MCQs Preparation for Manager Digital Forensics and Malware Analysis

By: Prof. Dr. Fazal Rehman | Last updated: February 3, 2024

MCQs Preparation for Assistant Manager (Digital Forensics. Malware Analysis)

• Computer Hacking Forensic Investigator (CHFI)
  • CHFI Syllabus
    • Computer Forensics Nowadays MCQs.
    • Process of Computer Forensics Investigation MCQs.
    • Understanding File Systems MCQs.
    • Understanding Hard Disks MCQs.
    • Malware Forensics MCQs.
    • Defeating Anti-Forensics Techniques MCQs.
    • Data Acquisition and Duplication MCQs.
    • Investigating E-mail Crimes MCQs.
    • Mobile Forensics MCQs.
    • Operating System Forensics MCQs.
    • Investigating Web Attacks MCQs.
    • Database Forensics MCQs.
    • Cloud Forensics MCQs.
    • Investigative Reports MCQs.
    • Network Forensics MCQs.
• Cyber Security Forensic Analyst (CSFA)
  • Syllabus
    • Windows Operating Systems print spool files MCQs.
    • Windows Operating Systems Prefetch MCQs.
    • Windows Operating Systems registry MCQs.
    • Windows Operating Systems shortcuts MCQs.
    • Windows Operating Systems swap file MCQs.
    • Windows Operating Systems Volume Shadow Copy MCQs.
    • Working as an expert technical witness MCQs.
    • Active, archival and latent data MCQs.
    • Affidavits, motions, and subpoenas MCQs.
    • Compact Disc analysis MCQs.
    • Metadata for Microsoft Office and PDF documents MCQs.
    • NTFS MCQs.
    • Overcoming encryption mechanisms and password protection MCQs.
    • PC hardware concepts MCQs.
    • Privacy issues MCQs.
    • Rules of evidence MCQs.
    • Conducting keyword boolean searches MCQs.
    • Creating understandable and accurate reports MCQs.
    • Interpreting Internet History and HTTP concepts MCQs.
    • Manual and automated data recovery MCQs.
    • Creating forensically fit working copies of media MCQs.
    • Interpretation of various log formats MCQs.
    • TCP/IP concepts MCQs.
    • Documentation, chain of custody, and evidence handling procedures MCQs.
    • FAT 16/32 file systems MCQs.
    • File Headers and Footers MCQs.
    • Unallocated space, RAM slack, drive slack, and File slack MCQs.
    • Hashes and Checksums MCQs.
    • Imaging handheld devices MCQs.
    • Insurance/liability issues MCQs.
• Certified Ethical Hacker (CEH)

  • COURSE OUTLINE

    INTRO TO ETHICAL HACKING

    • Knowledge of Current Security Trends
    • Knowledge of Elements of Information Security
    • Knowledge of Information Security Threats and Attack Vectors
    • Knowledge of hacking concepts, types, and phases
    • Knowledge of ethical hacking concepts and scope
    • Knowledge of information security management and defense-in-depth
    • Knowledge of policies, procedures, and awareness
    • Knowledge of physical security and controls
    • Knowledge of incidence management process
    • Knowledge of vulnerability assessment and penetration testing
    • Knowledge of information security acts and laws

    CRYPTOGRAPHY

    • Knowledge of Cryptography concepts
    • Knowledge of encryption algorithms
    • Cryptography tools
    • Knowledge of Public Key Infrastructure (PKI)
    • Knowledge of email encryption
    • Knowledge of disk encryption
    • Knowledge of Cryptography attacks
    • Cryptanalysis Tools

     

    FOOTPRINTING AND RECONNAISSANCE

    • Knowledge of footprinting concepts
    • Footprinting through search engines
    • Footprint using advanced google hacking techniques
    • Footprint through social networking sites
    • Knowledge of different techniques for website footprinting
    • Knowledge of different techniques for email footprinting
    • Knowledge of different techniques of competitive intelligence
    • Knowledge of different techniques for WHO IS footprinting
    • Knowledge of different techniques for network footprinting
    • Knowledge of different techniques of footprinting through social engineering
    • Footprinting tools
    • Footprinting countermeasures
    • Knowledge of footprinting Pen Testing

    ENUMERATION

    • Knowledge of Enumeration Concepts
    • Knowledge of different techniques for NetBIOS Enumeration
    • Knowledge of different techniques for SNMP enumeration
    • Knowledge of different techniques for LDAP enumeration
    • Knowledge of different techniques for NTP enumeration
    • Knowledge of different techniques for SMTP and DNS enumeration countermeasures
    • Knowledge of enumeration pen testing

    VULNERABILITY ANALYSIS

    • Vulnerability of the management life cycle
    • Knowledge of various approaches to vulnerability analysis
    • Tools used to perform the vulnerability assessments
    • Vulnerability analysis tools and techniques

    SCANNING NETWORKS

    • Knowledge of networking scanning
    • Knowledge of different techniques to check for Live Systems
    • Knowledge of different techniques to check for Open Ports
    • Knowledge of various scanning techniques
    • Knowledge of various IDS Evasion Techniques
    • Knowledge of banner grabbing
    • Knowledge of Vulnerability scanning
    • Drawing network diagrams
    • Using Proxies and Anonymizer for attack
    • Knowledge of IP Spoofing and various detection techniques
    • Knowledge of scanning and Pen Testing

     

    SYSTEM HACKING

    • Knowledge of CEH Hacking Methodology
    • Knowledge of different techniques to gain access to the system
    • Knowledge of privilege escalation techniques
    • Knowledge of different techniques to create and maintain remote access to the system
    • Knowledge of different types of Rootkits
    • Knowledge of Steganography and Steganalysis
    • Knowledge of techniques to hide the evidence of compromise
    • Knowledge of system hacking penetration testing

    SOCIAL ENGINEERING

    • Knowledge of social engineering
    • Knowledge of various social engineering techniques
    • Knowledge of insider threats
    • Knowledge of impersonation on social networking sites
    • Knowledge of identity theft
    • Social engineering countermeasures
    • Identify theft countermeasures
    • Knowledge of Social Engineering Pen Testing

    DENIAL-OF-SERVICE

    • Knowledge of Denial of Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
    • Overview different DoS/DDoS) attack techniques
    • Knowledge of the botnet network
    • Knowledge of various DoS and DDoS Attack Tools
    • DoS/DDoS Countermeasures
    • Knowledge of DoS Attack Penetration Testing

    SESSION HIJACKING

    • Knowledge of session hijacking concepts
    • Knowledge of application-level session hijacking
    • Knowledge of network-level session hijacking
    • Session hijacking tools
    • Session hijacking countermeasures
    • Knowledge of session hijacking penetration testing

    MALWARE THREATS

    • Introduction to malware and malware propagation techniques
    • Knowledge of Trojans, their types, and how to infect systems
    • Knowledge of viruses, their types, and how they infect files
    • Introduction to computer worm
    • Knowledge of the Malware Analysis Process
    • Knowledge of different techniques to detect malware
    • Malware countermeasures
    • Knowledge of Malware penetration testing

    SNIFFING

    • Knowledge of sniffing concepts
    • Knowledge of MAC attacks
    • Knowledge of DHCP attacks
    • Knowledge of ARP Poisoning
    • Knowledge of MAC Spoofing attacks
    • Knowledge of DNS poisoning
    • Sniffing tools
    • Sniffing countermeasures
    • Knowledge of various techniques to detect sniffing
    • Knowledge of sniffing Pen Testing

    EVADING IDS, FIREWALLS, AND HONEYPOTS

    • Knowledge of IDS, Firewall, and honeypot concepts
    • IDS, Firewall and honeypot solutions
    • Knowledge of different techniques to bypass IDS
    • Knowledge of different techniques to bypass firewalls
    • IDS/Firewall evading tools
    • Knowledge of different techniques to detect honeypots
    • IDS/Firewall evasion countermeasures
    • Knowledge of IDS and firewall Penetration Testing

    HACKING WEB APPLICATIONS

    • Knowledge of web application concepts
    • Knowledge of web application threats
    • Knowledge of web application hacking methodology
    • Web application hacking tools
    • Knowledge of web application countermeasures
    • Web application security tools
    • Knowledge of web application penetration testing

    IOT HACKING

    • Knowledge of IoT concepts
    • Cryptography tools
    • Knowledge of various IoT threats and attacks
    • Knowledge of IoT Hacking
    • Knowledge of IoT attacks
    • IoT security Tools

     

    SQL INJECTION

    • Knowledge of SQL injection concepts
    • Knowledge of various types of SQL injection attacks
    • Knowledge of SQL injection methodology
    • SQL injection tools
    • Knowledge of different IDS evasion techniques
    • SQL injection countermeasures
    • SQL injection detection tools

    HACKING WEB SERVERS

    • Knowledge of web server concepts
    • Knowledge of webserver attacks
    • Knowledge of web server attack methodology
    • Webserver attack tools
    • Countermeasures against webserver attacks
    • Knowledge of Patch Management
    • Webserver security tools
    • Knowledge of Web server penetration testing

     

    HACKING WIRELESS NETWORKS

    • Knowledge of wireless concepts
    • Knowledge of wireless encryption algorithms
    • Knowledge of wireless threats
    • Knowledge of wireless hacking methodology
    • Wireless hacking tools
    • Knowledge of Bluetooth hacking techniques
    • Knowledge of wireless hacking countermeasures
    • Wireless security tools
    • Knowledge of wireless penetration testing

    HACKING MOBILE PLATFORMS

    • Knowledge of mobile attack platform vectors
    • Knowledge of various android threat and attacks
    • Knowledge of various iOS threats and attacks
    • Knowledge of various Windows Phone OS threats and attacks
    • Knowledge of various blackberry threats and attacks
    • Knowledge of mobile device management (MDM)
    • Mobile Security Guidelines and security tools
    • Knowledge of Mobile Penetration Testing

    CLOUD COMPUTING

    • Knowledge of Cloud Computing Concepts
    • Knowledge of Cloud Computing Threats
    • Knowledge of Cloud Computing Attacks
    • Knowledge of Cloud Computing Security
    • Cloud computing Security tools
    • Knowledge of Cloud Penetration testing

     

• EC-Council Certified Security Analyst
  • Syllabus
    • Penetration Testing General Concepts
    • Introduction to Penetration Testing Methodologies MCQs and Processes MCQs.
    • Penetration Testing Scoping and Engagement Methodologies MCQs
    • Open-Source Intelligence (OSINT) Methodologies MCQs
    • Social Engineering Penetration Testing Methodologies MCQs
    • External Network Penetration Testing Methodologies MCQs
    • Internal Network Penetration Testing Methodologies MCQs
    • Perimeter Network Penetration Testing Methodologies MCQs
    • Web Application Penetration Testing Methodologies MCQs
    • Database Penetration Testing Methodologies MCQs
    • Wireless Penetration Testing Methodologies MCQs
    • Cloud Penetration Testing Methodologies MCQs
    • Report Writing and Post Testing Actions MCQs

Syllabus of Certified Information Systems

Working Area 1-> Information System Auditing Process

Planning

• Planning of IS Audit Standards, Guidelines, and Codes of Ethics
• Planning of Business Processes
• Planning of Types of Controls
• Planning of Risk-based Audit Planning
• Planning of Types of Audits and Assessments

Execution

• Execution of Audit Project Management
• Execution of Sampling Methodology
• Execution of audit Evidence Collection Techniques o Data Analytics
• Execution of reporting and Communication Techniques
• Execution of Quality Assurance and Improvement of the Audit Process

Working Area 2-> Governance and Management of IT

 IT Governance and IT Strategy 

• IT Standards, Policies and Procedures o Organizational Structure
• Enterprise Architecture
• Enterprise Risk Management o Maturity Models
• Laws, Regulations and Industry Standards Affecting the Organization
• IT Management
•  IT Resource Management
• IT Service Provider Acquisition and Management of IT Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Working Area 3-> Information Systems Acquisition, Development and Implementation

• Information Systems Acquisition and Development o Project Governance and Management
• Business Case and Feasibility Analysis o System Development Methodologies
• Control Identification and Design
• Information Systems Implementation
• Testing Methodologies
• Configuration and Release Management
• System Migration, Infrastructure Deployment, and Data Conversion
• Post-implementation Review

Working Area 4-> IS Operations and Business Resilience

 

• Information Systems Operations
• Common Technology Components
• IT Asset Management
• Job Scheduling and Production Process Automation
• System Interfaces
• End-user Computing
• Data Governance
• Systems Performance Management
• Problem and Incident Management
• Change, Configuration, Release and Patch Management
• T Service Level Management
• Database Management
• Business Resilience
• Business Impact Analysis
• System Resiliency
• Data Backup, Storage and Restoration o Business Continuity Plan
• Disaster Recovery Plans

Working Area 5-> Information Asset Security and Control

 

• Information Asset Security Frameworks, Standards, and Guidelines o Privacy Principles
• Physical Access and Environmental Controls o Identity and Access Management
• Network and End-point Security o Data Classification
• Data Encryption and Encryption-related Techniques o Public Key Infrastructure
• Web-based Communication Technologies o Virtualized Environments
• Mobile, Wireless and Internet-of-things Devices
• Security Event Management
• Security Awareness Training and Programs
• Information System Attack Methods and Techniques o Security Testing Tools and Techniques
• Security Monitoring Tools and Techniques o Incident Response Management
• Evidence Collection and Forensics

 

Security Professional (CISSP)

Syllabus

• Cryptography
• Security Architecture and Design
• Operations Security
• Information Security Governance and Risk Management
• Software Development Security
• Business Continuity and Disaster Recovery Planning
• Telecommunications and Network Security
• Legal, Regulations, Investigations and Compliance
• Physical Security
• Access Control

Syllabus of EC-Council Certified SOC Analyst (CSA)

 

Understanding cyber threats, IoCs, and attack methodology

•  cyber threats and attacks
• Knowledge of  Network Level attacks
• Knowledge of  Host Level attacks
• Knowledge of  Application Level attacks
• Knowledge of  Indicators of Compromise (IoCs)
• Knowledge of  attacker’s Hacking Methodology

Incidents, events, and logging

• Knowledge of  fundamentals of incidents, events, and logging
• Explain the concepts of local logging
• Explain the concepts of centralized logging

Incident detection with Security Information and Event Management (SIEM)

• Knowledge of  basic concepts of Security Information and Event Management (SIEM)
• Knowledge of  different SIEM Solutions
• Knowledge of  SIEM Deployment
• Understanding of  different use case examples for Application-Level Incident Detection
• Understanding of  different use case examples for Insider Incident Detection
• Understanding of  different use case examples for Network Level Incident Detection
• Understanding of  different use case examples for Host Level Incident Detection
• Understanding of  different use case examples for Compliance
• Knowledge of the concept of handling alert triaging and analysis

Incident response

• Knowledge of  fundamental concepts of incident response
• Understanding of  various phases in Incident Response Process
• Understanding of  how to respond to Network Security Incidents
• Understanding of  how to respond to Application Security Incidents
• Understanding of  how to respond to Email Security Incidents
• Understanding of  how to respond to Insider Incidents
• Understanding of  how to respond to Malware Incidents

Security operations and management

• Knowledge of  SOC Fundamentals
• Knowledge of  components of SOC: People, processes and technology
• Knowledge of  implementation of SOC

 

Enhanced incident detection with threat intelligence

• Understanding of  fundamental concepts on threat intelligence
• Understanding of  different types of threat intelligence
• Understand how threat intelligence strategy is developed
• Understanding of  different threat intelligence sources from which intelligence can be obtained
• Understanding of  different Threat Intelligence Platform (TIP)
• Knowledge of  need of threat intelligence-driven SOC

 

 

 

MCQs Preparation for Assistant Manager Penetration Testing

• Computer Hacking Forensic Investigator (CHFI)
• Cyber Security Forensic Analyst (CSFA)
• Certified Ethical Hacker (CEH)
• EC-Council Certified Security Analyst
• Certified Information Systems
• Security Professional (CISSP)
• EC-Council Certified SOC Analyst (CSA)

MCQs Preparation for Network Security, SOC Analyst

• Computer Hacking Forensic Investigator (CHFI)
• Cyber Security Forensic Analyst (CSFA)
• Certified Ethical Hacker (CEH)
• EC-Council Certified Security Analyst
• Certified Information Systems
• Security Professional (CISSP)
• EC-Council Certified SOC Analyst (CSA)

MCQs Preparation for Assistant Manager (HRIS)

• Human Resource Information System(HRIS)
• Support and maintenance of HR System
• generating HR related reports
• managing system upgrades and maintains data integrity
• Analyzing HRIS performance System
• Integrating new software
• maintain data bases and running queries
• implementation of Technological advancement.

These MCQs are also best for Atomic Energy Commission Jobs.