Midterm CCT-251

30 Questions | Total Attempts: 294

SettingsSettingsSettings
CCT Quizzes & Trivia

Questions and Answers
  • 1. 
    Computer forensics tools are divided into ____ major categories
    • A. 

      4

    • B. 

      5

    • C. 

      2

    • D. 

      3

  • 2. 
    Many password recovery tools have a feature that allows generating potential lists for a ____ attack.
    • A. 

      Salting

    • B. 

      Birthday

    • C. 

      Password dictionary

    • D. 

      Brute-force

  • 3. 
    One way to compare your results and verify your new forensic tool is by using a ____, such as HexWorkshop, or WinHex.
    • A. 

      Disk editor

    • B. 

      Bit-stream copier

    • C. 

      Disk imager

    • D. 

      Write-blocker

  • 4. 
    Raw data is a direct copy of a disk drive. An example of a Raw image is output from the UNIX/Linux ____ command.
    • A. 

      Rawcp

    • B. 

      D2dump

    • C. 

      Dhex

    • D. 

      Dd

  • 5. 
    Software forensics tools are commonly used to copy data from a suspect's disk drive to a(n) ____.
    • A. 

      Firmware

    • B. 

      Recovery copy

    • C. 

      Image file

    • D. 

      Backup copy

  • 6. 
    The NIST project that has as a goal to collect all known hash values for commercial software applications and OS files is ____.
    • A. 

      CFTT

    • B. 

      PARTAB

    • C. 

      NSRL

    • D. 

      FS-TST

  • 7. 
    The simplest method of duplicating a disk drive is using a tool that does a direct ____ copy from the original disk to the target disk.
    • A. 

      Image-to-disk

    • B. 

      Image-to-partition

    • C. 

      Disk-to-disk

    • D. 

      Partition-to-partition

  • 8. 
    After retrieving and examining evidence data with one tool, you should verify your results by performing the same tasks with other similar forensics tools.
    • A. 

      True

    • B. 

      False

  • 9. 
    To help determine what computer forensics tool to purchase, a comparison table of functions, subfunctions, and vendor products is useful.
    • A. 

      True

    • B. 

      False

  • 10. 
    When you research for computer forensics tools, strive for versatile, flexible, and robust tools that provide technical support.
    • A. 

      True

    • B. 

      False

  • 11. 
    IDE ATA controller on an old 486 PC doesn’t recognize disk drives larger than 8.4 ____.
    • A. 

      KB

    • B. 

      MB

    • C. 

      TB

    • D. 

      GB

  • 12. 
    In older Mac OSs, a file consists of two parts: a data fork, where data is stored, and a ____ fork, where file metadata and application information are stored.
    • A. 

      Inodes

    • B. 

      Blocks

    • C. 

      Node

    • D. 

      Resource

  • 13. 
    Linux is probably the most consistent UNIX-like OS because the Linux kernel is regulated under the ____ agreement.
    • A. 

      BSD

    • B. 

      GPL

    • C. 

      GRUB

    • D. 

      AIX

  • 14. 
    On a Linux computer, ____  is the path for the first partition on the primary master IDE disk drive.
    • A. 

      /dev/hdb1

    • B. 

      /dev/sda1

    • C. 

      /dev/hda1

    • D. 

      /dev/ide1

  • 15. 
    On Mac OSs, File Manager uses the ____to store any information not in the MDB or Volume Control Block (VCB).
    • A. 

      Catalog

    • B. 

      Volume information block

    • C. 

      Master directory block

    • D. 

      Extents overflow block

  • 16. 
    The final component in the UNIX and Linux file system is a(n) ____, which is where directories and files are stored on a disk drive.
    • A. 

      Superblock

    • B. 

      Inode block

    • C. 

      Data block

    • D. 

      Boot block

  • 17. 
    The standard Linux file system is ____.
    • A. 

      Ext3fs

    • B. 

      Ext2fs

    • C. 

      NTFS

    • D. 

      HFS+

  • 18. 
    A UNIX or Linux computer has two boot blocks, which are located on the main hard disk.
    • A. 

      True

    • B. 

      False

  • 19. 
    GPL and BSD variations are examples of open-source software.
    • A. 

      True

    • B. 

      False

  • 20. 
    Older Macintosh computers use the same type of BIOS firmware commonly found in PC-based systems.
    • A. 

      True

    • B. 

      False

  • 21. 
    FTK and other computer forensics programs use ____ to tag and document digital evidence.
    • A. 

      Incidents

    • B. 

      Hyperlinks

    • C. 

      Bookmarks

    • D. 

      Tracers

  • 22. 
    In FTK ____ search mode, you can also look for files that were accessed or changed during a certain time period.
    • A. 

      Active

    • B. 

      Live

    • C. 

      Inline

    • D. 

      Indexed

  • 23. 
    Marking bad clusters data-hiding technique is more common with ____ file systems.
    • A. 

      Ext2fs

    • B. 

      FAT

    • C. 

      HFS

    • D. 

      NTFS

  • 24. 
    People who want to hide data can also use advanced encryption programs, such as PGP or ____.
    • A. 

      NTI

    • B. 

      BestCrypt

    • C. 

      FTK

    • D. 

      PRTK

  • 25. 
    There are ____  searching options for keywords which FTK offers.5
    • A. 

      5

    • B. 

      3

    • C. 

      4

    • D. 

      2

Related Topics
Back to Top Back to top