Final Exam BOOT-R-A-22-09

Mod1. Q1. Which of the following are not OSINT resources?

a) Hacking

b) Social Media

c) Databases

d) Websites

e) Blogs

Mod1. Q2. Evidence captured from the internet is always admissible in a court of law?

a) True

b) False

Mod2. Q3. Under GDPR and prevailing Data Protection legislation of EEA countries, when a data breach occurs, the country Data Protection authority should be notified of the breach within:

a) 48 hours

b) 5 working days

c) 72 hours

d) 10 working days

e) 30 days

Mod2. Q4. An OSINT practitioner in the UK is tasked to investigate the activities of a Chinese citizen who is normally resident in Shanghai and is visiting London on a purported vacation. There has been a report of possible criminal activity on the part of the Chinese citizen. Concerning Social Media accounts of the subject, the practitioner can:-

a) immediately locate and process the subjects Sina-Weibo account

b) process any Facebook account that the Subject might have

c) proceed as normal, the subject is in the UK and the UK-GDPR applies

d) locate a translator to help locate and process any accounts

e) seek both technical and legal advice concerning the safety of processing any accounts

Mod3. Q5. A 'Free' VPN is not recommended because activity is recorded and monetised by the provider?

a) True

b) False

Mod3. Q6. With regard to Passwords, it is best practice to:

a) Let a trusted person have your password in case you forget it

b) Use the same password for everything

c) Choose a long word from the dictionary

d) Use a password generator

e) Safely store a written copy of your passwords

Mod3. Q7. What is an Emulator?

a) A spyware application

b) A malware application

c) A software application with the capability to deploy a mobile app on a desktop

d) A software application specifically created for III (OSINT) investigations

e) None of the above

Mod4. Q8. When using a photograph for a Synthetic Identity, it's best practice to:

a) use a photo of a real person, without their permission

b) generate a photo with an online application that uses Artificial Intelligence

c) use a photo of a real person, but to get their permission

d) generate an avatar

e) None of the above

Mod4. Q9. Maintaining a Synthetic Identity is never a good idea. Better to create a new Synthetic Idendity for every deployment.

a) True

b) False

Mod5. Q10. POLE is an investigation structure acronym that does not include:

a) People

b) Objects

c) Locations

d) Events

e) Evidence

Mod5. Q11. Positive identifiction of Subject is not essential. It is safe to 'follow your gut' based on your experience as an OSINT practitioner.

a) True

b) False

Mod5. Q12. Where the instruction defines the scope of the investigation to process a Subject, the OSINT report should not include:

a) Details relating to a Subject of the investigation

b) Details relating to an Associate of a Subject

c) Details from a Social Media Account

d) Intelligence from News media articles

e) All of the above should be included in the report.

Mod6. Q13. On some occasions, an IP (Internet Protocol) address relating to a subject's internet use might assist an OSINT investigation?

a) True

b) False

Mod6. Q14. Concerning devices connected to the Internet of Things, which answer is most accurate?

a) All devices are always secured by internationally agreed standards

b) A device might allow access with no password

c) Only experienced network engineers can get access to devices in private homes

d) Devices will use only IPv4 addresses

e) They are easy to hack. Just 'Ping' them to acquire the login.

Mod6. Q15. Why is it necessary to record a numeric account ID?

a) In case the subject deletes the account

b) In case the subject changes their email address

c) In case the subject changes their name

d) In case the subject changes their phone number

e) In case the subject their Vanity name

Mod7. Q16. If there was a Russian element to your investigation, which of the following search engines should you consider using;

a) Google only

b) Google & Bing

c) Google & Yandex

d) Google & Baidu

e) Google & VK

Mod7. Q17. Which of the following is not a private search engine:

a) DuckDuckGo

b) Startpage

c) Bing

d) Metasearch

e) none of the above

Mod7. Q18. In Google, where would you find the calendar to search on a specific or custom time frame?

a) In Tools

b) In Advanced Search

c) In the Google Calendar

d) In the ‘last updated’ section

e) None of the above

Mod7. Q19. With a search engine such as Google, to search for a person with the name, Gemma Philips and who might work as a translator and who might have a LinkedIn profile; which is the most appropriate search query?

a) linkedin gemma philips translator

b) linkedin.com gemma philips translator

c) site:linkedin “gemma philips” translator

d) site:linkedin.com “gemma philips” translator

e) site:linkedin.com “gemma philips translator”

Mod8. Q20. Which of the following is a reverse image search site?

a) Ironeye

b) Coppereye

c) Tineye

d) Steeleye

e) Reverseye

Mod8. Q21. What most accurately describes a digital Thumbnail?

a) An image the size of an average person’s thumbnail

b) A reduced size version of an image

c) A cropped image

d) Software used to edit images

e) A 120 x 80 pixel image of a larger image

Mod8. Q22. One week from now, by road you plan to travel from the main railway station in Leicester to the Railway station at Bearsted, Maidstone. What is the distance, by road?

a) 140-145 miles

b) 150-155 miles

c) 160-165 miles

d) 170-175 miles

e) None of the above

Mod8. Q23. Deploy https://zoom.earth and measure the area from Blackpool to Leeds to Sheffield to Liverpool to Blackpool. In square miles, it is approximately?

a) 700

b) 1300

c) 1700

d) 2300

e) None of the above

Mod9. Q24. In most instances, an email header should be read from:

a) Left to right

b) Top to bottom

c) Right to left

d) Bottom to top

e) None of the above

Mod9. Q25. An email header may contain:

a) The IP address of the sender

b) The time and date the email was sent

c) The name of the device that the email was sent from

d) The time zone from which the email was sent

e) All of the above

Mod9. Q26. UTC is the abbreviation for:

a) Unilateral Time Conversion

b) Universal time conversion

c) Coordinated Universal Time

d) Universal Coordinated Time

e) None of the above

Mod9. Q27. A communication application such as WhatsApp will have the same user information displaying in the Desktop version & Mobile version

a) True

b) False

Mod10. Q28. What basic principles do all social media platforms use to identify a user?

a) Username / Email address / Telephone number

b) Real name / Mobile number / Contacts

c) Email address / Nationality / Hobbies

d) Updates / Location / Phone number

e) Real name / Email address / Telephone number

Mod10. Q29. If a LinkedIn account is located by way of a search engine, to view the account, it is best practice to:

a) click on the link and the view the account

b) click the link and login with your own account

c) click the link and access the account with a Synthetic Identity

d) there is no best practice, as it is not possible

e) none of the above

Mod10. Q30. LinkedIn searches cannot be filtered by:

a) Date of Birth

b) Location

c) Current or former companies

d) Industry types

e) Schools & colleges

Mod10. Q31. What does the blue tick badge indicate on a Twitter users account?

a) The account holder is a celebrity

b) The account has been verified by Twitter or is a Twitter Blue member

c) You are allowed to ‘follow’ the account holder

d) All Tweets on the account are confirmed as true

e) The account holder has self identified as a 'Public' person

Mod10. Q32. With help from some of the Twitter Account ID links on uk-osint.net; what is the Twitter Account Name linked to the Twitter Account ID Number of 18953259?

a) @PhillipSchofield

b) @Schofield

c) @Schofe

d) @PhilipSchofe

e) @SchofeP

Mod11. Q33. Under the Human Rights Act 1998, no video platform is permitted to display violent or extremist content in the UK

a) True

b) False

Mod11. Q34. To acquire a Flickr Account ID, search the source code with:

a) idGettr

b) UserID

c) AccountID

d) nsid

e) None of the above

Mod11. Q35. For Instagram, which is correct?

a) Third party sites that scrape Instagram, can be relied upon to display all data from all Instagram Accounts.

b) It is not necessary to login to Instagram to view all account data, including photos.

c) When using a Third Party Site, it is always possible to see who has ‘commented on’ or ‘liked’ an image.

d) Instagram is GDPR sensitive, to optimise access to user account details and images, always login with a Synthetic Identity based in the USA and a US VPN gateway.

e) None of the above

Mod11. Q36. YouTube video uploads might not display:

a) when the video was uploaded

b) when the video was recorded

c) the number of views

d) the Comments made by people

e) None of the above

Mod11. Q37. On TikTok, which resource cannot be deployed to download a video?

a) snaptik.app

b) tikmate.online

c) savett.cc

d) download.tiktok.com

e) All of the above

Mod12. Q38. When trying to locate the UserID of a Facebook user, the OSINT practitioner should access the Page Source from the:

a) Friends Section

b) Posts Section

c) Photos Section

d) Videos Section

e) Any of the above

Mod12. Q39. Facebook account UserIDs’. Which is true?

a) As an OSINT researcher, obtaining the UserID of a Facebook account is optional

b) If a Facebook user changes their Vanity name, the UserID will change as well

c) The Facebook UserID is the same as the Facebook Vanity name

d) If a Facebook user changes their Vanity name, the UserID will not allow you to identify their account

e) None of the above

Mod12. Q40. From the Facebook account of Nick Gargan who lives in York, how many Facebook Friends does the account holder have, with a surname of Gargan?

a) less than 5

b) between 5 - 10

c) between 11 - 15

d) between 16 - 20

e) more than 21

Mod12. Q41. True or False? On Facebook, it should be anticipated that Facebook will record that your account as having “looked at" in a subject’s profile.

a) True

b) False

Mod12. Q42. Which is correct? The social media platform OK (Odnoklassniki), can be searched:

a) but leaves a user footprint

b) only when logged in

c) with a Google ‘site:’ search

d) in the Google cache

e) all of the above

Mod13. Q43. You are a journalist researching Donald Trump Jr. (selected only as a good training example). You are reasonably sure he lives in Trump Tower on 5th Avenue New York, but the building has 64 floors. You want to know which floor he lives on. From his Facebook page you know that he files small aircraft. You access https://amsrvs.registry.faa.gov/airmeninquiry/main.aspx. Your research indicates that he does indeed live in Trump Tower, and he resides on the:-

a) 61 Floor

b) 56 Floor

c) 52 Floor

d) 25 Floor

e) None of the above

Mod13. Q44. To locate an aircraft with Registration mark G-BPZB, search for the Civil Aviation Authority (UK) website. What is the make and model of the aircraft?

a) Bolkow Bo 207

b) Cessna 120

c) Agusta A109E

d) Beech B24R

e) None of the above

Mod13. Q45. A member of the public reports that they know for a fact that a doctor who is treating members of the public and was registered with the General Medical Council does not have a licence to practice. The doctor is called Matthew TYSON. Your investigation concludes that the allegation is:

a) True

b) False

Mod13. Q46. The son of an elderly woman living in Cardiff had hired a carer to visit his mother each day. He reports that several valuable items have been stolen from the property. He reports that the carer is called Lili Binyon. Your initial enquiries cannot locate a person called Binyon so you access https://socialcare.wales You discover that the carer:-

a) Has an exemplary record

b) Works at Shire Hall Care Home in Cardiff Bay

c) Was never registered as a carer in Wales

d) Might have an issue with controlled substances

e) None of the above

Mod14. Q47. Concerning Reddit, which is correct?

a) Reddit is a Blogging platform

b) Reddit native search is accurate & reliable

c) Google Advanced search with site: is highly effective & reliable

d) While not logged in, Reddit can be processed with an external search resource

e) None of the above

Mod14. Q48. Using redective.com what is the timestamp of the creation of the Reddit Community reddit.com/r/DanBongino

a) 07/04/2018, 21:49:31

b) 07/05/2017, 21:49:31

c) 07/05/2018, 20:49:31

d) 07/05/2018, 19:49:31

e) None of the above

Mod14. Q49. Following a search on TripAdvisor for the user name MizJordo, a review of the DoubleTree by Hilton Hotel New York Times Square West, can be located. On May 18, 2018 what was the name of the General Manager?

a) Jenny Cool

b) Robert Warm

c) Richard Hotter

d) Priscilla Boiling

e) None of the above

Mod14. Q50. Locate the profile of the user AdrianM on TripAdvisor. In March 2022 how did Adrian report that he had travelled to Patong Beach. On

a) foot

b) Bicycle

c) Scooter

d) Tuk-tuk

e) None of the above

Mod15. Q51. Only the top 5 cryptocurrencies deploy the Blockchain?

a) True

b) False

Mod15. Q52. A Crypto-wallet can

a) store different crypto-currencies

b) be owned by a Public Authority

c) store NFTs

d) be owned by a large corporation

e) all of the above

Mod15. Q53. The Dark Web and the TOR Network are the same thing

a) True

b) False

Mod15. Q54. Which is correct? A web site on the Dark Web...

a) is always secured with a Captcha process

b) always requires the user to create a secure account

c) is always hosted on an encrypted Microsoft server

d) can have any Top Level Domain

e) is accessed only by an encrypted network

Mod16. Q55. haveibeenpwned.com indicates that the hotmail.com account of user boulliebeest was compromised in an Adobe.com breach. What personal data was probably not compromised?

a) Email address

b) Password hint

c) Password

d) Username

e) None of the above

Mod16. Q56. The data breach resource haveibeenpwned.com indicates no breach for the yahoo.com account of mikemeissner10 on which of the five platforms listed below?

a) myspace.com

b) neteller.com

c) netmediaonline.com

d) rivercitymediaonline.com

e) verifications.io

Mod16. Q57. On 17 January 2019 what was a password deployed by the gmail user anthony.d.jackman that was published by the data breach resource IntelligenceX ?

a) tyler5ucks

b) raider1284

c) fast3348437

d) 1panda1

e) none of the above

Mod16. Q58. On the resource IntelligenceX a search query with the email address conlan697@btinternet.com provides a summary of 29 data dumps. How many were in 2021?

a) 3

b) 4

c) 5

d) 6

e) none of the above

Mod17. Q59. Command line tools only work in a Browser

a) True

b) False

Mod17. Q60. In general, it is preferable to perform command line OSINT processes on which operating system?

a) Windows

b) Linux

c) MAC OS

d) Symbian

e) None of the above