Windows Networking & Computer Fundamentals Exercises Solutions Quiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Tui
T
Tui
Community Contributor
Quizzes Created: 1 | Total Attempts: 581
| Attempts: 583
SettingsSettings
Please wait...
  • 1/247 Questions

    This ISO standard defines file systems and protocols for exchanging data between optical disks. What is it?

    • ISO 9660
    • ISO/IEC 13940
    • ISO 9060
    • IEC 3490
Please wait...
About This Quiz

Attempt this 'Windows Networking & Computer Fundamentals Exercises Solutions' quiz and evaluate yourself whether you're a true computer genius or not. This quiz covers almost every topic related to computers, including windows, the internet, networking, system drives, cyber security, and many more. If you consider yourself a true computer engineer or an expert when it comes to computers, you should really play the quiz and assess yourself. The test becomes tougher after every question. So, go ahead and try to score at least 75 percent! Good luck!

Windows Networking & Computer Fundamentals Exercises Solutions Quiz - Quiz

Quiz Preview

  • 2. 

    Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

    • Data collection

    • Secure the evidence

    • First response

    • Data analysis

    Correct Answer
    A. First response
    Explanation
    During the investigation phase of a cybercrime forensics investigation case, various tasks are performed to gather evidence and analyze data. Data collection involves gathering relevant information and evidence related to the cybercrime. Secure the evidence involves ensuring the preservation and protection of the collected evidence to maintain its integrity. Data analysis involves examining and interpreting the collected data to identify patterns, anomalies, and other important information. However, the first response is not a task that falls under the investigation phase. The first response refers to the initial actions taken immediately after the detection of a cybercrime, such as reporting the incident and securing the affected systems.

    Rate this question:

  • 3. 

    Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to analyze the DBX files?

    • Microsoft Outlook

    • Eudora

    • Mozilla Thunderbird

    • Microsoft Outlook Express

    Correct Answer
    A. Microsoft Outlook Express
    Explanation
    Billy, as a computer forensics expert, can use Microsoft Outlook Express to analyze the DBX files. DBX files are associated with Microsoft Outlook Express, which was a popular email client in the past. Therefore, it would be the most suitable choice for analyzing the recovered DBX files.

    Rate this question:

  • 4. 
    Which one do you like? - ProProfs

    Which one do you like?

    • RAID Level 0

    • RAID Level 5

    • RAID Level 3

    • RAID Level 1

    Correct Answer
    A. RAID Level 5
    Explanation
    RAID Level 5 is the correct answer because it provides both data striping and parity information across multiple drives. This level offers a good balance between performance and data redundancy, as it can sustain the failure of one drive without losing any data. The parity information allows for data reconstruction in case of a drive failure, making RAID Level 5 a reliable choice for data storage and protection.

    Rate this question:

  • 5. 

    You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

    • The X509 Address

    • The SMTP reply Address

    • The E-mail Header

    • The Host Domain Name

    Correct Answer
    A. The E-mail Header
    Explanation
    When trying to trace the source of a threatening email, the most important piece of information to investigate is the email header. The email header contains metadata about the email, including the sender's IP address, the route the email took to reach its destination, and other identifying information. By analyzing the email header, it is possible to track the source of the email and gather evidence for further investigation. The X509 Address, SMTP reply Address, and Host Domain Name may provide some information, but they are not as crucial as the email header in identifying the source of the threatening email.

    Rate this question:

  • 6. 

    In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

    • The ISP can investigate anyone using their service and can provide you with assistance

    • The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant

    • The ISP can't conduct any type of investigations on anyone and therefore can't assist you

    • ISP's never maintain log files so they would be of no use to your investigation

    Correct Answer
    A. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant
    Explanation
    The correct answer is that the ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist without a warrant. This means that while the ISP can help with the investigation, they cannot provide assistance without proper legal authorization such as a warrant. This is to ensure that the privacy rights of their customers are protected.

    Rate this question:

  • 7. 

    Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?

    • MIME

    • BINHEX

    • UT-16

    • UUCODE

    Correct Answer
    A. MIME
    Explanation
    MIME (Multipurpose Internet Mail Extensions) is a protocol that allows non-ASCII files, such as video, graphics, and audio, to be sent through email messages. It extends the capabilities of email by encoding these files into ASCII format, which can be transmitted over the internet. This ensures that the files can be properly understood and displayed by different email clients and systems. BINHEX, UT-16, and UUCODE are not specifically designed for handling non-ASCII files in email messages.

    Rate this question:

  • 8. 

    When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

    • Universal Time Set

    • Network Time Protocol

    • SyncTime Service

    • Time-Sync Protocol

    Correct Answer
    A. Network Time Protocol
    Explanation
    The correct answer is Network Time Protocol. Network Time Protocol (NTP) is a service used to synchronize time among multiple computers. It ensures that the clocks of different computers are aligned, allowing administrators to accurately reconstruct events during an attack or security incident. Without synchronized time, it becomes challenging to determine the exact timing and sequence of events.

    Rate this question:

  • 9. 

    In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

    • Rules of evidence

    • Law of probability

    • Chain of custody           

    • Policy of separation

    Correct Answer
    A. Chain of custody           
    Explanation
    Chain of custody refers to the documentation and procedures that ensure the integrity and reliability of evidence in a legal investigation. It involves maintaining a detailed record of the possession, handling, and transfer of evidence from the time it is collected until it is presented in court. This ensures that the evidence is not tampered with or compromised, and establishes its authenticity and admissibility in court. The chain of custody is crucial in computer forensics investigations to maintain the integrity of digital evidence and to establish its reliability in court.

    Rate this question:

  • 10. 

    What method of copying should always be performed first before carrying out an investigation?

    • Parity-bit copy

    • Bit-stream copy

    • MS-DOS disc copy

    • System level copy

    Correct Answer
    A. Bit-stream copy
    Explanation
    A bit-stream copy should always be performed first before carrying out an investigation. This method copies the entire contents of a storage device, including the data and any hidden or deleted files. It creates an exact replica of the original device, preserving all the data and metadata. By performing a bit-stream copy, investigators can ensure that the original evidence remains intact and unaltered, allowing for a thorough examination without the risk of data loss or corruption.

    Rate this question:

  • 11. 

    When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

    • A write-blocker

    • A protocol analyzer

    • A firewall

    • A disk editor

    Correct Answer
    A. A write-blocker
    Explanation
    A write-blocker is used in forensics analysis to prevent the system from recording data on an evidence disk. This device ensures that no changes or modifications are made to the data on the disk, preserving its integrity and preventing any potential tampering. By blocking write commands, the write-blocker allows investigators to safely examine and analyze the data on the evidence disk without altering it in any way.

    Rate this question:

  • 12. 

    Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?

    • Gif

    • Bmp

    • Jpeg

    • Png

    Correct Answer
    A. Jpeg
    Explanation
    The file signature FF D8 FF E1 corresponds to the file type JPEG. File signatures are unique sequences of bytes that help identify the file type. In this case, the given file signature matches the signature commonly associated with JPEG files, indicating that the image Stephen is checking is in JPEG format.

    Rate this question:

  • 13. 

    What is one method of bypassing a system BIOS password?

    • Removing the processor

    • Removing the CMOS battery

    • Remove all the system memory

    • Login   to         Windows         and      disable the       BIOS   password

    Correct Answer
    A. Removing the CMOS battery
    Explanation
    Removing the CMOS battery is one method of bypassing a system BIOS password. The CMOS battery is responsible for powering the CMOS chip, which stores the BIOS settings. By removing the battery, the power to the CMOS chip is cut off, causing it to lose all the stored settings, including the BIOS password. This allows the user to bypass the password and access the BIOS settings without entering the correct password.

    Rate this question:

  • 14. 

    It takes            mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

    • By law, three

    • Quite a few

    • Only one

    • At least two

    Correct Answer
    A. Only one
    Explanation
    It only takes one mismanaged case to ruin your professional reputation as a computer forensics examiner. This means that even a single instance of mishandling a case can have a significant impact on your reputation in the field. It highlights the importance of being diligent and thorough in conducting computer forensic examinations to maintain professional integrity.

    Rate this question:

  • 15. 

    You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position: 7+ years experience in Windows Server environment 5+ years experience in Exchange 2000/2003 environment Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are required MCSA desired, MCSE, CEH preferred No Unix/Linux Experience needed What is this information posted on the job website considered?

    • Social engineering exploit

    • Competitive exploit

    • Information vulnerability

    • Trade secret 

    Correct Answer
    A. Information vulnerability
    Explanation
    The given information on the job website is considered as an information vulnerability because it provides details about the company's IT infrastructure, including specific technologies and software used. This information can be valuable to potential attackers as it gives insight into the company's systems and can be used to exploit any vulnerabilities or weaknesses.

    Rate this question:

  • 16. 

    When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

    • All virtual memory will be deleted

    • The wrong partition may be set to active

    • This action can corrupt the disk

    • The computer will be set in a constant reboot state

    Correct Answer
    A. This action can corrupt the disk
    Explanation
    Deleting a partition on a dynamic disk can corrupt the disk because dynamic disks use a complex disk management system that relies on metadata stored on the disk. Deleting a partition can disrupt this system and cause data loss or corruption. It is important to avoid deleting partitions on dynamic disks during a forensics investigation to preserve the integrity of the disk and any potential evidence it may contain.

    Rate this question:

  • 17. 

    Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

    • Two

    • One

    • Three

    • Four

    Correct Answer
    A. Two
    Explanation
    Michael should use two data acquisition tools when creating copies of the evidence for the investigation. This is because it is important to have redundancy and ensure that the evidence is properly preserved. By using two tools, Michael can create two separate copies of the data, which can be compared to ensure accuracy and integrity. Additionally, having two copies provides a backup in case one of the copies becomes corrupted or compromised. Therefore, using two data acquisition tools is the best practice in this situation.

    Rate this question:

  • 18. 

    You are working as an independent computer forensics investigator and received  a  call  from  a  systems  administrator  for  a  local  school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he   made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

    • Robust copy

    • Incremental backup copy

    • Bit-stream copy

    • Full backup copy

    Correct Answer
    A. Bit-stream copy
    Explanation
    A bit-stream copy is needed to ensure that the evidence found is complete and admissible in future proceedings. A bit-stream copy is a sector-by-sector copy of the entire hard drive, including all data, deleted files, and file fragments. This type of copy preserves the integrity of the original drive and allows for a thorough examination of the evidence without altering or modifying any data. It is the most reliable and comprehensive method for forensic analysis in this situation.

    Rate this question:

  • 19. 

    You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

    • The registry

    • The swap file

    • The recycle bin

    • The metadata

    Correct Answer
    A. The swap file
    Explanation
    The swap file should be examined next in this case because it is a temporary storage area on the computer's hard drive where data is stored when there is not enough RAM available. It is possible that the staff member may have saved or temporarily stored evidence of the finance fraud in the swap file, especially if they were trying to hide it. Therefore, examining the swap file may provide valuable information or evidence that was not found in the data files on the bitmap image of the target computer.

    Rate this question:

  • 20. 

    The MD5 program is used to:

    • Wipe magnetic media before recycling it

    • Make directories on an evidence disk

    • View graphics files on an evidence drive

    • Verify that a disk is not altered when you examine it

    Correct Answer
    A. Verify that a disk is not altered when you examine it
    Explanation
    The MD5 program is used to verify that a disk is not altered when you examine it. MD5 (Message Digest Algorithm 5) is a widely used cryptographic hash function that produces a unique hash value for a given input. By comparing the hash value of a disk before and after examination, you can determine if any changes or alterations have been made to the disk. This is important for ensuring the integrity and authenticity of the evidence on the disk.

    Rate this question:

  • 21. 

    Which of the following attack uses HTML tags like <script></script>?

    • Phishing

    • XSS attack

    • SQL injection

    • Spam

    Correct Answer
    A. XSS attack
    Explanation
    XSS attack uses HTML tags like to inject malicious scripts into a website or web application. These scripts can be used to steal sensitive information, manipulate website content, or redirect users to malicious websites. Phishing, SQL injection, and spam attacks do not specifically rely on HTML tags for their execution.

    Rate this question:

  • 22. 

    CAN-SPAM act requires that you:

    • Don't use deceptive subject lines

    • Don’t tell the recipients where you are located

    • Don’t identify the message as an ad

    • Don’t use true header information

    Correct Answer
    A. Don't use deceptive subject lines
    Explanation
    The correct answer is "Don't use deceptive subject lines." The CAN-SPAM act is a law that regulates commercial email messages. It requires that email marketers do not use deceptive subject lines to mislead or trick recipients into opening their emails. This is to ensure transparency and honesty in email marketing practices. The other options listed are not accurate requirements of the CAN-SPAM act.

    Rate this question:

  • 23. 

    Which of the following technique creates a replica of an evidence media?

    • Data Extraction

    • Backup

    • Bit Stream Imaging

    • Data Deduplication

    Correct Answer
    A. Bit Stream Imaging
    Explanation
    Bit Stream Imaging is a technique that creates a complete and exact replica of an evidence media. It captures every bit and byte of data, including deleted and hidden files, as well as the file system structure. This ensures that the integrity of the original evidence is preserved, allowing for a thorough analysis without altering or damaging the original data. Backup, Data Extraction, and Data Deduplication do not create a complete replica of the evidence media, making Bit Stream Imaging the correct answer.

    Rate this question:

  • 24. 

    _______________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

    • Network Forensics

    • Computer Forensics

    • Incident Response

    • Event Reaction

    Correct Answer
    A. Computer Forensics
    Explanation
    Computer Forensics is the correct answer because it involves the use of computer investigation and analysis techniques to uncover potential legal evidence. This field focuses on gathering and analyzing digital evidence from computers, networks, and other digital devices in order to support legal investigations or proceedings. Computer Forensics professionals use specialized tools and techniques to preserve, extract, and analyze data from digital devices, ensuring that the evidence remains admissible in court.

    Rate this question:

  • 25. 

    On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

    • SAM

    • AMS

    • Shadow file

    • Password.conf

    Correct Answer
    A. SAM
    Explanation
    In an Active Directory network using NTLM authentication, the passwords are stored in the Security Account Manager (SAM) database on the domain controllers. The SAM database is a registry file that contains user account information, including usernames and password hashes. This database is used for local authentication and security policies on the domain controllers.

    Rate this question:

  • 26. 

    Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?

    • OpenGL/ES and SGL

    • Surface Manager

    • Media framework

    • WebKit

    Correct Answer
    A. OpenGL/ES and SGL
    Explanation
    OpenGL/ES and SGL are the Android libraries used to render 2D or 3D graphics content to the screen. OpenGL/ES is a widely used graphics API that allows developers to create high-performance 2D and 3D graphics on Android devices. SGL (Software Graphics Library) is a software-based rendering library that provides a fallback option for devices that do not support hardware acceleration. Together, these libraries enable developers to create visually appealing and interactive graphics on Android devices.

    Rate this question:

  • 27. 

    Which one of the following is not a first response procedure?

    • Preserve volatile data

    • Fill forms

    • Crack passwords

    • Take photos

    Correct Answer
    A. Crack passwords
    Explanation
    The correct answer is "Crack passwords" because it is not a first response procedure. First response procedures typically involve actions that are immediate and necessary to preserve evidence or secure a scene. Preserving volatile data, filling forms, and taking photos are all examples of first response procedures that help in documenting and securing the evidence. However, cracking passwords is a more advanced and time-consuming process that typically occurs after the initial response and is not considered a first response procedure.

    Rate this question:

  • 28. 

    Which code does the FAT file system use to mark the file as deleted?

    • ESH

    • 5EH

    • H5E

    • E5H

    Correct Answer
    A. E5H
    Explanation
    The FAT file system uses the code E5H to mark a file as deleted. This code is used as a placeholder in the file allocation table to indicate that the file has been deleted and its space is now available for reuse. When a file is deleted, the first character of its file name is replaced with E5H to indicate its deletion status. This allows the file system to keep track of available space and manage file allocation efficiently.

    Rate this question:

  • 29. 

    Which one d Netstat is a tool for collecting information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics. Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?

    • Netstat - r

    • Netstat - ano

    • Netstat - b

    • Netstat -s

    Correct Answer
    A. Netstat - ano
    Explanation
    The correct answer is "netstat - ano" because the "-ano" option in the netstat command displays all active TCP and UDP connections, listening ports, and the associated process identifiers (PID) for each connection. This allows the user to identify which processes are using specific network connections.

    Rate this question:

  • 30. 

    Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?

    • Justification

    • Authentication

    • Reiteration

    • Certification

    Correct Answer
    A. Authentication
    Explanation
    The term used for Jacob's testimony in this case is "authentication." This is because Jacob is testifying to the accuracy and integrity of the technical log files gathered in the investigation, which is a process of verifying the authenticity of evidence.

    Rate this question:

  • 31. 

    At what layer of the OSI model do routers function on?

    • 4

    • 3

    • 1

    • 4

    Correct Answer
    A. 3
    Explanation
    Routers function at the network layer (layer 3) of the OSI model. The network layer is responsible for logical addressing and routing of data packets between different networks. Routers use IP addresses to determine the best path for forwarding packets to their destination across multiple networks. They make decisions based on network layer information such as IP addresses and routing tables.

    Rate this question:

  • 32. 

    Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?

    • Portable Document Format

    • MS-office Word Document

    • MS-office Word OneNote

    • MS-office Word PowerPoint

    Correct Answer
    A. Portable Document Format
    Explanation
    The Portable Document Format (PDF) does not use Object Linking and Embedding (OLE) technology to embed and link to other objects. OLE is a technology that allows objects from different applications to be linked and embedded within a document. However, PDF is a file format that is independent of any specific software or application and does not support OLE. Therefore, it does not use OLE technology to embed and link to other objects.

    Rate this question:

  • 33. 

    Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID “WIN- ABCDE12345F." Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?

    • WIN-ABCDE12345F.err

    • WIN-ABCDE12345F-bin.n

    • WIN-ABCDE12345F.pid

    • WIN-ABCDE12345F.log

    Correct Answer
    A. WIN-ABCDE12345F.log
    Explanation
    The log file with the name "WIN-ABCDE12345F.log" will help Shane in tracking all the client connections and activities performed on the database server.

    Rate this question:

  • 34. 

    One way to identify the presence of hidden partitions on a suspect's hard drive is to:

    • Add up the total size of all known partitions and compare it to the total size of the hard drive

    • Examine the FAT and identify hidden partitions by noting an H in the partition Type field

    • Examine the LILO and note an H in the partition Type field

    • It is not possible to have hidden partitions on a hard drive

    Correct Answer
    A. Add up the total size of all known partitions and compare it to the total size of the hard drive
    Explanation
    To identify the presence of hidden partitions on a suspect's hard drive, one can add up the total size of all known partitions and compare it to the total size of the hard drive. If the total size of the known partitions is significantly smaller than the total size of the hard drive, it suggests the existence of hidden partitions. This is because hidden partitions are not visible or accounted for in the known partition sizes. Therefore, comparing the two sizes can help in detecting the presence of hidden partitions.

    Rate this question:

  • 35. 

    Jason discovered a file named $RIIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name?

    • It is a doc file deleted in seventh sequential order

    • RIYG6VR.doc is the name of the doc file deleted from the system

    • It is file deleted from R drive

    • Lt is a deleted doc file

    Correct Answer
    A. Lt is a deleted doc file
    Explanation
    From the file name "$RIIYG6VR.doc" found in the recycle bin directory, Jason can infer that it is a deleted doc file.

    Rate this question:

  • 36. 

    What does the acronym POST mean as it relates to a PC?

    • Primary Operations Short Test

    • PowerOn Self Test

    • Pre Operational Situation Test

    • Primary Operating System Test

    Correct Answer
    A. PowerOn Self Test
    Explanation
    The acronym POST stands for PowerOn Self Test. This test is performed by a computer when it is powered on to check if all the hardware components are functioning properly. It checks the memory, keyboard, hard drive, and other essential components. If any issues are detected during the POST, the computer may display error messages or emit beep codes to indicate the problem. The POST is an important diagnostic tool that helps identify hardware failures and ensures that the computer is in a good operational state before the operating system is loaded.

    Rate this question:

  • 37. 

    An expert witness is a    _______________ who is normally appointed by a party to assist the formulation and preparation of a party’s claim or defense.

    • Expert in criminal investigation

    • Subject matter specialist

    • Witness present at the crime scene

    • Expert law graduate appointed by attorney

    Correct Answer
    A. Subject matter specialist
    Explanation
    An expert witness is a subject matter specialist who is appointed by a party to assist in formulating and preparing their claim or defense. This individual has specialized knowledge and expertise in a specific field relevant to the case and provides their professional opinion and analysis to support the party's position. Their role is to provide expert testimony based on their expertise and assist the court in understanding complex technical or scientific matters.

    Rate this question:

  • 38. 

    What advantage does the tool Evidor have over the built-in Windows search?

    • It can find deleted files even after they have been physically removed

    • It can find bad sectors on the hard drive

    • It can search slack space

    • It can find files hidden within ADS 

    Correct Answer
    A. It can search slack space
    Explanation
    Evidor has an advantage over the built-in Windows search because it can search slack space. Slack space is the unused space between the end of a file and the end of the cluster it occupies on a hard drive. Evidor is able to search and retrieve data from this slack space, which can be useful in forensic investigations or recovering deleted or hidden files. The built-in Windows search does not have this capability.

    Rate this question:

  • 39. 

    Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

    • Volume Boot Record

    • Master Boot Record

    • GUID Partition Table

    • Master File Table

    Correct Answer
    A. Master File Table
    Explanation
    The Master File Table (MFT) is a database in which information about every file and directory on an NT File System (NTFS) volume is stored. It acts as a directory for the file system, keeping track of the location and metadata of each file and directory on the volume. The MFT is a crucial component of the NTFS file system and is used by the operating system to access and manage files and directories efficiently.

    Rate this question:

  • 40. 

    What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?

    • AA55

    • OOAA

    • AAOO

    • A100

    Correct Answer
    A. AA55
    Explanation
    The value "AA55" is used as the "Boot Record Signature" to indicate that the boot-loader exists. This value is commonly found in the last two bytes of the boot sector of a disk. It serves as a marker for the boot-loader program, allowing the system to recognize and execute it during the boot process.

    Rate this question:

  • 41. 

    The newer Macintosh Operating System is based on

    • OS/2

    • BSD Unix

    • Linux

    • Microsoft Windows

    Correct Answer
    A. BSD Unix
    Explanation
    The newer Macintosh Operating System is based on BSD Unix. BSD Unix is a Unix-like operating system that was developed at the University of California, Berkeley. It is known for its stability, security, and scalability. Apple adopted BSD Unix as the foundation for their Macintosh Operating System, incorporating its features and functionalities into their own operating system. This decision has allowed Mac OS to benefit from the robustness and reliability of BSD Unix, making it a popular choice among users.

    Rate this question:

  • 42. 

    What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

    • Mcopy

    • Image

    • MD5

    • dd

    Correct Answer
    A. dd
    Explanation
    The correct answer is "dd". The dd command is a standard Linux command that is also available as a Windows application. It can be used to create bit-stream images.

    Rate this question:

  • 43. 

    What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

    • Digital attack

    • Denial of service

    • Physical attack

    • ARP redirect

    Correct Answer
    A. Denial of service
    Explanation
    A denial of service attack occurs when an attacker floods a router with numerous open connections simultaneously, causing the router to stop forwarding packets. This overwhelms the router's resources and prevents it from functioning properly, effectively disabling all the hosts behind the router.

    Rate this question:

  • 44. 

    Madison is on trial for allegedly breaking into her university internal network. The police raided her dorm room and seized all of her computer equipment. Madison lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison lawyer trying to prove the police violated?

    • The 10th Amendment

    • The 5th Amendment

    • The 1st Amendment

    • The 4th Amendment

    Correct Answer
    A. The 4th Amendment
    Explanation
    Madison's lawyer is trying to prove that the police violated the 4th Amendment. This amendment protects individuals from unreasonable searches and seizures by the government. The lawyer is arguing that the police raid and seizure of Madison's computer equipment was unfounded and baseless, meaning it was not supported by probable cause or a valid warrant. By invoking the 4th Amendment, the lawyer is asserting that Madison's rights were violated and the evidence obtained should be excluded from the trial.

    Rate this question:

  • 45. 

    Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the hostjd, and local path information?

    • Host.db

    • Sigstore.db

    • Config.db

    • Filecache.db

    Correct Answer
    A. Config.db
    Explanation
    The file "config.db" stores information about the local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host ID, and local path information.

    Rate this question:

  • 46. 

    To preserve digital evidence, an investigator should .

    • Make two copies of each evidence item using a single imaging tool

    • Make a single copy of each evidence item using an approved imaging tool

    • Make two copies of each evidence item using different imaging tools

    • Only store the original evidence item

    Correct Answer
    A. Make two copies of each evidence item using different imaging tools
    Explanation
    Making two copies of each evidence item using different imaging tools is the best practice for preserving digital evidence. This ensures redundancy and reduces the risk of data loss or corruption. By using different imaging tools, any potential errors or limitations of a single tool can be mitigated. Additionally, having multiple copies allows for verification and comparison of the evidence to ensure its integrity. Storing only the original evidence item is not sufficient as it leaves no room for error or loss of the data.

    Rate this question:

  • 47. 

    Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?

    • FAT File System

    • ReFS

    • ExFAT

    • NTFS File System 

    Correct Answer
    A. NTFS File System 
    Explanation
    NTFS File System uses Master File Table (MFT) database to store information about every file and directory on a volume. MFT is a special file that contains metadata for all files and directories, including their names, size, attributes, and location on the disk. This allows for efficient and organized storage and retrieval of file system information.

    Rate this question:

  • 48. 

    When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

    • The year the evidence was taken

    • The sequence number for the parts of the same exhibit

    • The initials of the forensics analyst

    • The sequential number of the exhibits seized

    Correct Answer
    A. The sequential number of the exhibits seized
    Explanation
    The nnn in the aa/ddmmyy/nnnn/zz format denotes the sequential number of the exhibits seized. This number is used to differentiate between different pieces of evidence that have been collected as part of the same exhibit.

    Rate this question:

  • 49. 

    Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?

    • Mime-Version header

    • Content-Type header

    • Content-Transfer-Encoding header

    • Errors-To header

    Correct Answer
    A. Errors-To header
    Explanation
    The Errors-To header specifies an address for mailer-generated errors to be sent to, instead of the sender's address. This header is used to direct bounce messages, such as "no such user" errors, to a specific email address.

    Rate this question:

Quiz Review Timeline (Updated): Mar 23, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 23, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Nov 07, 2019
    Quiz Created by
    Tui
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.