FREE CPSA (CPIA) Questions and Answers

Question 1

When gathering evidence, you should start with the most volatile and work your way down.

Accepted Answer

RFC 3227 - 1

Answer

RFC 3227, titled 'Guidelines for Evidence Collection and Archiving,' provides recommendations for digital forensics. Principle 1 of this RFC specifically states that when gathering evidence, one should start with the most volatile data and proceed to the least volatile. This ensures that transient information, which can be easily lost (like RAM contents or network connections), is captured before it disappears.

Question 2

Data stored on a computer or other storage medium that may later be cited in court should not be altered by law enforcement authorities or their agents.

Accepted Answer

ACPO Guidelines - Principle 1

Answer

The ACPO (Association of Chief Police Officers) Guidelines for Computer-Based Electronic Evidence are fundamental principles in digital forensics. Principle 1 states that 'No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.' This principle emphasizes the importance of preserving the integrity of digital evidence to ensure its admissibility and reliability in legal proceedings.

Question 3

The steps performed from the moment an event is reported all the way up to its full rehabilitation, as well as post-incident evaluations.

Accepted Answer

What is Incident Response?

Answer

Incident response encompasses the structured approach an organization takes to manage and recover from a security breach or cyberattack. It involves a series of steps, from the initial detection and reporting of an event, through containment, eradication, and recovery, all the way to post-incident analysis and lessons learned, aiming to minimize damage and restore normal operations.

Question 4

A computer breach is a circumstance that affects a computer's C.I.A., either intentionally or unintentionally.

Accepted Answer

How Do We Define A Computer Breach or Intrusion?

Answer

A computer breach or intrusion is generally defined as any event that compromises the confidentiality, integrity, or availability (CIA triad) of a computer system or its data, whether intentionally or unintentionally. This can range from unauthorized access to data, data modification, or denial of service, impacting the security posture of an organization.

Question 5

The case officer, who is in charge of the inquiry, is ultimately responsible for making sure that the law and these principles are followed.

Accepted Answer

ACPO Guidelines - Principle 4

Answer

ACPO Guidelines Principle 4 states that 'The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.' This principle assigns ultimate accountability to the case officer for the proper conduct of a digital forensics investigation, ensuring compliance with legal requirements and forensic best practices.

CPSA Exam Practice Test

CPSA Exam Practice Test

FREE CPSA (CPIA) Questions and Answers