C.  Processing

                    D.  Presentation


               14.  Gary is a system administrator and is testifying in court about a
                    cybercrime incident. He brings server logs to support his
                    testimony. What type of evidence are the server logs?

                    A.  Real evidence

                    B.  Documentary evidence

                    C.  Parole evidence

                    D.  Testimonial evidence

               15.  If you need to confiscate a PC from a suspected attacker who does
                    not work for your organization, what legal avenue is most

                    appropriate?

                    A.  Consent agreement signed by employees.

                    B.  Search warrant.

                    C.  No legal avenue is necessary.

                    D.  Voluntary consent.

               16.  Why should you avoid deleting log files on a daily basis?

                    A.  An incident may not be discovered for several days and valuable
                        evidence could be lost.

                    B.  Disk space is cheap, and log files are used frequently.

                    C.  Log files are protected and cannot be altered.


                    D.  Any information in a log file is useless after it is several hours
                        old.

               17.  What phase of the Electronic Discovery Reference Model examines
                    information to remove information subject to attorney-client
                    privilege?

                    A.  Identification

                    B.  Collection