McAfee CCII Exam Practice Test Instant Access

Question 1

Before evidence can be presented in court, it must be competent, relevant, and material to the issue and must be presented in compliance with the rules of evidence.

ATrue

BFalse

Answer : A

For digital evidence to beadmissible in court, it must meet three key criteria:

Competence-- Evidence must be authentic and legally obtained.

Relevance-- Evidence must relate to the case.

Materiality-- Evidence must have a direct impact on proving an element of the crime.

Failure to meet these criteria may result inevidence exclusion.

McAfee Institute Digital Evidence Standards

DOJ Federal Rules of Evidence

Cyber Investigations Legal Framework

Question 2

Please indicate the best method for saving electronic records of the search results:

AScreen recording software

BBookmark

CSave webpage

Answer : C

Savingentire webpagesensures that:

Metadata, timestamps, and digital artifactsare preserved.

Evidence remains admissiblein court.

Data tampering risks are minimized.

Forensic tools likeHunchly, Webrecorder, and OSINT Captureare commonly used.

McAfee Institute Digital Investigation Handbook

FBI Digital Evidence Capture Guidelines

Federal Cyber Investigation Procedures

Question 3

Intelligence personnel must never save the search results that satisfy the research objective as it has no bearing on a case.

ATrue

BFalse

Answer : B

Savingsearch results, screenshots, and metadatais critical forevidence preservationin OSINT investigations. Investigators must:

Document findingsfor verification.

Maintain chain of custodyfor legal admissibility.

Ensure evidence integritythrough timestamping and forensic validation.

Failure to save results canjeopardize case validity.

McAfee Institute OSINT Techniques Guide

Federal Digital Evidence Collection Procedures

DOJ Cyber Intelligence Training

Question 4

Please select the steps in the evidence life cycle:

ACollection and identification

BStorage, preservation, and transportation

CPresentation in court

DReturned to the victim (i.e., the owner)

EAll of the above

Answer : E

Theevidence life cyclein cyber investigations consists of multiple steps:

Collection and identification-- Gathering digital evidence while maintaining integrity.

Storage, preservation, and transportation-- Ensuring secure storage to prevent tampering.

Presentation in court-- Providing evidence in a legally admissible manner.

Returned to the victim-- In cases where applicable, digital devices or data are returned.

Following these steps ensureschain of custody is maintainedandevidence is legally sound.

McAfee Institute Digital Evidence Handbook

DOJ Chain of Custody Guidelines

Federal Digital Investigation Procedures

Question 5

Mobile forensics acquisition is:

AThe process of imaging and otherwise obtaining information from a mobile device and its associated media

BThe process of obtaining digital evidence from a mobile device

CThe extraction of information from a mobile device, hardware, and software

DThe process of discovering, seizing, and collecting digital evidence from a mobile device

Answer : D

Mobile forensics acquisitioninvolvessecuring, extracting, analyzing, and documenting digital evidencefrommobile devices, ensuring integrity forlegal proceedings. Investigators use tools like:

Cellebrite

Oxygen Forensic Detective

XRY

This process ensures evidence iscollected, preserved, and admissible in court.

McAfee Institute Mobile Forensics Guide

Federal Mobile Device Investigation Framework

Law Enforcement Digital Evidence Protocols

Question 6

The United States Secret Service was originally created to:

AInvestigate and prevent the counterfeiting of US currency

BProtect the President of the United States

CProtect the Vice President of the United States

US. Secret Service History and Reports
Financial Crimes Investigation Manual
McAfee Institute Cyber Crime Investigator Training

Answer : A

TheUnited States Secret Service (USSS)was originally founded in1865to combatcounterfeiting, which was a significant issue post-Civil War. The agency later expanded its role to include:

Financial crimesinvestigations.

Cyber fraud detection and prevention.

Protective services for high-ranking officials(added later).

Today, the USSS plays a key role infinancial cybercrime investigations.

Question 7

A legal factor of computer-generated evidence is that it is considered hearsay.

ATrue

BFalse

US. Federal Rules of Evidence (Rule 803)
McAfee Institute Digital Forensics Guide
Legal Standards for Cyber Evidence Admissibility

Answer : A

Computer-generated evidence, such aslog files, metadata, and automated reports, is often classified ashearsaybecause it lacks a human declarant. However, exceptions exist under:

Business records exception-- If logs are kept in the regular course of business.

Public records exception-- If data is collected by government agencies.

Forensic investigators usehash verification and timestamp validationto ensure evidence reliability.

McAfee CCII Certified Cyber Intelligence Investigator Exam Practice Test