Practice Library
All MCQs
Browse exam-wise, subject-wise, and country-wise MCQs with explanations.
Choose an option to check your answer.
A.
Keeping logs for a defined period so they remain available for investigation.
B.
Changing original evidence to make it easier to read.
C.
Deleting irrelevant data before documentation.
D.
Replacing legal authorization with technical skill.
Show Answer
Correct Answer: A. Keeping logs for a defined period so they remain available for investigation.
Explanation:
Log retention means keeping logs for a defined period so they remain available for investigation, and it must be handled with proper documentation and evidence integrity.
Choose an option to check your answer.
A.
It helps make the investigation more reliable, controlled, and defensible.
B.
It allows the examiner to ignore chain of custody.
C.
It removes the need for legal authority.
D.
It guarantees that all suspects are guilty.
Show Answer
Correct Answer: A. It helps make the investigation more reliable, controlled, and defensible.
Explanation:
Log retention supports reliable forensic practice by improving control, accuracy, or defensibility.
Choose an option to check your answer.
A.
Linking evidence from multiple sources to support a stronger conclusion.
B.
Changing original evidence to make it easier to read.
C.
Deleting irrelevant data before documentation.
D.
Replacing legal authorization with technical skill.
Show Answer
Correct Answer: A. Linking evidence from multiple sources to support a stronger conclusion.
Explanation:
Artifact correlation means linking evidence from multiple sources to support a stronger conclusion, and it must be handled with proper documentation and evidence integrity.
Choose an option to check your answer.
A.
Graph visualization
B.
Disk wiping
C.
File renaming
D.
Password guessing
Show Answer
Correct Answer: A. Graph visualization
Explanation:
Graph visualization can show relationships among entities.
Choose an option to check your answer.
A.
Education, training, and awareness
B.
Steganography
C.
File wiping
D.
Screen design
Show Answer
Correct Answer: A. Education, training, and awareness
Explanation:
Training supports proper incident and evidence handling.
Choose an option to check your answer.
A.
Dynamic analysis
B.
Hash-only analysis
C.
Paper analysis
D.
Legal review only
Show Answer
Correct Answer: A. Dynamic analysis
Explanation:
Dynamic analysis observes behavior during execution.
Choose an option to check your answer.
A.
Data may be inaccessible without credentials or keys
B.
Evidence becomes automatically public
C.
Hashing becomes impossible forever
D.
Logs become printed
Show Answer
Correct Answer: A. Data may be inaccessible without credentials or keys
Explanation:
Encryption can limit access to stored evidence.
Choose an option to check your answer.
A.
Running processes and active network connections
B.
Printed receipts only
C.
Cable labels only
D.
Monitor serial only
Show Answer
Correct Answer: A. Running processes and active network connections
Explanation:
RAM can contain volatile runtime artifacts.
Choose an option to check your answer.
A.
Anti-forensic activity and alternate evidence sources
B.
Automatic case closure
C.
Evidence is useless always
D.
No reporting needed
Show Answer
Correct Answer: A. Anti-forensic activity and alternate evidence sources
Explanation:
Log deletion may be anti-forensic; other sources may still help.
Choose an option to check your answer.
A.
Standard operating procedure
B.
Random process
C.
Anti-forensic script
D.
User preference
Show Answer
Correct Answer: A. Standard operating procedure
Explanation:
SOPs support consistency and defensibility.
Choose an option to check your answer.
A.
Known files or altered files
B.
Court judge identity
C.
Network cable type
D.
Monitor brightness
Show Answer
Correct Answer: A. Known files or altered files
Explanation:
Hash comparison can identify known files or integrity differences.
Choose an option to check your answer.
A.
Evidence management
B.
Data wiping
C.
Wireless scanning
D.
Code compilation
Show Answer
Correct Answer: A. Evidence management
Explanation:
Labels help track and manage evidence.