Question 1

What file is used to store any file information that is not in the MDB or a VCB?&#8203;&#10;A)&#8203;page file&#10;B)&#8203;metadata database file&#10;C)slack file&#10;D)extents overflow file

Accepted Answer

The extents overflow file is used to store any file information that is not in the MDB (Master Database) or a VCB (Volume Control Block). This is because the MDB and VCB have limited storage capacity for file metadata, and additional information is stored in the extents overflow file.

Question 2

Adding the _____________ flag to the &#8203;ls -l command has the effect of of showing all files beginning with the &#34;.&#34; character in addition to other files.&#10;A)-s&#8203;&#10;B)&#8203;-d&#10;C)-l&#10;D)-a

Accepted Answer

Adding the "-a" flag to the ls -l command shows all files, including hidden files that start with a "." character.

Question 3

If a file has 510 bytes of data, what is byte 510?&#8203;&#10;A)&#8203;The physical EOF.&#10;B)&#8203;The logical EOF.&#10;C)The terminating EOF.&#10;D)The end of the sector.

Accepted Answer

The logical EOF (End of File) is the point at which no more data can be read from a file. Byte 510 is the last byte of data, marking the logical EOF.

Question 4

&#8203;What command below will create a symbolic link to a file?&#10;A)&#8203;ln -s&#10;B)&#8203;ls -ia&#10;C)ln -l&#10;D)ls -h

Accepted Answer

The command "ln -s" is used to create a symbolic link to a file. The "-s" option specifies that a symbolic link should be created instead of a hard link.

Question 5

Capitalization, or lack thereof, makes no difference with UNIX and Linux commands.&#8203;

Accepted Answer

UNIX and Linux commands are case-sensitive, meaning capitalization does matter.

Question 6

Select below the command that can be used to display bad block information on a Linux file system, but also has the capability to destroy valuable information.&#8203;&#10;A)&#8203;dd&#10;B)&#8203;fdisk&#10;C)badblocks&#10;D)mke2fs

Accepted Answer

The badblocks command can be used to display information about bad blocks on a Linux file system, but it also has the capability to overwrite or destroy data on the disk. Therefore, it should be used with caution and only when it is absolutely necessary. dd, fdisk, and mke2fs are not designed specifically for detecting or handling bad blocks, so they do not pose the same risk of data loss.

Question 7

The Mac OS reduces file fragmentation by using _______________.&#10;A)&#8203;inodes&#10;B)&#8203;superblocks&#10;C)clumps&#10;D)chunks

Accepted Answer

The Mac OS reduces file fragmentation by using a technique called clumping. Clumps are groups of sectors on a volume, and when a new file is created, the file system attempts to find a contiguous range of clumps for it to occupy. This reduces fragmentation by keeping related data together on the disk. Inodes and superblocks are data structures used by file systems in general and are not specific to the Mac OS. Chunks is not a commonly used term in file systems.

Question 8

Who is the current maintainer of the Linux kernel?&#8203;&#10;A)&#8203;Tim Cook&#10;B)&#8203;Eric Shmidt&#10;C)Linus Torvalds&#10;D)Lennart Poettering

Accepted Answer

Linus Torvalds is the original creator of Linux and is still the principal developer and maintainer of the Linux kernel.

Question 9

The term &#34;kernel&#34; is often used when discussing Linux because technically, Linus is only the core of the OS.&#8203;

Accepted Answer

The kernel is the core of the Linux operating system, and the term is often used to refer to it.

Question 10

What type of block does a UNIX&#8203;/ Linux computer only have one of?&#8203;&#10;A)&#8203;boot block&#10;B)&#8203;data block&#10;C)inode block&#10;D)superblock

Accepted Answer

A UNIX/Linux computer only has one boot block, which contains the information needed to boot the operating system. The data block, inode block, and superblock are all types of blocks that exist in multiple copies on the file system.

Question 11

In a B*-tree file system, what node stores link information to previous and next nodes?&#8203;&#10;A)&#8203;inode&#10;B)&#8203;header node&#10;C)index node&#10;D)map node

Accepted Answer

The answer of In a B*-tree file system, what node...

Question 12

Linux is a certified UNIX operating system.&#8203;

Accepted Answer

The answer of Linux is a certified UNIX operating system.&#8203;...

Question 13

The ______________ command can be used to see network interfaces.&#8203;&#10;A)&#8203;ifconfig&#10;B)&#8203;ipconfig&#10;C)show interfaces&#10;D)show ip brief

Accepted Answer

The answer of The ______________ command can be used to...

Question 14

________________ is a specialized carving tool that can read many image file formats, such as RAW and Expert Witness.&#8203;&#10;A)&#8203;AccessData FTK&#10;B)&#8203;X-Ways Forensics&#10;C)Guidance Software EnCase&#10;D)Foremost

Accepted Answer

The answer of ________________ is a specialized carving tool that...

Question 15

What file under the &#8203;/ etc folder contains the hashed passwords for a local system?&#8203;&#10;A)&#8203;passwd&#10;B)&#8203;hashes&#10;C)shadow&#10;D)users

Accepted Answer

The answer of What file under the &#8203;/ etc folder...

Question 16

&#8203;On Mac OS X systems, what utility can be used to encrypt &#8203;/ decrypt a user's home directory?&#10;A)&#8203;Disk Utility&#10;B)&#8203;BitLocker&#10;C)FileVault&#10;D)iCrypt

Accepted Answer

The answer of &#8203;On Mac OS X systems, what utility...

Question 17

The only pieces of metadata not in an inode are the filename and path.&#8203;

Accepted Answer

The answer of The only pieces of metadata not in...

Question 18

In UNIX and Linux, everything except monitors are considered files.&#8203;

Accepted Answer

The answer of In UNIX and Linux, everything except monitors...

Question 19

What is the minimum size of a block in UNIX&#8203;/ Linux filesystems?&#8203;&#10;A)&#8203;128 bytes&#10;B)&#8203;512 bytes&#10;C)1024 bits&#10;D)2048 bits

Accepted Answer

The answer of What is the minimum size of a...

Question 20

As part of a forensics investigation, you need to recover the logon and logoff history information on a Linux based OS. Where can this information be found?&#8203;&#10;A)&#8203;&#8203;/ var&#8203;/ log&#8203;/ utmp&#10;B)&#8203;&#8203;/ var&#8203;/ log&#8203;/ wtmp&#10;C)&#8203;/ var&#8203;/ log&#8203;/ userlog&#10;D)&#8203;/ var&#8203;/ log&#8203;/ system.log

Accepted Answer

The answer of As part of a forensics investigation, you...

Question 21

Match each term with its definition:&#10;&#10;-?A node that stores information about B*-tree file.&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-?A node...

Question 22

Match each term with its definition:&#10;&#10;-?A key part of the Linux file system, these informatuin nodes contain descriptive file or directory data, such as UIDS, GIDs, modification times, access times, creation times, and file locations.&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-?A key...

Question 23

Since Mac OS 8.6, _______________ have been available for use in managing passwords for applications, web sites, and other system files.&#8203;

Accepted Answer

The answer of Since Mac OS 8.6, _______________ have been...

Question 24

A hash that begins with &#34;$6&#34; in the shadow file indicates that it is a hash from what hashing algorithm? &#8203;&#10;A)&#8203;MD5&#10;B)&#8203;Blowfish&#10;C)SHA-1&#10;D)SHA-512

Accepted Answer

The answer of A hash that begins with &#34;$6&#34; in...

Question 25

Linux supports a wide range of file systems. Distinguish the three Extended File Systems of Linux.&#8203;

Accepted Answer

The answer of Linux supports a wide range of file...

Question 26

What information below is not included within an inode??&#10;A)?The mode and type of the file or directory&#10;B)?The number of links to a file or directory&#10;C)The file's or directory's last access time and last modified time&#10;D)The file's or directory's path&#10;&#10;

Accepted Answer

The answer of What information below is not included within...

Question 27

Match each term with its definition:&#10;&#10;-?A block in the Linux file system that specifies and keep tracks of the disk geometry and available space and manages the file system.&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-?A block...

Question 28

Within the &#8203;/ etc&#8203;/ shadow file, what field contains the password hash for a user account if one exists?&#8203;&#10;A)&#8203;1st field&#10;B)&#8203;2nd field&#10;C)3rd field&#10;D)4th field

Accepted Answer

The answer of Within the &#8203;/ etc&#8203;/ shadow file, what...

Question 29

Match each term with its definition:&#10;&#10;-The part of a Mac file containing file metadata and application information, such as menus, dialog boxes, icons, executable code, and controls. Also contains resource map and header information, window locations, and icons. ?&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-The part...

Question 30

What are bad blocks, and how do you find them?&#8203;

Accepted Answer

The answer of What are bad blocks, and how do...

Question 31

An assigned inode has _____ pointers that link to data blocks and other pointers where files are stored.&#8203;

Accepted Answer

The answer of An assigned inode has _____ pointers that...

Question 32

Match each term with its definition:&#10;&#10;-?A Mac file that organizes the directory hierarchy and file block mapping for File Manager.&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-?A Mac...

Question 33

Match each term with its definition:&#10;&#10;-An area of the Mac file system containing information from the Master Directory Block.?&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-An area...

Question 34

Match each term with its definition:&#10;&#10;-?The part of a Mac file containing the file's actual data, both user-created data and data written by applications, as well as a resouce map and header information, window locations, and icons.&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-?The part...

Question 35

&#8203;________________ contain file and directory metadata and provide a mechanism for linking data stored in data blocks.&#10;A)&#8203;Blocks&#10;B)&#8203;Clusters&#10;C)Inodes&#10;D)Plist files

Accepted Answer

The answer of &#8203;________________ contain file and directory metadata and...

Question 36

________ links are simply pointers to other files and aren't included in the link count.&#8203;

Accepted Answer

The answer of ________ links are simply pointers to other...

Question 37

Where is the root user's home directory located on a Mac OS X file system?&#8203;&#10;A)&#8203;&#8203;/ root&#10;B)&#8203;&#8203;/ private&#8203;/ var&#8203;/ root&#10;C)&#8203;/ private&#8203;/ spool&#8203;/ root&#10;D)&#8203;/ home&#8203;/ root

Accepted Answer

The answer of Where is the root user's home directory...

Question 38

Match each term with its definition:&#10;&#10;-?In the Mac file system, a group of consecutive logical blocks assembled in a volume when a file is saved.&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-?In the...

Question 39

Match each term with its definition:&#10;&#10;-??A block in the Linux file system where directories and files are stored on a drive.&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-??A block...

Question 40

Match each term with its definition:&#10;&#10;-In the Mac file system, a collection of data that can't exceed 512 bytes. Assembled in allocation blocks to store files in a volume.?&#10;A)B*-tree&#10;B)data block&#10;C)logical block&#10;D)inodes&#10;E)Volume Control Block&#10;F)Allocation Block&#10;G)header node&#10;H)data fork&#10;I)superblock&#10;J)resource fork

Accepted Answer

The answer of Match each term with its definition:&#10;&#10;-In the...

Question 41

Explain why one should have Apple factory training before attempting an acquisition on a Mac computer.&#8203;

Accepted Answer

The answer of Explain why one should have Apple factory...

Question 42

&#8203;What is a plist file?

Accepted Answer

The answer of &#8203;What is a plist file?...

Question 43

&#8203;Compare and contrast the data fork and resource fork of a Mac file.

Accepted Answer

The answer of &#8203;Compare and contrast the data fork and...

Question 44

As you've learned, Linux commands use options to create variations of a command. Describe &#8203;the rules for grouping letter arguments.

Accepted Answer

The answer of As you've learned, Linux commands use options...

Question 45

Explain the differences between a hard link and a symbolic link.&#8203;

Accepted Answer

The answer of Explain the differences between a hard link...

Question 46

After making an acquisition on a Mac computer, the next step is examining the image of the &#64257;le system with a forensics tool. &#8203;Explain how to select the proper forensics tool for the task.

Accepted Answer

The answer of After making an acquisition on a Mac...

Question 47

Describe a tarball.&#8203;

Accepted Answer

The answer of Describe a tarball.&#8203;...

Question 48

UNIX and Linux &#8203;have four components defining the file system. Identify and give a brief description of each.

Accepted Answer

The answer of UNIX and Linux &#8203;have four components defining...

Deck 7: Macintosh and Linux Boot Processes and File Systems