Final Exam BOOT-U-A-22-09

Mod1. Q1. Intelligence from which sources is OSINT?

a) Hacking / Blagging

b) Cell Site Analysis

c) Data on local computers in public libraries

d) Mobile Devices

e) All of the above

Mod1. Q2. Screen recording is a safe effective and reliable way to take an eForensic record of an online investigation?

a) True

b) False

Mod2. Q3. The UK-GDPR can into effect on which date?

a) 28 May 2018

b) 1 January 2019

c) 1 January 2020

d) 1 January 2021

e) None of the above

Mod2. Q4. The Computer Misuse Act 1990 does not relate to III (OSINT) investigtions?

a) True

b) False

Mod3. Q5. What does VPN stand for?

a) Virtual Private Network

b) Virtual Primary Network

c) Virtual Phone Number

d) Virtual Program Network

e) None of the above

Mod3. Q6. It is best policy to apply the same password for all online accounts?

a) True

b) False

Mod3. Q7. A computer fingerprint does not include...

a) Screen resolution

b) Browser Type and version

c) IP Address

d) Operating system

e) MAC Address

Mod4. Q8. Facebook terms and conditions are not legislation. However, where a user breaks the terms and conditions, Facebook reserves the right to close the user’s account.

a) True

b) False

Mod4. Q9. For an investigation of a specific group, it is recommended to create a Synthetic Identity that shall:

a) fit in with members of that group

b) conflicts with and has no commonality with the group

c) identifies with an opposing group

d) has no relevance, as grouping is irrelevant when using a Synthetic Identity

e) None of the above

Mod5. Q10. POLE stands for People, Occasions, Locations & Events

a) True

b) False

Mod5. Q11. During an III (OSINT) investigation process, what should not be recorded?

a) the full url of all websites visited

b) the date and time that websites were visited

c) only the urls of webpages that have provided valuable intelligence or material

d) the purpose of the investigation

e) all of the above

Mod5. Q12. Which of the following is not a recognised intelligence grading model?

a) NIM 2x5x3

b) NIM 3x5x2

c) NIM 5x5x5

d) US Army/NATO

e) One of the above

Mod6. Q13. On some occasions, an IP (Internet Protocol) address relating to a subject's internet use might assist an III (OSINT) investigation?

a) True

b) False

Mod6. Q14. In the <body> of a web page Source Code, which of the following may be intentionally hidden?

a) Author name and contact details

b) The data and time the page was last accessed

c) IP addresses of previous visitors

d) Text that communicates a message

e) All of the above

Mod6. Q15. Locating which of the following indicates good progress with an III (OSINT) investigation?

a) Vanity names

b) Email addresses

c) Relatives

d) Photographs

e) All of the above

Mod7. Q16. If there was a Russian element to your investigation, which of the following search engines should you consider using;

a) Google only

b) Google & Bing

c) Google & Yandex

d) Google & Baidu

e) Google & VK

Mod7. Q17. What is the benefit of using a Meta Search engine?

a) It searches deeper in to the internet

b) It returns more precise results

c) It searches multiple search resources at the same time

d) It affords greater security for the practitioner

e) None of the above

Mod7. Q18. In Google, where would you find the calendar to search on a specific or custom time frame?

a) In Tools

b) In Advanced Search

c) In the Google Calendar

d) In the ‘last updated’ section

e) None of the above

Mod7. Q19. Where searching Google, what do quotation marks “ “ in the search query do?

a) Returns details of what a person has been quoted to say online.

b) Returns only results concerning names of subjects

c) Filters text from numerics

d) Returns only results for the exact search query in the quotation marks

e) None of the above

Mod8. Q20. ‘EXIF’ stands for?

a) Exchangeable Image File Format

b) Exceptional Image Formula

c) Exchangeable Image File Formula

d) Exceptional Image Format

e) None of the above

Mod8. Q21. What most accurately describes a digital Thumbnail?

a) An image the size of an average person’s thumbnail

b) A reduced size version of an image

c) A cropped image

d) Software used to edit images

e) A 120 x 80 pixel image of a larger image

Mod8. Q22. One week from now, by road you plan to travel from the main railway station in Leicester to the Railway station at Bearsted, Maidstone. What is the distance, by road?

a) 140-145 miles

b) 150-155 miles

c) 160-165 miles

d) 170-175 miles

e) None of the above

Mod8. Q23. Deploy https://zoom.earth and measure the area from Blackpool to Leeds to Sheffield to Liverpool to Blackpool. In square miles, it is approximately?

a) 700

b) 1300

c) 1700

d) 2300

e) None of the above

Mod9. Q24. UTC is the abbreviation for:

a) Unilateral Time Conversion

b) Universal time conversion

c) Coordinated Universal Time

d) Universal Coordinated Time

e) None of the above

Mod9. Q25. A communication application such as WhatsApp will have the same user information displaying in the Desktop version & Mobile version

a) True

b) False

Mod9. Q26. In most instances, an email header should be read from:

a) Left to right

b) Top to bottom

c) Right to left

d) Bottom to top

e) None of the above

Mod9. Q27. In the full header of an e-mail, reading from the bottom up, to identify the senders IP address, we are looking for:

a) The last address with

b) The 1st IP address in [ ]

c) The 1st IP address that starts with a 10.

d) Any of the above

e) None of the above

Mod10. Q28. The practitioner should create a new and different Synthetic Identity for every social media platform that will be investigated?

a) True

b) False

Mod10. Q29. If a LinkedIn account is located by way of a search engine, to view the account, it is best practice to:

a) click on the link and the view the account

b) click the link and login with your own account

c) click the link and access the account with a Synthetic Identity

d) there is no best practice, as it is not possible

e) None of the above

Mod10. Q30. When investigating LinkedIn, it is best practice to create an account with:

a) your own e-mail but a different name

b) an e-mail created only for the LinkedIn account

c) the credentials of a Synthetic Identity

d) an e-mail address @gmail.com

e) None of the above

Mod10. Q31. Which way can you locate a Twitter account?

a) Twitter Advanced search

b) Google Advanced search

c) Using a Synthetic Identity and a Twitter account

d) All of the above

Mod10. Q32. With help from some of the Twitter Account ID links on uk-osint.net; what is the Twitter Account Name linked to the Twitter Account ID Number of 18953259?

a) @PhillipSchofield

b) @Schofield

c) @Schofe

d) @PhilipSchofe

e) @SchofeP

Mod11. Q33. Using the linked search from the Instagram page on uk-osint.net, who is the Instagram Account numeric ID Number 217939928 assigned to?

a) Tom Fletcher / tomfletcher

b) Philip Schofield / schofe

c) Holly Willoughby / hollywilloughby

d) Richard Bacon/ richardpbacon

e) None of the above

Mod11. Q34. YouTube video uploads might not display:

a) when the video was uploaded

b) when the video was recorded

c) the number of views

d) the Comments made by people

e) None of the above

Mod11. Q35. On TikTok, which resource cannot be deployed to download a video?

a) snaptik.app

b) tikmate.online

c) savett.cc

d) download.tiktok.com

e) All of the above

Mod11. Q36. Under the Human Rights Act 1998, no video platform is permitted to display violent or extremist content in the UK

a) True

b) False

Mod11. Q37. To acquire a Flickr Account ID, search the source code with:

a) idGettr

b) UserID

c) AccountID

d) nsid

e) None of the above

Mod12. Q38. True or False? On Facebook, it should be anticipated that Facebook will record that your account as having “looked at" in a subject’s profile.

a) True

b) False

Mod12. Q39. From the Facebook account of Nick Gargan who lives in York, how many Facebook Friends does the account holder have, with a surname of Gargan?

a) less than 5

b) between 5 - 10

c) between 11 - 15

d) between 16 - 20

e) more than 21

Mod12. Q40. When trying to locate the UserID of a Facebook user, the III (OSINT) practitioner should access the Page Source from the:

a) Friends Section

b) Posts Section

c) Photos Section

d) Videos Section

e) Any of the above

Mod12. Q41. Which is correct? The social media platform OK (Odnoklassniki), can be searched:

a) but leaves a user footprint

b) only when logged in

c) with a Google ‘site:’ search

d) in the Google cache

e) all of the above

Mod12. Q42. When researching Facebook with a Synthetic Identity, which of these answers is not advisable?

a) To create a Synthetic Identity only for Facebook research

b) To make the Synthetic Identity legend private

c) To make the Synthetic Identity account visible to only your Friends

d) To display Posts to Friends and not to everyone.

e) None of the above

Mod13. Q43. To locate financial intelligence about the property at the Basement Flat at 66 Caledonian Road, London N1 9DP Access https://www.gov.uk to find a business rates valuation. The rateable value of the property is:

a) £10,250

b) £11,250

c) £12,250

d) £13,250

e) None of the above

Mod13. Q44. You are a journalist researching Donald Trump Jr. (selected only as a good training example). You are reasonably sure he lives in Trump Tower on 5th Avenue New York, but the building has 64 floors. You want to know which floor he lives on. From his Facebook page you know that he files small aircraft. You access https://amsrvs.registry.faa.gov/airmeninquiry/main.aspx. Your research indicates that he does indeed live in Trump Tower, and he resides on the:-

a) 61 Floor

b) 56 Floor

c) 52 Floor

d) 25 Floor

e) None of the above

Mod13. Q45. The son of an elderly woman living in Cardiff had hired a carer to visit his mother each day. He reports that several valuable items have been stolen from the property. He reports that the carer is called Lili Binyon. Your initial enquiries cannot locate a person called Binyon so you access https://socialcare.wales You discover that the carer:-

a) Has an exemplary record

b) Works at Shire Hall Care Home in Cardiff Bay

c) Was never registered as a carer in Wales

d) Might have an issue with controlled substances

e) None of the above

Mod13. Q46. A member of the public reports that they know for a fact that a doctor who is treating members of the public and was registered with the General Medical Council does not have a licence to practice. The doctor is called Matthew TYSON. Your investigation concludes that the allegation is:

a) True

b) False

Mod14. Q47. Using redective.com what is the timestamp of the creation of the Reddit Community reddit.com/r/DanBongino

a) 07/04/2018, 21:49:31

b) 07/05/2017, 21:49:31

c) 07/05/2018, 20:49:31

d) 07/05/2018, 19:49:31

e) None of the above

Mod14. Q48. Following a search on TripAdvisor for the user name MizJordo, a review of the DoubleTree by Hilton Hotel New York Times Square West, can be located On May 18, 2018 what was the name of the General Manager?

a) Jenny Cool

b) Robert Warm

c) Richard Hotter

d) Priscilla Boiling

e) None of the above

Mod14. Q49. Concerning Reddit, which is correct?

a) Reddit is a Blogging platform

b) Reddit native search is accurate & reliable

c) Google Advanced search with site: is highly effective & reliable

d) While not logged in, Reddit can be processed with an external search resource

e) None of the above

Mod14. Q50. Locate the profile of the user AdrianM on TripAdvisor. In March 2022 how did Adrian report that he had travelled to Patong Beach. On

a) foot

b) Bicycle

c) Scooter

d) Tuk-tuk

e) None of the above

Mod15. Q51. Which of the following statements is correct.

a) A connection to an onion site is 'end to end' encrypted, going through at least two relays.

b) TOR directs internet traffic through a free worldwide volunteer network.

c) TOR conceals a user’s location and usage from anyone conducting network surveillance

d) TOR is a network

e) All of the above

Mod15. Q52. Which is correct? A web site on the Dark Web...

a) is always secured with a Captcha process

b) always requires the user to create a secure account

c) is always hosted on an encrypted Microsoft server

d) can have any Top Level Domain

e) is accessed only by an encrypted network

Mod15. Q53. Bitcoin was designed to be a totally anonymous way of transferring money?

a) True

b) False

Mod15. Q54. A Crypto-wallet can

a) store different crypto-currencies

b) be owned by a Public Authority

c) store NFTs

d) be owned by a large corporation

e) all of the above

Mod16. Q55. The data breach resource haveibeenpwned.com indicates no breach for the yahoo.com account of mikemeissner10 on which of the five platforms listed below?

a) myspace.com

b) neteller.com

c) netmediaonline.com

d) rivercitymediaonline.com

e) verifications.io

Mod16. Q56. On 17 January 2019, what was a password deployed by the gmail user michellejane149 that was published by the data breach resource IntelligenceX with date format 2019.01.17 ?

a) search123

b) zxcvfr4

c) asdewq1

d) passwordxxx

e) None of the above

Mod16. Q57. On the resource IntelligenceX a search query with the email address conlan697@btinternet.com provides a summary of 28 data dumps. How many were in 2021?

a) 3

b) 4

c) 5

d) 6

e) None of the above

Mod16. Q58. haveibeenpwned.com indicates that the hotmail.com account of user boulliebeest was compromised in an Adobe.com breach. What personal data was probably not compromised?

a) Email address

b) Password hint

c) Password

d) Username

e) None of the above

Mod17. Q59. Command line tools only work in a Browser

a) True

b) False

Mod17. Q60. In general, it is preferable to perform command line OSINT processes on which operating system?

a) Windows

b) Linux

c) MAC OS

d) Symbian

e) None of the above