McAfee CCII Exam Practice Test Instant Access

Question 1

Which of the following is a common OSINT tool used for gathering domain information?

AWHOIS Lookup

BVirtual Private Networks (VPNs)

CDark web marketplaces

DGoogle Translate

Answer : A

Comprehensive and Detailed In-Depth

WHOIS Lookup provides public registration details about a domain, including:

Owner details (if not protected by privacy services).

Hosting provider and IP addresses.

Historical domain records for tracking ownership changes.

Investigators use WHOIS data for website attribution, fraud detection, and cyber threat intelligence.

Question 2

What technique can be used to track cryptocurrency transactions in cybercrime investigations?

ABlockchain analysis

BReverse IP lookup

CDark web forums

DPhishing attacks

Answer : A

Comprehensive and Detailed In-Depth

Blockchain analysis helps track cryptocurrency transactions by:

Following transaction history using blockchain explorers (e.g., Bitcoin, Ethereum).

Identifying wallets and linking them to known entities.

Detecting laundering patterns used in illicit activities (e.g., mixing services).

While dark web forums and phishing are methods used to obtain private keys, blockchain analysis is a forensically sound technique used by law enforcement.

Question 3

What is the best way to collect evidence from an online forum without alerting suspects?

ATaking screenshots and downloading web pages

BPosting in the forum to gather information

CUsing automation tools to scrape all data at once

DContacting the forum administrator immediately

Answer : A

Comprehensive and Detailed In-Depth

Covert evidence collection requires a low-profile approach to prevent alerting suspects.

Screenshots and web downloads preserve evidence without modifying website logs.

Avoid direct engagement (e.g., posting, commenting) to maintain anonymity.

Automation tools may violate Terms of Service and cause detection.

Investigators must use legally accepted methods and ensure the chain of custody for digital evidence.

Question 4

Which of the following is the most effective method for verifying a suspect's online identity?

AChecking multiple social media accounts for consistency

BUsing a single source for confirmation

CRelying on unverified third-party information

DAssuming identity based on email address alone

Answer : A

Comprehensive and Detailed In-Depth

Verifying an online identity requires cross-referencing multiple sources to establish consistency in:

Username patterns across different platforms.

Profile photos and metadata analysis.

Publicly available records and connections.

Using a single source or unverified third-party data can lead to false positives, making multiple-source verification a key practice in cyber investigations.

Question 5

What is a proxy server?

AA device that masks your computer IP address to appear you are somewhere else

BA household device

CA device that hides your information

Answer : A

Aproxy serveris a network intermediary that reroutes internet traffic, masking a user'strue IP address. This technique is widely used incyber intelligence, OSINT investigations, andanonymity-based operationsto enhance privacy and bypass geographical restrictions.

McAfee Institute Cyber Intelligence Investigator Training

Cybersecurity & Proxy Anonymity Reports

Ethical Hacking Guides

Question 6

Computer crimes can be separated into two categories:

ACrimes facilitated by a computer and crimes where a computer or network is the target

BCrimes where an animal was involved and crimes not on the internet

US. Digital Fraud and Cybersecurity Legislation

Answer : A

Cybercrimes are categorized into:

Crimes facilitated by computers(e.g., fraud, phishing, online scams).

Crimes where computers are the target(e.g., hacking, ransomware, data breaches).

Understanding these categories helps investigatorsapply relevant legal frameworksandforensic methodologies.

McAfee Institute Cybercrime Classification Guide

FBI Cybercrime Division Reports

Question 7

The preservation letter does not legally require the ISP to turn over its records.

ATrue

BFalse

US. Cyber Law & Digital Evidence Guide
ISP Data Handling and Compliance Guidelines
McAfee Institute Cyber Law and Investigation Training

Answer : A

Apreservation letteronlyrequires ISPs to retain data, but it doesnot authorize access. Investigators must obtain:

A court order

A subpoena

A search warrant

This ensurescompliance with privacy lawswhile protecting investigation integrity.

McAfee CCII Certified Cyber Intelligence Investigator Exam Practice Test