CHFIv9

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

• SAM database file

The information about the system users is stored in which file?

• Prefetching is disabled

The value 0 associated with the registry entry EnablePrefetcher tells the system to use which prefetch?

• Boot prefetching is enabled

What prefetch does value 2 from the registry entry EnablePrefetcher tell the system to use?

• Kernel stage

What stage of the Linux boot process includes the task of loading the virtual root file system created by the initrd image and executes the Linuxrc program?

• BIOS stage

What stage of the Linux boot process initializes the system hardware and retrieves the information stored in the CMOS (Complementary Metal-Oxide Semiconductor) chip?

• Drive:\RECYCLED

Where are deleted items stored on Windows 98 and earlier versions of Windows?

• Drive:\RECYCLER

Where are deleted items stored on the Windows 2000, XP, and NT versions of Windows?

• Logical block 2

Which HFS volume structure contains the Master Directory Block (MDB), which defines a wide variety of data about the volume itself?

• LBA 34

Which LBA will be the first usable sector?

• RFC 5322

Which RFC defines normal email communication?

• Get-boot sector

Which cmdlet can investigators use in Windows PowerShell to parse GPTs of both types of hard disks including the ones formatted with either UEFI or MBR?

• istat

Which command from The Sleuth Kit (TSK) displays details of a metadata structure such as inode?

• Kernel mode

Which component of the NTFS architecture is the processing mode that permits the executable code to have direct access to all the system components?

• Ntldlr.dll

Which component of the NTFS architecture reads the contents of the Boot.ini file?

• second

Which field is the standard identifier set to CD001 for a CD-ROM compliant to the ISO 9660 standard?

• Number 3

Which field type refers to the volume descriptor as a partition descriptor?

• Number 1

Which field type refers to the volume descriptor as a primary?

• Ext3

Which file system used in Linux was developed by Stephen Tweedie in 2001 as a journaling file system that improves reliability of the system?

• Mount count

Which information held by the superblock allows the system to determine if the file system needs to be fully checked and increments each time the system places access to the file system?

• Mode

Which inode field determines what the inode describes and the permissions that users have to it?

• Log generation

Which is NOT a log management system function?

• DXE (Driver Execution Environment) Phase

Which item describes the UEFI boot process phase in which the majority of the initialization occurs?

• SEC phase

Which item describes the following UEFI boot process phase? The phase of EFI consisting of initialization code the system executes after powering the system on, manages platform reset events, and sets the system state.

• The primary volume descriptor

Which of the following ISO 9660 compliant portion of a compact disc describes the location of the contiguous root directory similar to the super block of the UNIX file system?

• GNU parted

Which of the following basic partitioning tools displays details about GPT partition tables in Linux OS?

• Quantum storage devices

Which of the following is NOT a digital data storage type?

• Recovering files from a network drive

Which of the following is NOT a feature of the Recover My Files tool?

• Non-volatile memory

Which of the following is NOT an advantage of SSDs over HDDs?

• Smaller evidence in size

Which of the following is NOT an element of cyber crime?

• BIOS parameter block

Which of the following is a data structure situated at sector 1 in the volume boot record of a hard disk to explain the physical layout of a disk volume?

• OFFSET

Which of the following is either the start of a file or the start of a memory address, where its value is added to a base address to derive the actual address?

• BDS phase

Which of the following is one of the five UEFI boot process phases?

• PEI phase

Which of the following is one of the five UEFI boot process phases?

• 32,768

Which of the following is the correct number of bytes reserved at the beginning of a CD-ROM for booting a computer?

• Incident handlers

Which of the following stakeholders is the first responder for all the security events or occurrences taking place on a cloud?

• Improper Error Handling

Which web application threat arises when a web application is unable to handle technical issues properly and the website returns information, such as database dumps, stack traces, and codes?

• Insecured storage

Which web application threat occurs when an attacker is allowed to gain access as a legitimate user to a web application or data such as account records, credit card numbers, passwords, or other authenticated information?

• Broken access control

Which web application threat occurs when attackers identify a flaw, bypass authentication, and compromise the network?

• Unvalidated input

Which web application threat occurs when attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, or query strings?

• 64 bytes

How large is the partition table structure that stores information about the partitions present on the hard disk?

• Avoid leaning and develop self-confidence

How should expert witnesses conduct themselves while presenting testimony to any court or attorney?

LBA2

In the GUID Partition table, which Logical Block Address contains the Partition Entry Array?

• Cylinder groups

What UFS file system part comprises a collection, including a header with statistics and free lists, a number of inodes containing file attributes, and a number of data blocks?

• Boot block

What UFS file system part is composed of a few blocks in the partition reserved at the beginning?

• PaaS

What cloud service offers a platform for developing applications and services?

• FAT area

What component of a typical FAT32 file system contains duplicates of the File Allocation Table to help the system check for empty or idle spaces and detailed information about clusters and their contents including files and directories?

• GIF

What is a CompuServe-generated format from 1987 that uses lossless data compression techniques, maintaining the visual quality of the image?

• Malvertising

What is a common technique used to distribute malware on the web by embedding malware-laden advertisements in authentic online advertising channels to spread onto systems of unsuspecting users?

• Blackhat SEO

What is a common technique used to distribute malware on the web with tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to get a higher search engine ranking for malware pages?

• Autopsy

What is a digital forensics platform and graphical interface to TSK and other digital forensics tools?

• Hamming codes

What is a form of error correcting code (ECC) used to help calculate the redundant bits in a RAID 2?

• ASCII

What is a machine-readable language used in major digital operations, such as sending and receiving emails?

• JPEG

What is a method of lossy compression for digital images that allows users to adjust the degree of compression?

• GUID Partition Table

What is a standard partitioning scheme for hard disks and part of the Unified Extensible Firmware Interface?

• Data loss

What is considered the biggest threat to mobile devices?

• Raid level 1

What is the RAID level that executes mirroring as it duplicates drive data onto multiple drives?

• SOX

What is the act passed by U.S. Congress to protect investors from the possibility of fraudulent accounting activities by corporations?

-1

What is the last addressable block where negative addressing of the logical blocks starts from the end of the volume in GPT?

• 34 TB

What is the maximum file system size in ext3?

• 1 EiB

What is the maximum file system size in ext4?

• To educate the public and court

What is the role of an expert witness?

• Client layer

What layer of web application architecture includes all the web appliances, such as smartphones and PCs, where interaction with a web application deployed on a web server occurs?

• Business Layer

What layer of web application architecture is responsible for the core functioning of the system and includes logic and applications, such as .NET, used by developers to build websites according to client requirements?


Ensembles d'études connexes

Neurobiology of Eating and Eating Disorders Midterm 2

View Set

Quiz 3: Segmentation and Targeting

View Set

Understanding Psychology Chapter 3 Vocab

View Set

Microeconomics 153 Chapter 4 Test

View Set

Lesson 5: Hormones and Metabolism

View Set