Certified Cyber Intelligence Investigator (CCII) Questions and Answers
A virus is a program that attaches itself to a program or file. This allows it to spread across networks and cause damage to software and hardware.
In Rosenberg v. Collins, the court held that if the computer output is used in the regular course of business, the evidence shall be admitted.
Homeland Security is prosecuting international cases of human trafficking.
The first broad class is the "application of intelligence," which deals with knowledge related to a specific crime. Intelligence analysis that produces information about new methods and indicators in the uses of improvised explosive devices (IED) by jihadists, for example, is the "application of intelligence."
Investigators may legally impersonate a false identity online during OSINT investigations.
NSI embodies both policy intelligence and central intelligence.
There are no laws that require an ISP to maintain their data for a length of time.
Which one of the following methods best reflects how thieves stash their stolen goods?
Which of the following is the most effective method for verifying a suspect’s online identity?
GSM stands for Global System for Mobile Communications.
Computer crimes can be separated into two categories:
What is the number one type of online fraud?
Often, "information sharing" and "intelligence sharing" are used interchangeably by persons who do not understand the subtleties—yet importance—of the distinction.
How do online fraudsters hide their identities?
The next step is a vulnerability assessment of probable targets.
State and local law enforcement have held the primary responsibility for investigating and prosecuting organized retail crime.
Four types of computer-generated evidence are:
Visual output on the monitor
Printed evidence on a printer
Printed evidence on a plotter
Film recorder (to include optical drive and media).
The CCII program and manual should be viewed as a living document and learning environment.
It is NOT important to capture the URLs of a potential suspect's social media account.
How is a privacy policy used in social networks?
What is the best way to collect evidence from an online forum without alerting suspects?
You should always take screen captures of a suspect's profile online to preserve it as potential evidence.
Hearsay is second-hand evidence – which means it is not gathered from the personal knowledge of the witness but from other sources.
What is Organized Retail Crime (ORC)?
A UICC does contain volatile and non-volatile memory.
The most common types of evidence include:
The United States Secret Service (USSS) is responsible for financial crimes around the United States.
Operational intelligence is considered:
Non-delivery of goods is when a seller doesn’t receive money for a product ordered by a buyer.
Preservation of physical and digital evidence is mandatory for a successful investigation.
Which of the following is a well-known search engine used for OSINT investigations?
A worm is almost similar to a virus, except that it doesn't need the execution of any executable file to get activated.
One of the most important weapons in a cybercrime investigator’s arsenal is a letter requesting that the ISP preserve the data.
Federal law enforcement can only gather proprietary information concerning an incident in the following ways:
The phrase "law enforcement intelligence," used synonymously with "criminal intelligence," refers to law enforcement’s responsibility to enforce the criminal law.
Just like a hostname can be changed, a MAC address can also be changed through a process called MAC Spoofing.
To ensure that only relevant and reliable evidence is entered into the proceedings, the judicial system has adopted the following concept of admissibility:
Tactical intelligence is considered actionable intelligence about imminent or near-term threats that is disseminated to the line functions of law enforcement.
The preservation letter does not legally require the ISP to turn over its records.
