NWIT263 Midterm (Chapters 5-7) Exam Questions With Correct Answers.
1 view 0 purchase
Course
NWIT 263
Institution
NWIT 263
NWIT263 Midterm (Chapters 5-7) Exam
Questions With Correct Answers.
Explain the differences in resource and data forks used in macOS. - AnswerThe data fork
stores a file's actual data and the resource fork contains file metadata and application
information.
Which of the following is the main c...
NWIT263 Midterm (Chapters 5-7) Exam
Questions With Correct Answers.
Explain the differences in resource and data forks used in macOS. - Answer✔The data fork
stores a file's actual data and the resource fork contains file metadata and application
information.
Which of the following is the main challenge in acquiring an image of a system running macOS?
(Choose all that apply.) - Answer✔b. Vendor training is needed.
d. You need special tools to remove drives from a system running macOS or open its case.
To recover a password in macOS, which tool do you use? - Answer✔c. Keychain Access
What are the major improvements in the Linux Ext4 file system? - Answer✔It added support for
partitions larger than 16 TB, improved management of large files, and offered a more flexible
approach to adding file system features.
How does macOS reduce file fragmentation? - Answer✔By using clumps, which are groups of
contiguous allocation blocks
Linux is the only OS that has a kernel. True or False? - Answer✔False
Hard links work in only one partition or volume. True or False? - Answer✔True
Which of the following Linux system files contains hashed passwords for the local system? -
Answer✔d. /etc/shadow
Which of the following describes the superblock's function in the Linux file system? (Choose all
that apply.) - Answer✔b. Specifies the disk geometry and available space
c. Manages the file system, including configuration information
What's the Disk Arbitration feature used for in macOS? - Answer✔It's used to disable and enable
automatic mounting when a drive is connected via a USB or FireWire device.
In Linux, which of the following is the home directory for the superuser? - Answer✔b. root
Which of the following certifies when an OS meets UNIX requirements? - Answer✔c. The Open
Group
On most Linux systems, current user login information is in which of the following locations? -
Answer✔d. /var/log/utmp
Hard links are associated with which of the following? - Answer✔b. A specific inode
Which of the following describes plist files? (Choose all that apply.) - Answer✔a. You must
have a special editor to view them.
c. They're preference files for applications.
Data blocks contain actual files and directories and are linked directly to inodes. True or False? -
Answer✔True
Which of the following is a new file added in macOS? (Choose all that apply.) - Answer✔c.
/var/db/diagnostics
d. /var/db/uuid.text
Forensics software tools are grouped into _________ and _______________ applications. -
Answer✔GUI, command-line
According to ISO standard 27037, which of the following is an important factor in data
acquisition? (Choose all that apply.) - Answer✔a. The DEFR's competency
c. Use of validated tools
An encrypted drive is one reason to choose a logical acquisition. True or False? - Answer✔True
Hashing, filtering, and file header analysis make up which function of computer forensics tools?
- Answer✔a. Validation and verification
Hardware acquisition tools typically have built-in software for data analysis. True or False? -
Answer✔False; most are used only for acquisition.
The reconstruction function is needed for which of the following purposes? (Choose all that
apply.) - Answer✔a. Re-create a suspect drive to show what happened.
b. Create a copy of a drive for other investigators.
d. Re-create a drive compromised by malware.
List three subfunctions of the extraction function. - Answer✔Answers can include data viewing,
keyword searching, decompressing, carving, decrypting, and bookmarking.
Data can't be written to disk with a command-line tool. True or False? - Answer✔False
2|Page
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
