Practice Library
All MCQs
Browse exam-wise, subject-wise, and country-wise MCQs with explanations.
Choose an option to check your answer.
Correct Answer: A. To support stored activity evidence during an investigation.
Explanation:
The purpose of cache artifact is connected with stored activity evidence, not with altering or avoiding evidence procedures.
Choose an option to check your answer.
Correct Answer: A. Document the process and preserve evidence integrity.
Explanation:
Forensic work requires documentation and preservation of evidence integrity, especially when handling encryption challenge.
Choose an option to check your answer.
Correct Answer: A. Analyzing email headers, content, attachments, and routing information.
Explanation:
Email forensics refers to analyzing email headers, content, attachments, and routing information.
Choose an option to check your answer.
Correct Answer: A. To support cloud evidence investigation during an investigation.
Explanation:
The purpose of cloud forensics is connected with cloud evidence investigation, not with altering or avoiding evidence procedures.
Choose an option to check your answer.
Correct Answer: A. Document the process and preserve evidence integrity.
Explanation:
Forensic work requires documentation and preservation of evidence integrity, especially when handling cache artifact.
Choose an option to check your answer.
Correct Answer: A. Hiding information inside another file or medium.
Explanation:
Steganography refers to hiding information inside another file or medium.
Choose an option to check your answer.
Correct Answer: A. To support persistent storage data during an investigation.
Explanation:
The purpose of non-volatile data is connected with persistent storage data, not with altering or avoiding evidence procedures.
Choose an option to check your answer.
Correct Answer: A. Document the process and preserve evidence integrity.
Explanation:
Forensic work requires documentation and preservation of evidence integrity, especially when handling file carving.
Choose an option to check your answer.
Correct Answer: A. Reviewing system or application records to identify events and actions.
Explanation:
Log analysis refers to reviewing system or application records to identify events and actions.
Choose an option to check your answer.
Correct Answer: A. Document the process and preserve evidence integrity.
Explanation:
Forensic work requires documentation and preservation of evidence integrity, especially when handling non-volatile data.
Choose an option to check your answer.
Correct Answer: A. Attempting to restore files removed from the file system but still present on storage.
Explanation:
Deleted file recovery refers to attempting to restore files removed from the file system but still present on storage.
Choose an option to check your answer.
Correct Answer: A. To support event record examination during an investigation.
Explanation:
The purpose of log analysis is connected with event record examination, not with altering or avoiding evidence procedures.