Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
The image would be created once a data duplication is done from the original device. The image that created should mount as “read-only”. What is the reason for this?
Correct
The “read-only” file can avoid the user from altering the information in that particular file
Incorrect
The “read-only” file can avoid the user from altering the information in that particular file
-
Question 2 of 10
2. Question
The duplicated copy of the data should be made on a media which is “forensically sterile”. Which of the following best describes the meaning of “forensically sterile”?
Correct
A media which is forensically sterile means that the media is totally free from other data and viruses
Incorrect
A media which is forensically sterile means that the media is totally free from other data and viruses
-
Question 3 of 10
3. Question
The dd command is used in Linux to convert and copy data for the system running. Which of the following best describe the specification of the dd command?
Correct
The dd command is a useful tool used by the forensic investigator to extract file in a large batch
Incorrect
The dd command is a useful tool used by the forensic investigator to extract file in a large batch
-
Question 4 of 10
4. Question
The term “Boot” means the initial startup of the system in the computer term. Which of the following best describe “The Boot Process”?
Correct
The “Boot process” is used to reload all the time when back to switched on
Incorrect
The “Boot process” is used to reload all the time when back to switched on
-
Question 5 of 10
5. Question
What would be happened when a file is empty once it is restored from deletion?
Correct
When the file size is zero, it will create an empty file. As there is too much file inside the cluster, it was overwritten by another file and nothing to be recover
Incorrect
All the slack space, hidden partitions, and swap file can be used by the forensic investigator to obtain relevant evidence related to the incident
-
Question 6 of 10
6. Question
An MD5 generator is an application to ensuring the integrity of the file and application system. Which of the following(s) best describes the function of an MD5 generator?
Correct
An MD5 generator can add a layer of protection to maintain the value of custody of the evidence and the entire admissibility of the original evidence
Incorrect
An MD5 generator can add a layer of protection to maintain the value of custody of the evidence and the entire admissibility of the original evidence
-
Question 7 of 10
7. Question
Which of the following best describe “slack space” in a computer operating system?
Correct
Slack space exists on a Windows disk between the end of the last cluster and the end of the file
Incorrect
Slack space exists on a Windows disk between the end of the last cluster and the end of the file
-
Question 8 of 10
8. Question
Which of the following demonstrates the correct way of a computer forensic investigator when examining a computer based on the Windows operating system?
Correct
A forensic investigator will more focus on investigating files that have been updated and developed most recently at a timeline of activities
Incorrect
A forensic investigator will more focus on investigating files that have been updated and developed most recently at a timeline of activities
-
Question 9 of 10
9. Question
“Word Extractor” is an application used to discover human-understandable interpretations from the computer binary format. Which of the following feature is offers to the user by “Word Extractor”?
Correct
Incorrect
-
Question 10 of 10
10. Question
The Windows will create a memory dump file when it crashes. It is useful in examining the system bugs and analyzes the memory contents of a program failure. Which of the following can be obtained from a memory dump file?
Correct
Incorrect