  •  cyber threats and attacks
  • Knowledge of  Network Level attacks
  • Knowledge of  Host Level attacks
  • Knowledge of  Application Level attacks
  • Knowledge of  Indicators of Compromise (IoCs)
  • Knowledge of  attacker’s Hacking Methodology

Incidents, events, and logging

  • Knowledge of  fundamentals of incidents, events, and logging
  • Explain the concepts of local logging
  • Explain the concepts of centralized logging

Incident detection with Security Information and Event Management (SIEM)

  • Knowledge of  basic concepts of Security Information and Event Management (SIEM)
  • Knowledge of  different SIEM Solutions
  • Knowledge of  SIEM Deployment
  • Understanding of  different use case examples for Application-Level Incident Detection
  • Understanding of  different use case examples for Insider Incident Detection
  • Understanding of  different use case examples for Network Level Incident Detection
  • Understanding of  different use case examples for Host Level Incident Detection
  • Understanding of  different use case examples for Compliance
  • Knowledge of the concept of handling alert triaging and analysis

Incident response

  • Knowledge of  fundamental concepts of incident response
  • Understanding of  various phases in Incident Response Process
  • Understanding of  how to respond to Network Security Incidents
  • Understanding of  how to respond to Application Security Incidents
  • Understanding of  how to respond to Email Security Incidents
  • Understanding of  how to respond to Insider Incidents
  • Understanding of  how to respond to Malware Incidents

Security operations and management

  • Knowledge of  SOC Fundamentals
  • Knowledge of  components of SOC: People, processes and technology
  • Knowledge of  implementation of SOC

 

Enhanced incident detection with threat intelligence

  • Understanding of  fundamental concepts on threat intelligence
  • Understanding of  different types of threat intelligence
  • Understand how threat intelligence strategy is developed
  • Understanding of  different threat intelligence sources from which intelligence can be obtained
  • Understanding of  different Threat Intelligence Platform (TIP)
  • Knowledge of  need of threat intelligence-driven SOC

 

 

 

MCQs Preparation for Assistant Manager Penetration Testing

  • Computer Hacking Forensic Investigator (CHFI)
  • Cyber Security Forensic Analyst (CSFA)
  • Certified Ethical Hacker (CEH)
  • EC-Council Certified Security Analyst
  • Certified Information Systems
  • Security Professional (CISSP)
  • EC-Council Certified SOC Analyst (CSA)

MCQs Preparation for Network Security, SOC Analyst

  • Computer Hacking Forensic Investigator (CHFI)
  • Cyber Security Forensic Analyst (CSFA)
  • Certified Ethical Hacker (CEH)
  • EC-Council Certified Security Analyst
  • Certified Information Systems
  • Security Professional (CISSP)
  • EC-Council Certified SOC Analyst (CSA)

MCQs Preparation for Assistant Manager (HRIS)

  • Human Resource Information System(HRIS)
  • Support and maintenance of HR System
  • generating HR related reports
  • managing system upgrades and maintains data integrity
  • Analyzing HRIS performance System
  • Integrating new software
  • maintain data bases and running queries
  • implementation of Technological advancement.

These MCQs are also best for Atomic Energy Commission Jobs.

 

 

Prof. Fazal Rehman Shamil