Chat with AI
Deck 6: Working With Windows and Dos Systems
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 6: Working With Windows and Dos Systems
1
The file or folder's MFT record provides cluster addresses where the file is stored on the drive's partition. These cluster addresses are referred to as ____.
A) virtual runs
B) metada
C) metaruns
D) data runs
A) virtual runs
B) metada
C) metaruns
D) data runs
D
2
Records in the MFT are referred to as ____.
A) hyperdata
B) metadata
C) inodes
D) infodata
A) hyperdata
B) metadata
C) inodes
D) infodata
B
3
When Microsoft introduced Windows 2000, it added built-in encryption to NTFS called ____.
A) EFS
B) VFAT
C) LZH
D) RAR
A) EFS
B) VFAT
C) LZH
D) RAR
A
4
____ is a 16-bit real-mode program that queries the system for device and configuration data, and then passes its findings to NTLDR.
A) Hal.dll
B) Boot.ini
C) NTDetect.com
D) BootSect.dos
A) Hal.dll
B) Boot.ini
C) NTDetect.com
D) BootSect.dos
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
When Microsoft created Windows 95, it consolidated initialization (.ini) files into the ____.
A) IniRecord
B) Inidata
C) Registry
D) Metadata
A) IniRecord
B) Inidata
C) Registry
D) Metadata
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
As data is added, the MFT can expand to take up 75% of the NTFS disk.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
On an NTFS disk, immediately after the Partition Boot Sector is the ____.
A) FAT
B) HPFS
C) MBR
D) MFT
A) FAT
B) HPFS
C) MBR
D) MFT
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
The first 5 bytes (characters) for all MFT records are MFTR0.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
____, located in the root folder of the system partition, is the device driver that allows the OS to communicate with SCSI or ATA drives that aren't related to the BIOS.
A) Hal.dll
B) NTBootdd.sys
C) Boot.ini
D) Ntoskrnl.exe
A) Hal.dll
B) NTBootdd.sys
C) Boot.ini
D) Ntoskrnl.exe
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
____ is the file structure database that Microsoft originally designed for floppy disks.
A) NTFS
B) FAT32
C) VFAT
D) FAT
A) NTFS
B) FAT32
C) VFAT
D) FAT
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Data streams can obscure valuable evidentiary data, intentionally or by coincidence.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
____ was introduced when Microsoft created Windows NT and is the primary file system for Windows Vista.
A) FAT32
B) VFAT
C) NTFS
D) HPFS
A) FAT32
B) VFAT
C) NTFS
D) HPFS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
One way to examine a partition's physical level is to use a disk editor, such as Norton DiskEdit, WinHex, or Hex Workshop.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
____, located in the root folder of the system partition, specifies the Windows XP path installation and contains options for selecting the Windows version.
A) Boot.ini
B) BootSec.dos
C) NTDetect.com
D) NTBootdd.sys
A) Boot.ini
B) BootSec.dos
C) NTDetect.com
D) NTBootdd.sys
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
In the NTFS MFT, all files and folders are stored in separate records of ____ bytes each.
A) 1024
B) 1512
C) 2048
D) 2512
A) 1024
B) 1512
C) 2048
D) 2512
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
A ____ is a column of tracks on two or more disk platters.
A) cylinder
B) sector
C) track
D) head
A) cylinder
B) sector
C) track
D) head
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
____ refers to the number of bits in one square inch of a disk platter.
A) Head skew
B) Areal density
C) Cylinder skew
D) ZBR
A) Head skew
B) Areal density
C) Cylinder skew
D) ZBR
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
The purpose of the ____ is to provide a mechanism for recovering encrypted files under EFS if there's a problem with the user's original private key.
A) certificate escrow
B) recovery certificate
C) administrator certificate
D) root certificate
A) certificate escrow
B) recovery certificate
C) administrator certificate
D) root certificate
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
The type of file system an OS uses determines how data is stored on the disk.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
____ is how most manufacturers deal with a platter's inner tracks being shorter than its outer tracks.
A) Head skew
B) Cylinder skew
C) ZBR
D) Areal density
A) Head skew
B) Cylinder skew
C) ZBR
D) Areal density
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
____ contain instructions for the OS for hardware devices, such as the keyboard, mouse, and video card, and are stored in the %system-root%\Windows\System32\Drivers folder.
A) Hal.dll
B) Pagefile.sys
C) Ntoskrnl.exe
D) Device drivers
A) Hal.dll
B) Pagefile.sys
C) Ntoskrnl.exe
D) Device drivers
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Match each item with a statement below:
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
Microsoft's utility for protecting drive data
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
Microsoft's utility for protecting drive data
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
A ____ allows you to create a representation of another computer on an existing physical computer.
A) virtual file
B) logic drive
C) logic machine
D) virtual machine
A) virtual file
B) logic drive
C) logic machine
D) virtual machine
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
____ is a batch file containing customized settings for MS-DOS that runs automatically.
A) Autoexec.bat
B) Config.sys
C) Io.sys
D) Command.com
A) Autoexec.bat
B) Config.sys
C) Io.sys
D) Command.com
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Match each item with a statement below:
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
Microsoft's move toward a journaling file system
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
Microsoft's move toward a journaling file system
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
On an NTFS disk, the first data set is the ____________________, which starts at sector [0] of the disk.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Match each item with a statement below:
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
an international data format
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
an international data format
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Match each item with a statement below:
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
unused space in a cluster between the end of an active file and the end of the cluster
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
unused space in a cluster between the end of an active file and the end of the cluster
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Match each item with a statement below:
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
gives an OS a road map to data on a disk
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
gives an OS a road map to data on a disk
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
Match each item with a statement below:
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
concentric circles on a disk platter where data is located
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
concentric circles on a disk platter where data is located
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
In Microsoft file structures, sectors are grouped to form ____________________, which are storage allocation units of one or more sectors.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
The ____ file provides a command prompt when booting to MS-DOS mode (DPMI).
A) Io.sys
B) Autoexec.bat
C) Config.sys
D) Command.com
A) Io.sys
B) Autoexec.bat
C) Config.sys
D) Command.com
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Drive slack includes RAM slack (found primarily in older Microsoft OSs) and ____________________ slack.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
On Windows and DOS computer systems, the ____________________ stores information about partitions on a disk and their locations, size, and other important items.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Match each item with a statement below:
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
ways data can be appended to existing files
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
ways data can be appended to existing files
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Match each item with a statement below:
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
the space between each track
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
the space between each track
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
____ is a hidden text file containing startup options for Windows 9x.
A) Pagefile.sys
B) Hal.dll
C) Msdos.sys
D) Ntoskrnl.exe
A) Pagefile.sys
B) Hal.dll
C) Msdos.sys
D) Ntoskrnl.exe
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
____________________ refers to a disk's structure of platters, tracks, and sectors.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Match each item with a statement below:
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
the unused space between partitions
a.File system
f.NTFS
b.Tracks
g.Unicode
c.Track density
h.Data streams
d.Partition gap
i.BitLocker
e.Drive slack
the unused space between partitions
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
____ is a text file containing commands that typically run only at system startup to enhance the computer's DOS configuration.
A) Autoexec.bat
B) Config.sys
C) BootSect.dos
D) Io.sys
A) Autoexec.bat
B) Config.sys
C) BootSect.dos
D) Io.sys
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
What are some of the features offered by current whole disk encryption tools?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
How are disk clusters numbered by Microsoft file structures?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Briefly explain NTFS compressed files.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
What are BitLocker's current hardware and software requirements?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Describe some of the open source whole disk encryption tools.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
How can you make sure a subject's computer boots to a forensic floppy disk or CD?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
What are logical cluster numbers (LCNs)?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What are some of the components of a disk drive?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
Summarize the evolution of FAT versions.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Briefly describe how to delete FAT files.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
