FORMATIVE 2

Question 1

How does a solid-state drive (SSD) store data?
Group of answer choices

Using tape-based storage

Using magnetic spinning platters

With optical storage discs

Using NAND-based flash memory

Answer 1

Using NAND-based flash memory

Question 2

What feature distinguishes ext3 from ext2?
Group of answer choices

Compatibility with older hardware

File journaling support

Faster booting times

Higher compression rates

Answer 2

File journaling support

Question 3

What type of data structure is used in NTFS to store file metadata?

Inode

Master File Table (MFT)

Superblock

Logical Block

Answer 3

Master File Table (MFT)

Question 4

What does “journaling” in a file system ensure?

Recovery of data in case of system crashes

File compression for efficient storage

Faster execution of user applications

Permanent deletion of unused files

Answer 4

Recovery of data in case of system crashes

Question 5

In a hard disk drive, what is the purpose of the read/write head?
Group of answer choices

To manage network traffic

To process data stored in RAM

To transfer data between different partitions

To read and write data to/from the disk surface

Answer 5

To read and write data to/from the disk surface

Question 6

What is a common disk interface used in modern hard drives?
Group of answer choices

SATA

NVMe

IDE

Both SATA and NVMe

Answer 6

Both SATA and NVMe

Question 7

What is the significance of “logical black addressing (LBA)”?

It simplifies the storage addressing system

It describes physical hardware connections

It compresses files for storage efficiency

It determines the encryption key of a hard drive

Answer 7

It simplifies the storage addressing system

Question 8

What is a “superblock” in the context of Linux file systems?
Group of answer choices

A temporary file used during booting

A security feature that encrypts system logs

A reserved area for storing deleted files

Metadata containing information about the entire file system

Answer 8

Metadata containing information about the entire file system

Question 9

What is the main purpose of sectors on a hard drive?
Group of answer choices

To store the operating system kernel

To define physical divisions on the disk for data storage

To divide data into compressed files

To encrypt critical system information

Answer 9

To define physical divisions on the disk for data storage

Question 10

Which file system is specific to macOS?
Group of answer choices

ext4

HFS+

NTFS

FAT32

Answer 10

HFS+

Question 11

What is the primary concern when capturing data from encrypted devices?
Group of answer choices

Creating an incremental backup

Encrypting volatile data

Ensuring compatibility with file systems

Acquiring data without damaging encryption keys

Answer 11

Acquiring data without damaging encryption keys

Question 12

Which step comes first in the data acquisition process?
Group of answer choices

Securing the scene

Hashing the collected data

Analyzing evidence

Creating a forensic image

Answer 12

Securing the scene

Question 13

What does a “bit-stream image” include?
Group of answer choices

Only the active files on a disk

Metadata of the analyzed file system

A compressed copy of user data

A complete copy of all sectors, including deleted and hidden data

Answer 13

A complete copy of all sectors, including deleted and hidden data.

Question 14

What is the primary objective of data acquisition in digital forensics?
Group of answer choices

Preserving the integrity of evidence during collection

Encrypting evidence for security

Analyzing the original evidence directly

Formatting the storage device for analysis

Answer 14

Preserving the integrity of evidence during collection

Question 15

What does “selective acquisition” focus on?
Group of answer choices

Hashing volatile system logs

Collecting only relevant files or folders

Analyzing encrypted file systems

Capturing all data on a disk

Answer 15

Collecting only relevant files or folders

Question 16

Which acquisition tool can capture data at the sector level?
Group of answer choices

dd

EnCase

Sleuth Kit

FTK Imager

Answer 16

dd

Question 17

What does the term “logical acquisition” refer to?
Group of answer choices

Creating a complete bit-stream image

Capturing data from volatile storage

Encrypting file systems during acquisition

Copying only specific files or folders

Answer 17

Copying only specific files or folders

Question 18

What is the purpose of an acquisition report?
Group of answer choices

To store acquired data in a compressed format

To outline the steps and tools used during data collection

To encrypt collected evidence for secure transfer

To create backups of volatile data

Answer 18

To outline the steps and tools used during data collection

Question 19

Why is documentation critical during the data acquisition process?
Group of answer choices

To encrypt collected evidence for security

To generate reports for end users

To reduce the size of collected evidence

To track all steps and tools used for evidence collection

Answer 19

To track all steps and tools used for evidence collection

Question 20

Which of the following data types is considered volatile?
Group of answer choices

Open network connections

Archived emails

Data stored on a USB drive

System logs

Answer 20

Open network connections

Question 21

What is the primary focus of metadata analysis in anti-forensics countermeasures?
Group of answer choices

To identify inconsistencies in file properties

To encrypt sensitive data

To delete unused logs

To compress large datasets for analysis

Answer 21

To identify inconsistencies in file properties

Question 22

Which countermeasure is used to detect manipulated timestamps?
Group of answer choices

Metadata verification

Steganalysis

Log correlation

Hash comparison

Answer 22

Metadata verification

Question 23

What is the role of secure file deletion software?
Group of answer choices

To overwrite data to ensure it cannot be recovered

To encrypt files for storage

To create backups of important files

To compress large files for transmission

Answer 23

To overwrite data to ensure it cannot be recovered

Question 24

Which anti-forensics technique is aimed at hiding the true content of files?
Group of answer choices

Encryption

Log wiping

File carving

Metadata alteration

Answer 24

Encryption

Question 25

Why is recovering overwritten files particularly challenging? Group of answer choices Overwriting increases system performance The original data is compressed during overwriting Overwritten data cannot be recovered without specialized tools Overwritten data is encrypted

Answer 25

Overwritten data cannot be recovered without specialization tools

Question 26

What is the main goal of anti-forensics? Group of answer choices To recover lost data from storage devices To prevent forensic investigators from accessing or analyzing evidence To enhance data security To encrypt sensitive files

Answer 26

To prevent forensic investigators from accessing or analyzing evidence

Question 27

What is the primary challenge with detecting steganography? Group of answer choices It uses strong encryption methods It requires specialized hardware for analysis It leaves no visible traces of hidden data It compresses files beyond recovery

Answer 27

It leaves no visible traces of hidden data

Question 28

What does the term "hash collision" refer to? Group of answer choices Two different pieces of data producing the same hash value A mismatch between original and duplicate files A failure to generate a valid hash value A corrupted metadata entry

Answer 28

Two different pieces of data producing the same hash value

Question 29

What is the purpose of log wiping in anti-forensics? Group of answer choices To improve system performance by removing old logs To create backups of system logs To erase traces of user activity from log files To encrypt system log files for security

Answer 29

To erase traces of user activity from log files

Question 30

Which of the following tools can be used to detect and counter steganography? Group of answer choices Timestomp FTK Imager ExifTool Volatility

Answer 30

ExifTool

Question 31

Which Linux file system introduced journaling? ext3 FAT32 NTFS ext4

Answer 31

ext3

Question 32

What is the key difference between HFS+ and APFS in macOS? Group of answer choices APFS is optimized for SSDs HFS+ provides faster data access APFS is incompatible with modern macOS versions HFS+ supports file journaling while APFS does not

Answer 32

APFS is optimized for SSDs

Question 33

What is the main purpose of the FAT32 file system? Group of answer choices To support older operating systems with a simpler structure To manage large disks with greater reliability To encrypt files for security To compress files for efficient storage

Answer 33

To support older operating systems with a simpler structure

Question 34

What is the primary function of a file system? Group of answer choices To organize and manage data on storage devices To analyze network activity To create backups of critical system files To secure files using encryption

Answer 34

To organize and manage data on storage devices

Question 35

What is an inode in Linux file systems? Group of answer choices A process used to encrypt file names A structure that stores metadata about files A temporary data storage unit A type of directory

Answer 35

A structure that stores metadata about files

Question 36

Which file system is specific to macOS? Group of answer choices ext4 FAT32 HFS+ NTFS

Answer 36

HFS+

Question 37

What is the main advantage of SSDs over HDDs? Group of answer choices Higher data storage capacity Lower cost Faster data access speeds Longer lifespan

Answer 37

Faster data access speeds

Question 38

Which of the following is an essential feature of solid-state drives (SSDs)? Group of answer choices Dependence on moving parts Use of tape-based storage mechanisms Rotating magnetic disks for data storage Low latency and faster read/write speeds

Answer 38

Low latency and faster read/write speeds

Question 39

What is the role of a write blocker during data acquisition? Group of answer choices Encrypting data on the original device Preventing modifications to the original evidence Blocking unauthorized network access Allowing data to be modified securely

Answer 39

Preventing modifications to the original evidence

Question 40

Which of the following is an example of live data acquisition? Group of answer choices Imaging a hard drive of a powered-off system Capturing data from a network in real time Creating backups of archived data Copying deleted files from a USB drive

Answer 40

Capturing data from a network in real time

Question 41

Which file format is NOT commonly used for data acquisition? Group of answer choices NTFS RAW E01 AFF

Answer 41

NTFS

Question 42

How does the dd tool assist in data acquisition? Group of answer choices By analyzing metadata of captured files By creating a bit-by-bit copy of storage media By hashing collected evidence By capturing live network traffic

Answer 42

By creating a bit-by-bit copy of storage media

Question 43

Which of the following is a challenge in data acquisition? Group of answer choices Encrypting acquired evidence Maintaining the integrity of volatile data Ensuring compatibility with all file systems Analyzing archived data

Answer 43

Maintaining the integrity of volatile data

Question 44

Which of the following is an example of static acquisition? Group of answer choices Recording real-time network traffic Imaging a powered-off laptop hard drive Capturing RAM data from a live system Collecting data from open processes

Answer 44

Imaging a powered-off laptop hard drive

Question 45

What is a key advantage of using AFF for data acquisition? Group of answer choices It supports real-time analysis of volatile data It compresses data for efficient storage It allows direct access to deleted files It encrypts acquired data by default

Answer 45

It compresses data for efficient storage

Question 46

What does steganography involve? Group of answer choices Compressing large files for transmission Hiding information within other files, such as images or videos Deleting unnecessary system logs Encrypting files for secure storage

Answer 46

Hiding information within other files, such as images or videos

Question 47

Which tool is commonly used to detect timestamp manipulation? Group of answer choices Timestomp FTK Imager ExifTool Wireshark

Answer 47

ExifTool

Question 48

What is the purpose of anti-forensics countermeasures? Group of answer choices To encrypt system logs for security To compress files for faster transmission To assist forensic investigators in detecting and analyzing evidence tampering To hide user activity on a system

Answer 48

To hide user activity on a system

Question 49

How can forensic investigators counter log wiping? Group of answer choices By recovering deleted logs from slack space By compressing recovered logs By using specialized log recovery tools By encrypting system logs for security

Answer 49

By using specialized log recovery tools

Question 50

Which anti-forensics technique can prevent hash-based file analysis? Group of answer choices File deletion Data encryption Hash collision generation Metadata modification

Answer 50

Hash collision generation

Question 51

What is the main objective of anti-forensics countermeasures? Group of answer choices To encrypt sensitive data for long-term storage To detect, recover, and analyze tampered or hidden evidence To assist in system performance optimization To simplify forensic investigations

Answer 51

To detect, recover, and analyze tampered or hidden evidence