Forensics and Network Intrusion – C702 Exam | 2025/2026
Latest Edition | Verified Questions with Correct Answers |
Graded A+
Which of the following Federal Rules of Evidence contains Rulings on Evidence? -
CORRECT ANSWER=Rule 103
What are the five UEFI Boot Process Phases - CORRECT ANSWER=Security
Phase
Pre-EFI Initialization Phase
Driver Execution Phase
Boot Device Selection Phase
Run Time Phase
Warm booting - CORRECT ANSWER=Describes when the user restarts the
system via the operating system.
Windows 8 - CORRECT ANSWER=Power on and starts up using either the
traditional BIOS-MBR method or the newer UEFI-GPT method.
PEI (Pre-EFI Initialization) Phase - CORRECT ANSWER=Phase of EFI
consisting of initializing the CPU, temporary memory, and boot firmware volume;
locating and executing chapters to initialize all found hardware; and creating a
Hand-Off Block List with all found resources interface descriptors.
DiskPart - CORRECT ANSWER=Basic partitioning tool that displays details
about the GPT partition tables in Windows OS.
,Bootloader Stage - CORRECT ANSWER=The initial stage of the boot process
that loads the operating system.
Boot Sector - CORRECT ANSWER=A component of a typical FAT32 file system
that contains data used to access the volume and load working portion documents.
Ntfs.sys - CORRECT ANSWER=The computer system file driver for NTFS
architecture.
Virtual File System (VFS) - CORRECT ANSWER=An abstract layer that resides
on top of a complete file system, allowing client applications to access various file
systems.
Revision Level - CORRECT ANSWER=Information held by the superblock that
contains major and minor items to determine supported features of the file system.
Which of the following stakeholders is responsible for conducting forensic
examinations against allegations made regarding wrongdoings, found
vulnerabilities, and attacks over the cloud? - CORRECT ANSWER=Investigators
:Which of the two parts of the Linux file system architecture has the memory space
where the system supplies all services through an executed system call? -
CORRECT ANSWER=Kernel Space
Which tool helps collect information about network connections operative in a
Windows system? - CORRECT ANSWER=netstat
,:How many bytes does a directory entry have allotted for each file and directory in
the FAT file system? - CORRECT ANSWER=32 bytes
How many bytes is each partition entry in GPT? - CORRECT ANSWER=128
bytes
What component of a typical FAT32 file system contains a Volume Boot Record
that comprises the BIOS Parameter Block (BPB) including basic file system
information, such as file system type, pointers to the position of the other sections,
and the OS's boot loader code? - CORRECT ANSWER=reserved area
What component of a typical FAT32 file system contains duplicates of the File
Allocation Table to help the system check for empty or idle spaces, and contains
detailed information about clusters and their contents, including files and
directories? - CORRECT ANSWER=FAT area
What information held by the superblock allows the mounting software to verify
the superblock for the EXT2 file system? - CORRECT ANSWER=Magic number
:What is a CompuServe-generated format from 1987 that uses lossless data
compression techniques, maintaining the visual quality of the image? - CORRECT
ANSWER=GIF
How many bit values does HFS use to address allocation blocks? - CORRECT
ANSWER=16 bits
Which command from The Sleuth Kit (TSK) displays details of a metadata
structure such as inode? - CORRECT ANSWER=istat
, On Macintosh computers, which architecture utilizes Open Firmware to initialize
the hardware interfaces after the BootROM performs POST? - CORRECT
ANSWER=Power-PC
What is a common technique used to distribute malware on the web by mimicking
legitimate institutions in an attempt to steal passwords, credit cards, and bank
account data? - CORRECT ANSWER=Spearphishing
How large is the partition table structure that stores information about the partitions
present on the hard disk? - CORRECT ANSWER=64 bytes
On Macintosh computers, which architecture utilizes EFI to initialize the hardware
interfaces after the BootROM performs POST? - CORRECT ANSWER=Intel-
based Macintosh Computers
:What component of a typical FAT32 file system occupies the largest part of a
partition and stores the actual files and directories? - CORRECT ANSWER=Data
Area
What is a technology that uses multiple smaller disks simultaneously that function
as a single large volume? - CORRECT ANSWER=RAID
What is the maximum file system size in ext3? - CORRECT ANSWER=32 TB
What is the maximum file system size in ext4? - CORRECT ANSWER=1 EiB
Latest Edition | Verified Questions with Correct Answers |
Graded A+
Which of the following Federal Rules of Evidence contains Rulings on Evidence? -
CORRECT ANSWER=Rule 103
What are the five UEFI Boot Process Phases - CORRECT ANSWER=Security
Phase
Pre-EFI Initialization Phase
Driver Execution Phase
Boot Device Selection Phase
Run Time Phase
Warm booting - CORRECT ANSWER=Describes when the user restarts the
system via the operating system.
Windows 8 - CORRECT ANSWER=Power on and starts up using either the
traditional BIOS-MBR method or the newer UEFI-GPT method.
PEI (Pre-EFI Initialization) Phase - CORRECT ANSWER=Phase of EFI
consisting of initializing the CPU, temporary memory, and boot firmware volume;
locating and executing chapters to initialize all found hardware; and creating a
Hand-Off Block List with all found resources interface descriptors.
DiskPart - CORRECT ANSWER=Basic partitioning tool that displays details
about the GPT partition tables in Windows OS.
,Bootloader Stage - CORRECT ANSWER=The initial stage of the boot process
that loads the operating system.
Boot Sector - CORRECT ANSWER=A component of a typical FAT32 file system
that contains data used to access the volume and load working portion documents.
Ntfs.sys - CORRECT ANSWER=The computer system file driver for NTFS
architecture.
Virtual File System (VFS) - CORRECT ANSWER=An abstract layer that resides
on top of a complete file system, allowing client applications to access various file
systems.
Revision Level - CORRECT ANSWER=Information held by the superblock that
contains major and minor items to determine supported features of the file system.
Which of the following stakeholders is responsible for conducting forensic
examinations against allegations made regarding wrongdoings, found
vulnerabilities, and attacks over the cloud? - CORRECT ANSWER=Investigators
:Which of the two parts of the Linux file system architecture has the memory space
where the system supplies all services through an executed system call? -
CORRECT ANSWER=Kernel Space
Which tool helps collect information about network connections operative in a
Windows system? - CORRECT ANSWER=netstat
,:How many bytes does a directory entry have allotted for each file and directory in
the FAT file system? - CORRECT ANSWER=32 bytes
How many bytes is each partition entry in GPT? - CORRECT ANSWER=128
bytes
What component of a typical FAT32 file system contains a Volume Boot Record
that comprises the BIOS Parameter Block (BPB) including basic file system
information, such as file system type, pointers to the position of the other sections,
and the OS's boot loader code? - CORRECT ANSWER=reserved area
What component of a typical FAT32 file system contains duplicates of the File
Allocation Table to help the system check for empty or idle spaces, and contains
detailed information about clusters and their contents, including files and
directories? - CORRECT ANSWER=FAT area
What information held by the superblock allows the mounting software to verify
the superblock for the EXT2 file system? - CORRECT ANSWER=Magic number
:What is a CompuServe-generated format from 1987 that uses lossless data
compression techniques, maintaining the visual quality of the image? - CORRECT
ANSWER=GIF
How many bit values does HFS use to address allocation blocks? - CORRECT
ANSWER=16 bits
Which command from The Sleuth Kit (TSK) displays details of a metadata
structure such as inode? - CORRECT ANSWER=istat
, On Macintosh computers, which architecture utilizes Open Firmware to initialize
the hardware interfaces after the BootROM performs POST? - CORRECT
ANSWER=Power-PC
What is a common technique used to distribute malware on the web by mimicking
legitimate institutions in an attempt to steal passwords, credit cards, and bank
account data? - CORRECT ANSWER=Spearphishing
How large is the partition table structure that stores information about the partitions
present on the hard disk? - CORRECT ANSWER=64 bytes
On Macintosh computers, which architecture utilizes EFI to initialize the hardware
interfaces after the BootROM performs POST? - CORRECT ANSWER=Intel-
based Macintosh Computers
:What component of a typical FAT32 file system occupies the largest part of a
partition and stores the actual files and directories? - CORRECT ANSWER=Data
Area
What is a technology that uses multiple smaller disks simultaneously that function
as a single large volume? - CORRECT ANSWER=RAID
What is the maximum file system size in ext3? - CORRECT ANSWER=32 TB
What is the maximum file system size in ext4? - CORRECT ANSWER=1 EiB
