100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
NWIT263 Midterm (Chapters 5-7) Exam Questions With Correct Answers. $10.49
Add to cart
Quickly navigate to
Preview
  2.  
  3. NWIT 263
  4.  
  5. NWIT 263

Exam (elaborations)

NWIT263 Midterm (Chapters 5-7) Exam Questions With Correct Answers.
 0 purchase
  • Course
  • NWIT 263
  • Institution
  • NWIT 263

NWIT263 Midterm (Chapters 5-7) Exam Questions With Correct Answers. Explain the differences in resource and data forks used in macOS. - AnswerThe data fork stores a file's actual data and the resource fork contains file metadata and application information. Which of the following is the main c...

[Show more]

Preview 2 out of 5  pages

Document information

  • January 15, 2025
  • 5
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • nwit263 midterm chapters 5 7 exam questions with

Written for

  • NWIT 263
  • NWIT 263

Seller

avatar-seller
Brightstars

Reviews received

Content preview

©BRIGHSTARS 2024/2025 ALL RIGHTS RESERVED.




NWIT263 Midterm (Chapters 5-7) Exam
Questions With Correct Answers.



Explain the differences in resource and data forks used in macOS. - Answer✔The data fork
stores a file's actual data and the resource fork contains file metadata and application
information.
Which of the following is the main challenge in acquiring an image of a system running macOS?
(Choose all that apply.) - Answer✔b. Vendor training is needed.
d. You need special tools to remove drives from a system running macOS or open its case.

To recover a password in macOS, which tool do you use? - Answer✔c. Keychain Access

What are the major improvements in the Linux Ext4 file system? - Answer✔It added support for
partitions larger than 16 TB, improved management of large files, and offered a more flexible
approach to adding file system features.

How does macOS reduce file fragmentation? - Answer✔By using clumps, which are groups of
contiguous allocation blocks

Linux is the only OS that has a kernel. True or False? - Answer✔False

Hard links work in only one partition or volume. True or False? - Answer✔True
Which of the following Linux system files contains hashed passwords for the local system? -
Answer✔d. /etc/shadow
Which of the following describes the superblock's function in the Linux file system? (Choose all
that apply.) - Answer✔b. Specifies the disk geometry and available space
c. Manages the file system, including configuration information

What's the Disk Arbitration feature used for in macOS? - Answer✔It's used to disable and enable
automatic mounting when a drive is connected via a USB or FireWire device.

In Linux, which of the following is the home directory for the superuser? - Answer✔b. root


1|Page

, ©BRIGHSTARS 2024/2025 ALL RIGHTS RESERVED.

Which of the following certifies when an OS meets UNIX requirements? - Answer✔c. The Open
Group
On most Linux systems, current user login information is in which of the following locations? -
Answer✔d. /var/log/utmp

Hard links are associated with which of the following? - Answer✔b. A specific inode

Which of the following describes plist files? (Choose all that apply.) - Answer✔a. You must
have a special editor to view them.
c. They're preference files for applications.
Data blocks contain actual files and directories and are linked directly to inodes. True or False? -
Answer✔True

Which of the following is a new file added in macOS? (Choose all that apply.) - Answer✔c.
/var/db/diagnostics
d. /var/db/uuid.text
Forensics software tools are grouped into _________ and _______________ applications. -
Answer✔GUI, command-line
According to ISO standard 27037, which of the following is an important factor in data
acquisition? (Choose all that apply.) - Answer✔a. The DEFR's competency
c. Use of validated tools

An encrypted drive is one reason to choose a logical acquisition. True or False? - Answer✔True
Hashing, filtering, and file header analysis make up which function of computer forensics tools?
- Answer✔a. Validation and verification
Hardware acquisition tools typically have built-in software for data analysis. True or False? -
Answer✔False; most are used only for acquisition.
The reconstruction function is needed for which of the following purposes? (Choose all that
apply.) - Answer✔a. Re-create a suspect drive to show what happened.
b. Create a copy of a drive for other investigators.
d. Re-create a drive compromised by malware.

List three subfunctions of the extraction function. - Answer✔Answers can include data viewing,
keyword searching, decompressing, carving, decrypting, and bookmarking.

Data can't be written to disk with a command-line tool. True or False? - Answer✔False



2|Page

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

66184 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 15 years now

Start selling
$10.49
  • (0)
Add to cart
Added