Windows OS Forensics Coursera Quiz Answers

Get All Weeks Windows OS Forensics Coursera Quiz Answers

The Windows OS Forensics course covers windows file systems, Fat32, ExFat, and NTFS. You will learn how these systems store data, what happens when a file gets written to a disc, what happens when a file gets deleted from a disc, and how to recover deleted files.

You will also learn how to correctly interpret the information in the file system data structures, giving the student a better understanding of how these file systems work. This knowledge will enable you to validate the information from multiple forensic tools properly.

Enroll on Coursera

Windows OS Forensics Coursera Quiz Answers

Week 1 Quiz Answers

Quiz 1: Windows OS Forensics Quiz

Q1. How many bits in a byte?

  • 2 bits
  • 4 bits
  • 8 bits
  • 10 bits

Q2. Binary is a base___ numbering system?

  • Base 10
  • Base 16
  • Base 2
  • Base 8

Q3. A bit has __ possible values?

  • 256
  • 2
  • 16
  • 1

Q4. A nybble is __ bytes long?

  • 10
  • 8
  • 4
  • 2

Q5. Hexadecimal is a base _ numbering system?

  • 8
  • 4
  • 2
  • 16

Q6. Data is stored on disk in _ format?

  • Hexadecimal
  • decimal
  • Binary
  • all zeros

Q7. A signed integer is a negative number if __ ?

  • Always
  • if the least significant bit is turned on
  • if the most significant bit is turned off
  • if the most significant bit is turned on

Q8. Little Endiann data is read __ ?

  • only as hexadecimal
  • from right to left
  • from top to bottom
  • from left to right

Q9. Intel processors tend to read data as _?

  • little Endian
  • never
  • Decimal
  • Big Endian

Q10. Low-level formatting is performed by ?

  • The user
  • only the system admin
  • The drive manufactures
  • disk management

Q11. Sectors are usually __ bytes in size ?

  • 2048
  • 512
  • 10000
  • 1024

Q12. _ are the smallest readable unit on a disk?

  • Bytes
  • Nibbles
  • Sectors
  • Clusters

Q13. Sector numbering starts at _ ?

  • 3
  • 1
  • 8
  • 0

Q14. Logical Block Addressing means that ?

  • The sectors are not numbered sequentially
  • Each sector is numbered sequentially starting at 1,2,3,4,…continuing until the end of the disk
  • Each sector is numbered sequentially starting at 0,1,2,3,4,…continuing until the end of the disk.
  • The sectors do not have numbers

Q15. Clusters are a group of __ ?

  • Numbers
  • Physical disks
  • Volumes
  • Sectors

Q16. The master partition table can have up to __ entries?

  • 2
  • 4
  • 8
  • 128

Q17. The master boot record is located at physical sector___ ?

  • 1
  • 3
  • 0
  • 2

Q18. A GPT formatted disk can have up to _ partitions?

  • 1
  • 128
  • 1024
  • 4

Q19. On an MBR formatted disk a partition entry is _ bytes long?

  • 128
  • 12
  • 4
  • 16

Q20. What is located in sector 0 of a disk formatted with GPT partition schema?

  • a GPT header
  • a volume boot record
  • nothing
  • a protective master boot record

Q21. In FAT 32 the root directory is located in ?

  • The system area
  • The data area
  • Logical sector 0
  • At the end of the volume

Q22. The most recent version of FAT is ?

  • FAT 32
  • FAT 12
  • FAT 16
  • exFAT

Q23. What does the FAT table track?

  • Deleted files
  • User names
  • File types
  • Cluster allocation

Q24. To find the number of sectors per cluster you would look at?

  • The root directory
  • The Volume Boot Record

Q25. How many FAT’s would you expect to find on a FAT32 volume?

  • 3
  • 2
  • 1
  • 4

Q26. A FAT32 Root directory entry is __ bytes long?

  • 32
  • 8
  • 16
  • 28

Q27. Every file and folder located in the root of a FAT volume will have ?

  • a dos alias
  • a volume label
  • a long file name
  • an entry in the root directory

Q28. FAT file time is recorded in ?

  • the time zone of the local machine
  • the FAT table
  • UTC
  • the volume boot record

Q29. The long file name attribute byte will always be ?

  • 0x 00
  • 0x E5
  • 0x 0E
  • 0x 0F

Q30. 0x E5 signifies what in the FAT root directory ?

  • an allocated file
  • nothing
  • a deleted file
  • the end of the root directory entries

Q31. In NTFS, everything is stored as a ?

  • file
  • in the system area
  • volume
  • extended logical partition

Q32. The Master file table contains ?

  • only system files for recovery
  • only resident data files
  • only fragmented files
  • a record of every file and folder on the volume including itself

Q33. The MFT Mirror contains ?

  • A full backup of the MFT
  • Is the same as the MFT
  • More records than the MFT
  • A partial backup of the MFT for recovery

Q34. The number of sectors per cluster in an NTFS volume can be found in ?

  • The root Directory
  • The Volume Boot Record
  • The Master file Table
  • The Master Boot Record

Q35. An MFT file record header starts with __ at offset 0?

  • FILE
  • Physical size of the MFT record
  • Sequence Count
  • Allocation status flags

Q36. The starting cluster of this data run (0x 21 55 8b 05) is __ ?

  • 583
  • 4096
  • 1024
  • 1419

Q37. When a file is deleted in NTFS the file record __ ?

  • The record is zeroed out
  • Nothing happens to the file record
  • The allocation flag indicates an allocated file
  • The sequence count is increased by one

Q38. What is not part of the exFAT system area ?

  • Main Boot
  • FAT
  • Backup Boot
  • Cluster Heap

Q39. The exFAT FAT table only tracks ?

  • file allocation
  • fragmented files
  • all files
  • the bitmap

Q40. The exFAT volume boot record is located at ?

  • the root directory
  • cluster 2
  • physical sector 0 of the physical disk
  • logical sector 0 of the volume

Q41. What does NOT happen when you delete a file in exFAT?

  • the bitmap entries are set to 0
  • FAT may or may not be zeroed out
  • Directory entry set type flags set to not in use
  • the data is deleted

Q42. The layout of the registry contains hives, Keys, sub-key, values, and __ ?

  • hexadecimal
  • data
  • users
  • applications

Q43. The file path to the Sam, Security, Software and System files within a forensic image file is ?

  • Users/appdata/config
  • Root/Windows/System32/config
  • Root/WindowsNT/system/config
  • Windows/users/system32/config

Q44. Every _ on a windows system has an NTuser.dat and a Usrclass.dat file ?

  • Log File
  • User
  • System
  • File

Q45. Every _ on a windows system has an NTuser.dat and a Usrclass.dat file ?

  • Recent files accessed
  • Active files and folders
  • Program execution
  • Each user such as login information, login password hashes, and group information

Q46. Time zone information can be found in which registry file ?

  • Software
  • System
  • SAM
  • NTUser.dat

Q47. Recent documents by file type can be found in which registry file?

  • Software
  • NTUser.dat
  • System
  • SAM
Windows OS Forensics Course Review:

In our experience, we suggest you enroll in the Windows OS Forensics courses and gain some new skills from Professionals completely free and we assure you will be worth it.

Windows OS Forensics course is available on Coursera for free, if you are stuck anywhere between a quiz or a graded assessment quiz, just visit Networking Funda to get Windows OS Forensics Coursera Quiz Answers.

Conclusion:

I hope these Windows OS Forensics Coursera Quiz Answers would be useful for you to learn something new from this Course. If it helped you then don’t forget to bookmark our site for more Quiz Answers.

This course is intended for audiences of all experiences who are interested in learning about new skills in a business context; there are no prerequisite courses.

Keep Learning!

Get All Course Quiz Answers of Computer Forensics Specialization

Digital Forensics Concepts Coursera Quiz Answers

Windows OS Forensics Coursera Quiz Answers

Windows Registry Forensics Coursera Quiz Answers

3 Comments

  1. ANSWERS OF Windows OS Forensics Coursera Quiz Answers

    Q1. How many bits in a byte?
    • 8 bits

    Q2. Binary is a base___ numbering system?
    • Base 2

    Q3. A bit has __ possible values?
    • 2

    Q4. A nybble is __ bytes long?
    • 4

    Q5. Hexadecimal is a base _ numbering system?
    • 16

    Q6. Data is stored on disk in _ format?
    • Binary

    Q7. A signed integer is a negative number if __ ?
    • if the most significant bit is turned on

    Q8. Little Endiann data is read __ ?
    • from right to left

    Q9. Intel processors tend to read data as _?
    • little Endian

    Q10. Low-level formatting is performed by ?
    • The drive manufactures

    Q11. Sectors are usually __ bytes in size ?
    • 512

    Q12. _ are the smallest readable unit on a disk?
    • Sectors

    Q13. Sector numbering starts at _ ?
    • 0

    Q14. Logical Block Addressing means that ?
    • Each sector is numbered sequentially starting at 0,1,2,3,4,…continuing until the end of the disk.

    Q15. Clusters are a group of __ ?
    • Sectors

    Q16. The master partition table can have up to __ entries?
    • 4

    Q17. The master boot record is located at physical sector___ ?
    • 0

    Q18. A GPT formatted disk can have up to _ partitions?
    • 128

    Q19. On an MBR formatted disk a partition entry is _ bytes long?
    • 16

    Q20. What is located in sector 0 of a disk formatted with GPT partition schema?
    • a protective master boot record

    Q21. In FAT 32 the root directory is located in ?
    • The data area

    Q22. The most recent version of FAT is ?
    • exFAT

    Q23. What does the FAT table track?

    Cluster allocation

    Q24. To find the number of sectors per cluster you would look at?
    • The Volume Boot Record

    Q25. How many FAT’s would you expect to find on a FAT32 volume?

    • 2

    Q26. A FAT32 Root directory entry is __ bytes long?
    • 32

    Q27. Every file and folder located in the root of a FAT volume will have ?
    • an entry in the root directory

    Q28. FAT file time is recorded in ?
    • UTC

    Q29. The long file name attribute byte will always be ?
    • 0x 0F

    Q30. 0x E5 signifies what in the FAT root directory ?
    • a deleted file

    Q31. In NTFS, everything is stored as a ?
    • file

    Q32. The Master file table contains ?

    • a record of every file and folder on the volume including itself
    Q33. The MFT Mirror contains ?
    • A partial backup of the MFT for recovery

    Q34. The number of sectors per cluster in an NTFS volume can be found in ?
    • The Volume Boot Record

    Q35. An MFT file record header starts with __ at offset 0?
    • FILE

    Q36. The starting cluster of this data run (0x 21 55 8b 05) is __ ?
    • 1419

    Q37. When a file is deleted in NTFS the file record __ ?
    • The sequence count is increased by one

    Q38. What is not part of the exFAT system area ?
    • Cluster Heap

    Q39. The exFAT FAT table only tracks ?
    • fragmented files

    Q40. The exFAT volume boot record is located at ?
    • logical sector 0 of the volume

    Q41. What does NOT happen when you delete a file in exFAT?
    • the data is deleted

    Q42. The layout of the registry contains hives, Keys, sub-key, values, and __ ?
    • data

    Q43. The file path to the Sam, Security, Software and System files within a forensic image file is ?
    • Root/Windows/System32/config

    Q44. Every _ on a windows system has an NTuser.dat and a Usrclass.dat file ?
    • User

    Q45. Every _ on a windows system has an NTuser.dat and a Usrclass.dat file ?
    • Each user such as login information, login password hashes, and group information

    Q46. Time zone information can be found in which registry file ?
    • System

    Q47. Recent documents by file type can be found in which registry file?
    • NTUser.dat

Leave a Reply

Your email address will not be published.

error: Content is protected !!