McAfee CCII 시험

Question No : 1

If an investigator can positively identify an online identity as belonging to a specific suspect, the investigator might also be able to develop further leads about co-conspirators based on other identities contained in their friend's network.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
Bymapping online social networks, investigators can:
Uncover associates and co-conspirators.
Track illicit activities via connections.
Analyze communications between criminal groups.
Reference: McAfee Institute CCII OSINT Techniques, Cyber Crime Investigator’s Field Guide.

Question No : 2

Just like a hostname can be changed, a MAC address can also be changed through a process called MAC Spoofing.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
MAC spoofingallows attackers tochange their network identity, making tracking harder.Cybercriminals use it to:
Bypass network security measures(e.g., MAC filtering).
Evade law enforcement trackingin cyber investigations.
Appear as another devicein network logs.
Reference: McAfee Institute CCII Cyber Threat Guide, The Hitchhiker’s Guide to Online Anonymity.

Question No : 3

Hostnames are the system names assigned by a computer by the system, user, or owner.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
Ahostnameis aunique identifier assigned to a computer on a network.
Used innetwork security and OSINT investigationstotrack users and devices.
Law enforcement can subpoena ISPsto obtainhostname logs and associated IPsin cyber investigations.
Reference: McAfee Institute CCII Cyber Intelligence Guide, OSINT Handbook.

Question No : 4

Shoplifters who used drugs and traveled by train often bought tickets.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
Addiction-driven shoplifters oftenuse trains or public transportationto move betweenmultiple retail locations, stealing and selling items to fund their drug use.Buying tickets avoids suspicionand allows
them tomove freely without using personal vehicles (which could be traced).
Reference: McAfee Institute CCII Retail Theft Analysis, Cyber Crime Investigator’s Field Guide.

Question No : 5

Those forced to travel and steal did so because they were too well known locally, but they normally returned to their local area in order to sell.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
Many thieves and organized retail crime rings operateacross multiple jurisdictionsto avoid law enforcement detection. However, they often return to theirhome territory to sell goods, where they havetrusted contacts, fences, or buyers.
Reference: McAfee Institute CCII Retail Crime Guide, Cybercrime Encyclopedia.

Question No : 6

Which one of the following methods best reflects how thieves stash their stolen goods?

• A.At McDonald's in the bathroom
• B.Back alleys were used to stash and to transport stolen goods by thieves on foot
• C.Stolen goods are never dumped or stashed

답을 확인하기

정답:
Explanation:
Thieves commonly useback alleys, abandoned buildings, or hidden storage locationsto stash stolen goods temporarily before transport.Reasons include:
Avoiding immediate detectionafter committing theft.
Waiting for an opportunity to move goods to buyerswithout being tracked.
Using intermediaries to pick up and distribute goodsfrom hidden locations.
Reference: McAfee Institute CCII Organized Crime Analysis, Cyber Crime Investigator’s Field Guide.

Question No : 7

Thieves, in general, are motivated to steal and sell goods because they can quickly convert them for money.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
The primarymotivation behind theftis the ability toquickly convert stolen goods into cash. This is seen in:
Pawn shop transactions
Online marketplaces (e.g., eBay, Facebook Marketplace)
Dark web black markets
Selling through fences (middlemen who resell stolen goods)Quick conversion reduces the chance
oflaw enforcement tracking the stolen goodsand makestheft an attractive, high-profit crimefor criminals.
Reference: McAfee Institute CCII Financial Crime Guide, Cyber Crime Investigator’s Field Guide.

Question No : 8

What is the general modus operandi for thieves selling & transporting stolen goods?

• A.Many thieves had around 20-30 people and retail outlets where they felt they could "safely" sell stolen goods.
• B.Fences liked to sell goods out of their houses.
• C.Boosters are the best at selling counterfeit goods.

답을 확인하기

정답:
Explanation:
Organized retail theft groups operatein networks, usingmultiple people(20-30 members) tosteal and distribute goods. These stolen goods are typically:
Sold through legitimate-looking businessesto avoid detection.
Funneled into black marketsor international criminal enterprises.
Sold online through fake accounts or social media marketplaces.Understanding thismodus operandihelps law enforcementtrack and dismantleorganized retail crime rings.
Reference: McAfee Institute CCII Retail Crime Analysis, Cybercrime Encyclopedia.

Question No : 9

Prevention involves gaining or developing information related to threats of crime or terrorism and using it to apprehend offenders, harden targets, and use strategies that will eliminate or mitigate the threats.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
Prevention is acore function of intelligence and law enforcement operations. It involves:
Collecting intelligence on potential threatsbefore they materialize.
Identifying criminal or terrorist activitiesthrough surveillance and OSINT.
Hardened security measuresfor potential targets (e.g., increasing cybersecurity, bordersecurity).
Taking legal actionagainst identified offenders (e.g., arrests, asset seizures).Byusing proactive intelligence gathering, agencies candisrupt crime networks, prevent terrorist attacks, and reduce financial fraud.
Reference: McAfee Institute CCII Threat Prevention Module, Cyber Crime Investigator’s Field Guide.

Question No : 10

Tactical intelligence is considered actionable intelligence about imminent or near-term threats that is disseminated to the line functions of law enforcement.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
Tactical intelligencefocuses onimmediate threats that require quick action. It is:
Directly shared with field officers, SWAT teams, and emergency responders.
Used in counterterrorism, cybercrime investigations, and rapid deployment operations.
Time-sensitive and specific to particular events or individuals.
Example: If anactive shooterorhacker targeting a critical infrastructureis detected, tactical intelligence is used tomobilize security teams quickly.
Reference: McAfee Institute CCII Tactical Intelligence Guide, National Intelligence Strategy Document.

Question No : 11

Planning and resource allocation provides information to decision-makers about the changing nature of threats.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
Threat intelligence is constantly evolving, requiring agencies and organizations toadjust their strategies and allocate resources effectively. Planning ensures that:
Financial and human resourcesare directed tohigh-risk areas.
New cybersecurity defensesare developed to counter emerging threats.
Law enforcement operations are proactiverather than reactive.
For example, intelligence agenciesmonitor terrorist networks, cybercrime groups, and organized fraud ringsto adjust their priorities accordingly.
Reference: McAfee Institute CCII Threat Intelligence Guide, Exploring the Real-World Value of OSINT.

Question No : 12

Operational intelligence is considered:

• A.Information that can be used for military operations
• B.Actionable intelligence about long-term threats that is used to develop and implement preventive responses

답을 확인하기

정답:
Explanation:
Operational intelligenceisreal-time or near-term intelligenceused forongoing operations. It helps:
Law enforcement agencies prevent crimesthrough surveillance and monitoring.
Businesses and governments detect cybersecurity threatsbefore they escalate.
Counterterrorism teams assess risks and respond rapidlyto threats.
Operational intelligence is different fromstrategic intelligence, which focuses onlong-term analysisof trends and threats.
Reference: McAfee Institute CCII Intelligence Categories, National Security Strategy Reports.

Question No : 13

Intelligence is the beginning product of an analytical process that evaluates information collected from diverse sources.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
Intelligence is not raw databut aprocessed and analyzed productderived fromvarious information sources. Intelligence analysts:
Gather data from multiple sources (OSINT, HUMINT, SIGINT, etc.).
Analyze patterns and connectionsto detect security threats or criminal activity.
Develop actionable insightsfor law enforcement and national security agencies.
This process ensures that intelligence isaccurate, reliable, and usefulfor decision-making.
Reference: McAfee Institute CCII Intelligence Cycle Guide, Cyber Crime Investigator’s Field Guide.

Question No : 14

What is the most commonly used email domain for fraud?

• A.Yahoo.com
• B.Gmail.com
• C.Outlook.com
• D.Hotmail.com

답을 확인하기

정답:
Explanation:
Fraudsters frequently useYahoo.comdue to itslax verification requirements and historical use in cybercrime rings.
Reference: McAfee Institute CCII Cyber Intelligence Guide, Cyber Forensics Up and Running.

Question No : 15

Fraudsters never manipulate feedback on auction sites.

• A.True
• B.False

답을 확인하기

정답:
Explanation:
Fraudsters commonlycreate fake positive reviews, use bot accounts, and manipulate transaction historyto deceive buyers into trusting fraudulent listings.
Reference: McAfee Institute CCII Fraud Investigations, OSINT Handbook.