CHFIv9
• SAM database file
The information about the system users is stored in which file?
• Prefetching is disabled
The value 0 associated with the registry entry EnablePrefetcher tells the system to use which prefetch?
• Boot prefetching is enabled
What prefetch does value 2 from the registry entry EnablePrefetcher tell the system to use?
• Kernel stage
What stage of the Linux boot process includes the task of loading the virtual root file system created by the initrd image and executes the Linuxrc program?
• BIOS stage
What stage of the Linux boot process initializes the system hardware and retrieves the information stored in the CMOS (Complementary Metal-Oxide Semiconductor) chip?
• Drive:\RECYCLED
Where are deleted items stored on Windows 98 and earlier versions of Windows?
• Drive:\RECYCLER
Where are deleted items stored on the Windows 2000, XP, and NT versions of Windows?
• Logical block 2
Which HFS volume structure contains the Master Directory Block (MDB), which defines a wide variety of data about the volume itself?
• LBA 34
Which LBA will be the first usable sector?
• RFC 5322
Which RFC defines normal email communication?
• Get-boot sector
Which cmdlet can investigators use in Windows PowerShell to parse GPTs of both types of hard disks including the ones formatted with either UEFI or MBR?
• istat
Which command from The Sleuth Kit (TSK) displays details of a metadata structure such as inode?
• Kernel mode
Which component of the NTFS architecture is the processing mode that permits the executable code to have direct access to all the system components?
• Ntldlr.dll
Which component of the NTFS architecture reads the contents of the Boot.ini file?
• second
Which field is the standard identifier set to CD001 for a CD-ROM compliant to the ISO 9660 standard?
• Number 3
Which field type refers to the volume descriptor as a partition descriptor?
• Number 1
Which field type refers to the volume descriptor as a primary?
• Ext3
Which file system used in Linux was developed by Stephen Tweedie in 2001 as a journaling file system that improves reliability of the system?
• Mount count
Which information held by the superblock allows the system to determine if the file system needs to be fully checked and increments each time the system places access to the file system?
• Mode
Which inode field determines what the inode describes and the permissions that users have to it?
• Log generation
Which is NOT a log management system function?
• DXE (Driver Execution Environment) Phase
Which item describes the UEFI boot process phase in which the majority of the initialization occurs?
• SEC phase
Which item describes the following UEFI boot process phase? The phase of EFI consisting of initialization code the system executes after powering the system on, manages platform reset events, and sets the system state.
• The primary volume descriptor
Which of the following ISO 9660 compliant portion of a compact disc describes the location of the contiguous root directory similar to the super block of the UNIX file system?
• GNU parted
Which of the following basic partitioning tools displays details about GPT partition tables in Linux OS?
• Quantum storage devices
Which of the following is NOT a digital data storage type?
• Recovering files from a network drive
Which of the following is NOT a feature of the Recover My Files tool?
• Non-volatile memory
Which of the following is NOT an advantage of SSDs over HDDs?
• Smaller evidence in size
Which of the following is NOT an element of cyber crime?
• BIOS parameter block
Which of the following is a data structure situated at sector 1 in the volume boot record of a hard disk to explain the physical layout of a disk volume?
• OFFSET
Which of the following is either the start of a file or the start of a memory address, where its value is added to a base address to derive the actual address?
• BDS phase
Which of the following is one of the five UEFI boot process phases?
• PEI phase
Which of the following is one of the five UEFI boot process phases?
• 32,768
Which of the following is the correct number of bytes reserved at the beginning of a CD-ROM for booting a computer?
• Incident handlers
Which of the following stakeholders is the first responder for all the security events or occurrences taking place on a cloud?
• Improper Error Handling
Which web application threat arises when a web application is unable to handle technical issues properly and the website returns information, such as database dumps, stack traces, and codes?
• Insecured storage
Which web application threat occurs when an attacker is allowed to gain access as a legitimate user to a web application or data such as account records, credit card numbers, passwords, or other authenticated information?
• Broken access control
Which web application threat occurs when attackers identify a flaw, bypass authentication, and compromise the network?
• Unvalidated input
Which web application threat occurs when attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, or query strings?
• 64 bytes
How large is the partition table structure that stores information about the partitions present on the hard disk?
• Avoid leaning and develop self-confidence
How should expert witnesses conduct themselves while presenting testimony to any court or attorney?
LBA2
In the GUID Partition table, which Logical Block Address contains the Partition Entry Array?
• Cylinder groups
What UFS file system part comprises a collection, including a header with statistics and free lists, a number of inodes containing file attributes, and a number of data blocks?
• Boot block
What UFS file system part is composed of a few blocks in the partition reserved at the beginning?
• PaaS
What cloud service offers a platform for developing applications and services?
• FAT area
What component of a typical FAT32 file system contains duplicates of the File Allocation Table to help the system check for empty or idle spaces and detailed information about clusters and their contents including files and directories?
• GIF
What is a CompuServe-generated format from 1987 that uses lossless data compression techniques, maintaining the visual quality of the image?
• Malvertising
What is a common technique used to distribute malware on the web by embedding malware-laden advertisements in authentic online advertising channels to spread onto systems of unsuspecting users?
• Blackhat SEO
What is a common technique used to distribute malware on the web with tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to get a higher search engine ranking for malware pages?
• Autopsy
What is a digital forensics platform and graphical interface to TSK and other digital forensics tools?
• Hamming codes
What is a form of error correcting code (ECC) used to help calculate the redundant bits in a RAID 2?
• ASCII
What is a machine-readable language used in major digital operations, such as sending and receiving emails?
• JPEG
What is a method of lossy compression for digital images that allows users to adjust the degree of compression?
• GUID Partition Table
What is a standard partitioning scheme for hard disks and part of the Unified Extensible Firmware Interface?
• Data loss
What is considered the biggest threat to mobile devices?
• Raid level 1
What is the RAID level that executes mirroring as it duplicates drive data onto multiple drives?
• SOX
What is the act passed by U.S. Congress to protect investors from the possibility of fraudulent accounting activities by corporations?
-1
What is the last addressable block where negative addressing of the logical blocks starts from the end of the volume in GPT?
• 34 TB
What is the maximum file system size in ext3?
• 1 EiB
What is the maximum file system size in ext4?
• To educate the public and court
What is the role of an expert witness?
• Client layer
What layer of web application architecture includes all the web appliances, such as smartphones and PCs, where interaction with a web application deployed on a web server occurs?
• Business Layer
What layer of web application architecture is responsible for the core functioning of the system and includes logic and applications, such as .NET, used by developers to build websites according to client requirements?
