Windows Networking & Computer Fundamentals Exercises Solutions Quiz

Reviewed by Editorial Team

The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.

Learn about Our Editorial Process

| By Tui

Tui

Community Contributor

Quizzes Created: 1 | Total Attempts: 578

| Attempts: 581

Questions

Feedback

During the Quiz End of Quiz

Difficulty

Easy First Hard First Sequential

1/247 Questions

This ISO standard defines file systems and protocols for exchanging data between optical disks. What is it?
- ISO 9660
- ISO/IEC 13940
- ISO 9060
- IEC 3490

About This Quiz

Attempt this 'Windows Networking & Computer Fundamentals Exercises Solutions' quiz and evaluate yourself whether you're a true computer genius or not. This quiz covers almost every topic related to computers, including windows, the internet, networking, system drives, cyber security, and many more. If you consider yourself a true computer engineer or an expert when it comes to computers, you should really play the quiz and assess yourself. The test becomes tougher after every question. So, go ahead and try to score at least 75 percent! Good luck!

Windows Networking & Computer Fundamentals Exercises Solutions Quiz - Quiz

Quiz Preview

2.

Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?
- Data collection
- Secure the evidence
- First response
- Data analysis
Correct Answer

A. First response

Explanation

During the investigation phase of a cybercrime forensics investigation case, various tasks are performed to gather evidence and analyze data. Data collection involves gathering relevant information and evidence related to the cybercrime. Secure the evidence involves ensuring the preservation and protection of the collected evidence to maintain its integrity. Data analysis involves examining and interpreting the collected data to identify patterns, anomalies, and other important information. However, the first response is not a task that falls under the investigation phase. The first response refers to the initial actions taken immediately after the detection of a cybercrime, such as reporting the incident and securing the affected systems.

Rate this question:
3.

Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to analyze the DBX files?
- Microsoft Outlook
- Eudora
- Mozilla Thunderbird
- Microsoft Outlook Express
Correct Answer

A. Microsoft Outlook Express

Explanation

Billy, as a computer forensics expert, can use Microsoft Outlook Express to analyze the DBX files. DBX files are associated with Microsoft Outlook Express, which was a popular email client in the past. Therefore, it would be the most suitable choice for analyzing the recovered DBX files.

Rate this question:
4.

Which one do you like?
- RAID Level 0
- RAID Level 5
- RAID Level 3
- RAID Level 1
Correct Answer

A. RAID Level 5

Explanation

RAID Level 5 is the correct answer because it provides both data striping and parity information across multiple drives. This level offers a good balance between performance and data redundancy, as it can sustain the failure of one drive without losing any data. The parity information allows for data reconstruction in case of a drive failure, making RAID Level 5 a reliable choice for data storage and protection.

Rate this question:
5.

You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?
- The X509 Address
- The SMTP reply Address
- The E-mail Header
- The Host Domain Name
Correct Answer

A. The E-mail Header

Explanation

When trying to trace the source of a threatening email, the most important piece of information to investigate is the email header. The email header contains metadata about the email, including the sender's IP address, the route the email took to reach its destination, and other identifying information. By analyzing the email header, it is possible to track the source of the email and gather evidence for further investigation. The X509 Address, SMTP reply Address, and Host Domain Name may provide some information, but they are not as crucial as the email header in identifying the source of the threatening email.

Rate this question:
6.

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?
- The ISP can investigate anyone using their service and can provide you with assistance
- The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant
- The ISP can't conduct any type of investigations on anyone and therefore can't assist you
- ISP's never maintain log files so they would be of no use to your investigation
Correct Answer

A. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant

Explanation

The correct answer is that the ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist without a warrant. This means that while the ISP can help with the investigation, they cannot provide assistance without proper legal authorization such as a warrant. This is to ensure that the privacy rights of their customers are protected.

Rate this question:
7.

Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?
- MIME
- BINHEX
- UT-16
- UUCODE
Correct Answer

A. MIME

Explanation

MIME (Multipurpose Internet Mail Extensions) is a protocol that allows non-ASCII files, such as video, graphics, and audio, to be sent through email messages. It extends the capabilities of email by encoding these files into ASCII format, which can be transmitted over the internet. This ensures that the files can be properly understood and displayed by different email clients and systems. BINHEX, UT-16, and UUCODE are not specifically designed for handling non-ASCII files in email messages.

Rate this question:
8.

When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?
- Universal Time Set
- Network Time Protocol
- SyncTime Service
- Time-Sync Protocol
Correct Answer

A. Network Time Protocol

Explanation

The correct answer is Network Time Protocol. Network Time Protocol (NTP) is a service used to synchronize time among multiple computers. It ensures that the clocks of different computers are aligned, allowing administrators to accurately reconstruct events during an attack or security incident. Without synchronized time, it becomes challenging to determine the exact timing and sequence of events.

Rate this question:
9.

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
- Rules of evidence
- Law of probability
- Chain of custody
- Policy of separation
Correct Answer

A. Chain of custody

Explanation

Chain of custody refers to the documentation and procedures that ensure the integrity and reliability of evidence in a legal investigation. It involves maintaining a detailed record of the possession, handling, and transfer of evidence from the time it is collected until it is presented in court. This ensures that the evidence is not tampered with or compromised, and establishes its authenticity and admissibility in court. The chain of custody is crucial in computer forensics investigations to maintain the integrity of digital evidence and to establish its reliability in court.

Rate this question:
10.

What method of copying should always be performed first before carrying out an investigation?
- Parity-bit copy
- Bit-stream copy
- MS-DOS disc copy
- System level copy
Correct Answer

A. Bit-stream copy

Explanation

A bit-stream copy should always be performed first before carrying out an investigation. This method copies the entire contents of a storage device, including the data and any hidden or deleted files. It creates an exact replica of the original device, preserving all the data and metadata. By performing a bit-stream copy, investigators can ensure that the original evidence remains intact and unaltered, allowing for a thorough examination without the risk of data loss or corruption.

Rate this question:
11.

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?
- A write-blocker
- A protocol analyzer
- A firewall
- A disk editor
Correct Answer

A. A write-blocker

Explanation

A write-blocker is used in forensics analysis to prevent the system from recording data on an evidence disk. This device ensures that no changes or modifications are made to the data on the disk, preserving its integrity and preventing any potential tampering. By blocking write commands, the write-blocker allows investigators to safely examine and analyze the data on the evidence disk without altering it in any way.

Rate this question:
12.

Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?
- Gif
- Bmp
- Jpeg
- Png
Correct Answer

A. Jpeg

Explanation

The file signature FF D8 FF E1 corresponds to the file type JPEG. File signatures are unique sequences of bytes that help identify the file type. In this case, the given file signature matches the signature commonly associated with JPEG files, indicating that the image Stephen is checking is in JPEG format.

Rate this question:
13.

What is one method of bypassing a system BIOS password?
- Removing the processor
- Removing the CMOS battery
- Remove all the system memory
- Login to Windows and disable the BIOS password
Correct Answer

A. Removing the CMOS battery

Explanation

Removing the CMOS battery is one method of bypassing a system BIOS password. The CMOS battery is responsible for powering the CMOS chip, which stores the BIOS settings. By removing the battery, the power to the CMOS chip is cut off, causing it to lose all the stored settings, including the BIOS password. This allows the user to bypass the password and access the BIOS settings without entering the correct password.

Rate this question:
14.

It takes mismanaged case/s to ruin your professional reputation as a computer forensics examiner?
- By law, three
- Quite a few
- Only one
- At least two
Correct Answer

A. Only one

Explanation

It only takes one mismanaged case to ruin your professional reputation as a computer forensics examiner. This means that even a single instance of mishandling a case can have a significant impact on your reputation in the field. It highlights the importance of being diligent and thorough in conducting computer forensic examinations to maintain professional integrity.

Rate this question:
15.

You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position: 7+ years experience in Windows Server environment 5+ years experience in Exchange 2000/2003 environment Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are required MCSA desired, MCSE, CEH preferred No Unix/Linux Experience needed What is this information posted on the job website considered?
- Social engineering exploit
- Competitive exploit
- Information vulnerability
- Trade secret
Correct Answer

A. Information vulnerability

Explanation

The given information on the job website is considered as an information vulnerability because it provides details about the company's IT infrastructure, including specific technologies and software used. This information can be valuable to potential attackers as it gives insight into the company's systems and can be used to exploit any vulnerabilities or weaknesses.

Rate this question:
16.

When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?
- All virtual memory will be deleted
- The wrong partition may be set to active
- This action can corrupt the disk
- The computer will be set in a constant reboot state
Correct Answer

A. This action can corrupt the disk

Explanation

Deleting a partition on a dynamic disk can corrupt the disk because dynamic disks use a complex disk management system that relies on metadata stored on the disk. Deleting a partition can disrupt this system and cause data loss or corruption. It is important to avoid deleting partitions on dynamic disks during a forensics investigation to preserve the integrity of the disk and any potential evidence it may contain.

Rate this question:
17.

Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?
- Two
- One
- Three
- Four
Correct Answer

A. Two

Explanation

Michael should use two data acquisition tools when creating copies of the evidence for the investigation. This is because it is important to have redundancy and ensure that the evidence is properly preserved. By using two tools, Michael can create two separate copies of the data, which can be compared to ensure accuracy and integrity. Additionally, having two copies provides a backup in case one of the copies becomes corrupted or compromised. Therefore, using two data acquisition tools is the best practice in this situation.

Rate this question:
18.

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?
- Robust copy
- Incremental backup copy
- Bit-stream copy
- Full backup copy
Correct Answer

A. Bit-stream copy

Explanation

A bit-stream copy is needed to ensure that the evidence found is complete and admissible in future proceedings. A bit-stream copy is a sector-by-sector copy of the entire hard drive, including all data, deleted files, and file fragments. This type of copy preserves the integrity of the original drive and allows for a thorough examination of the evidence without altering or modifying any data. It is the most reliable and comprehensive method for forensic analysis in this situation.

Rate this question:
19.

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?
- The registry
- The swap file
- The recycle bin
- The metadata
Correct Answer

A. The swap file

Explanation

The swap file should be examined next in this case because it is a temporary storage area on the computer's hard drive where data is stored when there is not enough RAM available. It is possible that the staff member may have saved or temporarily stored evidence of the finance fraud in the swap file, especially if they were trying to hide it. Therefore, examining the swap file may provide valuable information or evidence that was not found in the data files on the bitmap image of the target computer.

Rate this question:
20.

The MD5 program is used to:
- Wipe magnetic media before recycling it
- Make directories on an evidence disk
- View graphics files on an evidence drive
- Verify that a disk is not altered when you examine it
Correct Answer

A. Verify that a disk is not altered when you examine it

Explanation

The MD5 program is used to verify that a disk is not altered when you examine it. MD5 (Message Digest Algorithm 5) is a widely used cryptographic hash function that produces a unique hash value for a given input. By comparing the hash value of a disk before and after examination, you can determine if any changes or alterations have been made to the disk. This is important for ensuring the integrity and authenticity of the evidence on the disk.

Rate this question:
21.

Which of the following attack uses HTML tags like <script></script>?
- Phishing
- XSS attack
- SQL injection
- Spam
Correct Answer

A. XSS attack

Explanation

XSS attack uses HTML tags like to inject malicious scripts into a website or web application. These scripts can be used to steal sensitive information, manipulate website content, or redirect users to malicious websites. Phishing, SQL injection, and spam attacks do not specifically rely on HTML tags for their execution.

Rate this question:
22.

CAN-SPAM act requires that you:
- Don't use deceptive subject lines
- Don’t tell the recipients where you are located
- Don’t identify the message as an ad
- Don’t use true header information
Correct Answer

A. Don't use deceptive subject lines

Explanation

The correct answer is "Don't use deceptive subject lines." The CAN-SPAM act is a law that regulates commercial email messages. It requires that email marketers do not use deceptive subject lines to mislead or trick recipients into opening their emails. This is to ensure transparency and honesty in email marketing practices. The other options listed are not accurate requirements of the CAN-SPAM act.

Rate this question:
23.

Which of the following technique creates a replica of an evidence media?
- Data Extraction
- Backup
- Bit Stream Imaging
- Data Deduplication
Correct Answer

A. Bit Stream Imaging

Explanation

Bit Stream Imaging is a technique that creates a complete and exact replica of an evidence media. It captures every bit and byte of data, including deleted and hidden files, as well as the file system structure. This ensures that the integrity of the original evidence is preserved, allowing for a thorough analysis without altering or damaging the original data. Backup, Data Extraction, and Data Deduplication do not create a complete replica of the evidence media, making Bit Stream Imaging the correct answer.

Rate this question:
24.

_______________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.
- Network Forensics
- Computer Forensics
- Incident Response
- Event Reaction
Correct Answer

A. Computer Forensics

Explanation

Computer Forensics is the correct answer because it involves the use of computer investigation and analysis techniques to uncover potential legal evidence. This field focuses on gathering and analyzing digital evidence from computers, networks, and other digital devices in order to support legal investigations or proceedings. Computer Forensics professionals use specialized tools and techniques to preserve, extract, and analyze data from digital devices, ensuring that the evidence remains admissible in court.

Rate this question:
25.

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?
- SAM
- AMS
- Shadow file
- Password.conf
Correct Answer

A. SAM

Explanation

In an Active Directory network using NTLM authentication, the passwords are stored in the Security Account Manager (SAM) database on the domain controllers. The SAM database is a registry file that contains user account information, including usernames and password hashes. This database is used for local authentication and security policies on the domain controllers.

Rate this question:
26.

Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?
- OpenGL/ES and SGL
- Surface Manager
- Media framework
- WebKit
Correct Answer

A. OpenGL/ES and SGL

Explanation

OpenGL/ES and SGL are the Android libraries used to render 2D or 3D graphics content to the screen. OpenGL/ES is a widely used graphics API that allows developers to create high-performance 2D and 3D graphics on Android devices. SGL (Software Graphics Library) is a software-based rendering library that provides a fallback option for devices that do not support hardware acceleration. Together, these libraries enable developers to create visually appealing and interactive graphics on Android devices.

Rate this question:
27.

Which one of the following is not a first response procedure?
- Preserve volatile data
- Fill forms
- Crack passwords
- Take photos
Correct Answer

A. Crack passwords

Explanation

The correct answer is "Crack passwords" because it is not a first response procedure. First response procedures typically involve actions that are immediate and necessary to preserve evidence or secure a scene. Preserving volatile data, filling forms, and taking photos are all examples of first response procedures that help in documenting and securing the evidence. However, cracking passwords is a more advanced and time-consuming process that typically occurs after the initial response and is not considered a first response procedure.

Rate this question:
28.

Which code does the FAT file system use to mark the file as deleted?
- ESH
- 5EH
- H5E
- E5H
Correct Answer

A. E5H

Explanation

The FAT file system uses the code E5H to mark a file as deleted. This code is used as a placeholder in the file allocation table to indicate that the file has been deleted and its space is now available for reuse. When a file is deleted, the first character of its file name is replaced with E5H to indicate its deletion status. This allows the file system to keep track of available space and manage file allocation efficiently.

Rate this question:
29.

Which one d Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?
- Netstat - r
- Netstat - ano
- Netstat - b
- Netstat -s
Correct Answer

A. Netstat - ano

Explanation

The correct answer is "netstat - ano" because the "-ano" option in the netstat command displays all active TCP and UDP connections, listening ports, and the associated process identifiers (PID) for each connection. This allows the user to identify which processes are using specific network connections.

Rate this question:
30.

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?
- Justification
- Authentication
- Reiteration
- Certification
Correct Answer

A. Authentication

Explanation

The term used for Jacob's testimony in this case is "authentication." This is because Jacob is testifying to the accuracy and integrity of the technical log files gathered in the investigation, which is a process of verifying the authenticity of evidence.

Rate this question:
31.

At what layer of the OSI model do routers function on?
- 4
- 3
- 1
- 4
Correct Answer

A. 3

Explanation

Routers function at the network layer (layer 3) of the OSI model. The network layer is responsible for logical addressing and routing of data packets between different networks. Routers use IP addresses to determine the best path for forwarding packets to their destination across multiple networks. They make decisions based on network layer information such as IP addresses and routing tables.

Rate this question:
32.

Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?
- Portable Document Format
- MS-office Word Document
- MS-office Word OneNote
- MS-office Word PowerPoint
Correct Answer

A. Portable Document Format

Explanation

The Portable Document Format (PDF) does not use Object Linking and Embedding (OLE) technology to embed and link to other objects. OLE is a technology that allows objects from different applications to be linked and embedded within a document. However, PDF is a file format that is independent of any specific software or application and does not support OLE. Therefore, it does not use OLE technology to embed and link to other objects.

Rate this question:
33.

Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID “WIN- ABCDE12345F." Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?
- WIN-ABCDE12345F.err
- WIN-ABCDE12345F-bin.n
- WIN-ABCDE12345F.pid
- WIN-ABCDE12345F.log
Correct Answer

A. WIN-ABCDE12345F.log

Explanation

The log file with the name "WIN-ABCDE12345F.log" will help Shane in tracking all the client connections and activities performed on the database server.

Rate this question:
34.

One way to identify the presence of hidden partitions on a suspect's hard drive is to:
- Add up the total size of all known partitions and compare it to the total size of the hard drive
- Examine the FAT and identify hidden partitions by noting an H in the partition Type field
- Examine the LILO and note an H in the partition Type field
- It is not possible to have hidden partitions on a hard drive
Correct Answer

A. Add up the total size of all known partitions and compare it to the total size of the hard drive

Explanation

To identify the presence of hidden partitions on a suspect's hard drive, one can add up the total size of all known partitions and compare it to the total size of the hard drive. If the total size of the known partitions is significantly smaller than the total size of the hard drive, it suggests the existence of hidden partitions. This is because hidden partitions are not visible or accounted for in the known partition sizes. Therefore, comparing the two sizes can help in detecting the presence of hidden partitions.

Rate this question:
35.

Jason discovered a file named $RIIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name?
- It is a doc file deleted in seventh sequential order
- RIYG6VR.doc is the name of the doc file deleted from the system
- It is file deleted from R drive
- Lt is a deleted doc file
Correct Answer

A. Lt is a deleted doc file

Explanation

From the file name "$RIIYG6VR.doc" found in the recycle bin directory, Jason can infer that it is a deleted doc file.

Rate this question:
36.

What does the acronym POST mean as it relates to a PC?
- Primary Operations Short Test
- PowerOn Self Test
- Pre Operational Situation Test
- Primary Operating System Test
Correct Answer

A. PowerOn Self Test

Explanation

The acronym POST stands for PowerOn Self Test. This test is performed by a computer when it is powered on to check if all the hardware components are functioning properly. It checks the memory, keyboard, hard drive, and other essential components. If any issues are detected during the POST, the computer may display error messages or emit beep codes to indicate the problem. The POST is an important diagnostic tool that helps identify hardware failures and ensures that the computer is in a good operational state before the operating system is loaded.

Rate this question:

1
37.

An expert witness is a _______________ who is normally appointed by a party to assist the formulation and preparation of a party’s claim or defense.
- Expert in criminal investigation
- Subject matter specialist
- Witness present at the crime scene
- Expert law graduate appointed by attorney
Correct Answer

A. Subject matter specialist

Explanation

An expert witness is a subject matter specialist who is appointed by a party to assist in formulating and preparing their claim or defense. This individual has specialized knowledge and expertise in a specific field relevant to the case and provides their professional opinion and analysis to support the party's position. Their role is to provide expert testimony based on their expertise and assist the court in understanding complex technical or scientific matters.

Rate this question:
38.

What advantage does the tool Evidor have over the built-in Windows search?
- It can find deleted files even after they have been physically removed
- It can find bad sectors on the hard drive
- It can search slack space
- It can find files hidden within ADS
Correct Answer

A. It can search slack space

Explanation

Evidor has an advantage over the built-in Windows search because it can search slack space. Slack space is the unused space between the end of a file and the end of the cluster it occupies on a hard drive. Evidor is able to search and retrieve data from this slack space, which can be useful in forensic investigations or recovering deleted or hidden files. The built-in Windows search does not have this capability.

Rate this question:
39.

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?
- Volume Boot Record
- Master Boot Record
- GUID Partition Table
- Master File Table
Correct Answer

A. Master File Table

Explanation

The Master File Table (MFT) is a database in which information about every file and directory on an NT File System (NTFS) volume is stored. It acts as a directory for the file system, keeping track of the location and metadata of each file and directory on the volume. The MFT is a crucial component of the NTFS file system and is used by the operating system to access and manage files and directories efficiently.

Rate this question:
40.

What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?
- AA55
- OOAA
- AAOO
- A100
Correct Answer

A. AA55

Explanation

The value "AA55" is used as the "Boot Record Signature" to indicate that the boot-loader exists. This value is commonly found in the last two bytes of the boot sector of a disk. It serves as a marker for the boot-loader program, allowing the system to recognize and execute it during the boot process.

Rate this question:
41.

The newer Macintosh Operating System is based on
- OS/2
- BSD Unix
- Linux
- Microsoft Windows
Correct Answer

A. BSD Unix

Explanation

The newer Macintosh Operating System is based on BSD Unix. BSD Unix is a Unix-like operating system that was developed at the University of California, Berkeley. It is known for its stability, security, and scalability. Apple adopted BSD Unix as the foundation for their Macintosh Operating System, incorporating its features and functionalities into their own operating system. This decision has allowed Mac OS to benefit from the robustness and reliability of BSD Unix, making it a popular choice among users.

Rate this question:
42.

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?
- Mcopy
- Image
- MD5
- dd
Correct Answer

A. dd

Explanation

The correct answer is "dd". The dd command is a standard Linux command that is also available as a Windows application. It can be used to create bit-stream images.

Rate this question:
43.

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?
- Digital attack
- Denial of service
- Physical attack
- ARP redirect
Correct Answer

A. Denial of service

Explanation

A denial of service attack occurs when an attacker floods a router with numerous open connections simultaneously, causing the router to stop forwarding packets. This overwhelms the router's resources and prevents it from functioning properly, effectively disabling all the hosts behind the router.

Rate this question:
44.

Madison is on trial for allegedly breaking into her university internal network. The police raided her dorm room and seized all of her computer equipment. Madison lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison lawyer trying to prove the police violated?
- The 10th Amendment
- The 5th Amendment
- The 1st Amendment
- The 4th Amendment
Correct Answer

A. The 4th Amendment

Explanation

Madison's lawyer is trying to prove that the police violated the 4th Amendment. This amendment protects individuals from unreasonable searches and seizures by the government. The lawyer is arguing that the police raid and seizure of Madison's computer equipment was unfounded and baseless, meaning it was not supported by probable cause or a valid warrant. By invoking the 4th Amendment, the lawyer is asserting that Madison's rights were violated and the evidence obtained should be excluded from the trial.

Rate this question:
45.

Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the hostjd, and local path information?
- Host.db
- Sigstore.db
- Config.db
- Filecache.db
Correct Answer

A. Config.db

Explanation

The file "config.db" stores information about the local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host ID, and local path information.

Rate this question:
46.

To preserve digital evidence, an investigator should .
- Make two copies of each evidence item using a single imaging tool
- Make a single copy of each evidence item using an approved imaging tool
- Make two copies of each evidence item using different imaging tools
- Only store the original evidence item
Correct Answer

A. Make two copies of each evidence item using different imaging tools

Explanation

Making two copies of each evidence item using different imaging tools is the best practice for preserving digital evidence. This ensures redundancy and reduces the risk of data loss or corruption. By using different imaging tools, any potential errors or limitations of a single tool can be mitigated. Additionally, having multiple copies allows for verification and comparison of the evidence to ensure its integrity. Storing only the original evidence item is not sufficient as it leaves no room for error or loss of the data.

Rate this question:
47.

Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?
- FAT File System
- ReFS
- ExFAT
- NTFS File System
Correct Answer

A. NTFS File System

Explanation

NTFS File System uses Master File Table (MFT) database to store information about every file and directory on a volume. MFT is a special file that contains metadata for all files and directories, including their names, size, attributes, and location on the disk. This allows for efficient and organized storage and retrieval of file system information.

Rate this question:
48.

When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?
- The year the evidence was taken
- The sequence number for the parts of the same exhibit
- The initials of the forensics analyst
- The sequential number of the exhibits seized
Correct Answer

A. The sequential number of the exhibits seized

Explanation

The nnn in the aa/ddmmyy/nnnn/zz format denotes the sequential number of the exhibits seized. This number is used to differentiate between different pieces of evidence that have been collected as part of the same exhibit.

Rate this question:
49.

Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?
- Mime-Version header
- Content-Type header
- Content-Transfer-Encoding header
- Errors-To header
Correct Answer

A. Errors-To header

Explanation

The Errors-To header specifies an address for mailer-generated errors to be sent to, instead of the sender's address. This header is used to direct bounce messages, such as "no such user" errors, to a specific email address.

Rate this question:

Quiz Review Timeline (Updated): Mar 23, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 23, 2023

Quiz Edited by
ProProfs Editorial Team
Nov 07, 2019

Quiz Created by
Tui

Recent Quizzes

Decoding the Varieties: Rocket Science Fundamentals Quiz Decoding the Varieties: Rocket Science Fundamentals Quiz

Only a few can pass this basic computer science quiz Only a few can pass this basic computer science quiz

Fundamental Mathematics Questions Quiz Fundamental Mathematics Questions Quiz

Oracle SQL Fundamentals Quiz! Test Oracle SQL Fundamentals Quiz! Test

Class Test - Elements of mechanical engineering (MECI 101) Class Test - Elements of mechanical engineering (MECI 101)

Short Computer Exam Quiz! Short Computer Exam Quiz!

Back to top

Windows Networking & Computer Fundamentals Exercises Solutions Quiz

This ISO standard defines file systems and protocols for exchanging data between optical disks. What is it?

Quiz Preview

Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to analyze the DBX files?

Which one do you like?

You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

What method of copying should always be performed first before carrying out an investigation?

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?

What is one method of bypassing a system BIOS password?

It takes mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

The MD5 program is used to:

Which of the following attack uses HTML tags like <script></script>?

CAN-SPAM act requires that you:

Which of the following technique creates a replica of an evidence media?

_______________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?

Which one of the following is not a first response procedure?

Which code does the FAT file system use to mark the file as deleted?

At what layer of the OSI model do routers function on?

Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?

Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID “WIN- ABCDE12345F." Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?

One way to identify the presence of hidden partitions on a suspect's hard drive is to:

Jason discovered a file named $RIIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name?

What does the acronym POST mean as it relates to a PC?

An expert witness is a _______________ who is normally appointed by a party to assist the formulation and preparation of a party’s claim or defense.

What advantage does the tool Evidor have over the built-in Windows search?

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?

The newer Macintosh Operating System is based on

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the hostjd, and local path information?

To preserve digital evidence, an investigator should .

Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?

When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?