Practice Library
All MCQs
Browse exam-wise, subject-wise, and country-wise MCQs with explanations.
Choose an option to check your answer.
A.
Communication endpoints
B.
Hard disk serial only
C.
Monitor size
D.
Printed signature
Show Answer
Correct Answer: A. Communication endpoints
Explanation:
Network metadata can identify endpoints involved in communication.
Choose an option to check your answer.
A.
Incomplete acquisition
B.
Better reliability
C.
Increased integrity
D.
Automatic admissibility
Show Answer
Correct Answer: A. Incomplete acquisition
Explanation:
A forensic acquisition should capture relevant storage areas completely.
Choose an option to check your answer.
A.
Analysis
B.
Packaging only
C.
Advertising
D.
Formatting
Show Answer
Correct Answer: A. Analysis
Explanation:
Analysis interprets evidence in relation to investigative questions.
Choose an option to check your answer.
A.
State limitations clearly
B.
Hide limitations
C.
Invent missing evidence
D.
Modify logs
Show Answer
Correct Answer: A. State limitations clearly
Explanation:
Professional reports should include limitations and confidence boundaries.
Choose an option to check your answer.
A.
To make findings understandable and defensible
B.
To confuse readers
C.
To avoid accountability
D.
To replace evidence
Show Answer
Correct Answer: A. To make findings understandable and defensible
Explanation:
A complete report supports review and decision-making.
Choose an option to check your answer.
A.
Quickly prioritizing devices or evidence sources for deeper analysis.
B.
Changing original evidence to make it easier to read.
C.
Deleting irrelevant data before documentation.
D.
Replacing legal authorization with technical skill.
Show Answer
Correct Answer: A. Quickly prioritizing devices or evidence sources for deeper analysis.
Explanation:
Forensic triage means quickly prioritizing devices or evidence sources for deeper analysis, and it must be handled with proper documentation and evidence integrity.
Choose an option to check your answer.
A.
Deleted content may remain until overwritten
B.
Deleted files always vanish instantly
C.
RAM stores all deleted files permanently
D.
File recovery is illegal always
Show Answer
Correct Answer: A. Deleted content may remain until overwritten
Explanation:
Unallocated space may contain remnants of deleted files.
Choose an option to check your answer.
A.
Attribution and traffic tracing become more difficult
B.
Evidence disappears from all devices
C.
Forensic imaging becomes unnecessary
D.
Hashing becomes invalid
Show Answer
Correct Answer: A. Attribution and traffic tracing become more difficult
Explanation:
Anonymity systems can complicate attribution.
Choose an option to check your answer.
A.
It helps make the investigation more reliable, controlled, and defensible.
B.
It allows the examiner to ignore chain of custody.
C.
It removes the need for legal authority.
D.
It guarantees that all suspects are guilty.
Show Answer
Correct Answer: A. It helps make the investigation more reliable, controlled, and defensible.
Explanation:
Forensic triage supports reliable forensic practice by improving control, accuracy, or defensibility.
Choose an option to check your answer.
A.
Embedded or hardware-level forensics
B.
Social media design
C.
DNS marketing
D.
Office management
Show Answer
Correct Answer: A. Embedded or hardware-level forensics
Explanation:
Specialized embedded or chip-level methods may be needed.
Choose an option to check your answer.
A.
Whether evidence was altered or time zones were misinterpreted
B.
Whether fonts changed
C.
Whether monitor brightness changed
D.
Whether keyboard was cleaned
Show Answer
Correct Answer: A. Whether evidence was altered or time zones were misinterpreted
Explanation:
Unexpected timestamps require validation and timeline review.
Choose an option to check your answer.
A.
Reconstructing user and administrative actions
B.
Changing evidence
C.
Printing posters
D.
Repairing hardware
Show Answer
Correct Answer: A. Reconstructing user and administrative actions
Explanation:
Audit trails can show cloud activity.