Which Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other
... [Show More] to determine the correlation across one or multiple fields?
graph-based approach
rule-based approach
field-based approach
automated field correlation
D
Minimizing the tangible and intangible losses to the organization or an individual is considered an essential computer forensics use.
A. True
B. False
A
Which field type refers to the volume descriptor as a primary?
A. Number 2
B. Number 0
C. Number 1
D. Number 3
C
This phase of EFI consists of initialization code that the system executes after powering the EFI system on. It manages platform reset events and sets the system so that it can find, validate, install, and run the PEI.
A. SEC
B. PEI
C. DXE
D. BDS
E. RT
A
Most of the initialization happens in this phase. Using the Hand-Off Block List (HOBL), it initializes the entire system physical memory, I/O, and MIMO (Memory Mapped Input Output) resources and finally begins dispatching DXE Drivers present in the system Firmware Volumes (given in the HOBL). The DXE core produces a set of EFI Boot Services and EFI Runtime Services. The EFI Boot Services provided are allocating memory and loading executable images. The EFI Runtime services provided are converting memory addresses from physical to virtual while handing over to the kernel, and resetting the CPU, to code running within the EFI environment or within the OS kernel once the CPU takes the control of the system.
A. SEC
B. PEI
C. DXE
D. BDS
E. RT
C
This phase initializes the CPU, temporary memory, and boot firmware volume (BFV). It locates and executes the Pre Initialization chapters (PEIMs) present in the BFV so as to initialize all the found hardware in the system. Finally, it creates a Hand-Off Block List with all found resources interface descriptors and passes it to the next phase i.e. the DXE phase.
A. SEC
B. PEI
C. DXE
D. BDS
E. RT
B
In this phase, the BDS interprets the boot configuration data and selects the Boot Policy for later implementation. This phase works with the DXE to check if the device drivers require signature verification.In this phase, the system loads MBR boot code into memory for Legacy BIOS Boot or loads the Bootloader program from the EFI partition for UEFI Boot. It also provides an option for the user to choose EFI Shell or an UEFI application as the Boot Device from the Setup.
A. SEC
B. PEI
C. DXE
D. BDS
E. RT
D
At this point, the system clears the UEFI program from memory and transfers it to the OS. During UEFI BIOS update the OS calls the run time service using a small part of the memory.
A. SEC
B. PEI
C. DXE
D. BDS
E. RT
E
Which of the following basic partitioning tools displays details about GPT partition tables in Windows OS?
A. DiskPart
B. Gparted
C. Disk Utility
D. Fdisk
A
How large is the partition table structure that stores information about the partitions present on the hard disk?
A. 32-byte
B. 64-bit
C. 64-byte
D. 32-bit
C
How many bits are used by the MBR partition scheme for storing LBAs (Logical Block Addresses) and the size information on a 512-byte sector?
A. 128
B. 64
C. 256
D. 32
D
Which of the following basic partitioning tools displays details about GPT partition tables in Windows OS?
A. DiskPart
B. Gparted
C. Disk Utility
D. Fdisk
A
What component of a typical FAT32 file system consists of data that the document framework uses to get to the volume and utilizes the framework parcel to stack the working portion documents?
A. Boot Sector
B. FAT Area
C. Data Area
D. Reserved Area
A
Which file system used in Linux was developed by Stephen Tweedie in 2001 as a journaling file system that improves reliability of the system?
A. Ext2
B. Ext
C. Ext4
D. Ext3
D
How many bit values does HFS use to address allocation blocks?
A. 8
B. 16
C. 64
D. 32
B
Striped set (min 2 disks) w/o parity and no fault tolerance. Any disk failure destroys the array.
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
A
Mirrored set (min 2 disks) w/o parity. Provides fault tolerance from disk errors and single disk failure.
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
B
Hamming Code Parity - Disks are synchronized and striped in very small stripes, often in single bytes/words.
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
D
Striped set with dedicated parity or bit interleaved parity or byte level parity. - This mechanism provides an improved performance and fault tolerance similar to RAID 5, but with a dedicated parity disk rather than rotated parity stripes.
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
E
Block level parity - Identical to RAID 3, but does block-level striping instead of byte-level striping. In this setup, files can be distributed between multiple disks. Each disk operates independently which allows I/O requests to be performed in parallel.
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
F
The most popular fault-tolerant data storage technique in use today, writes data in small blocks across several disks. At the same time, it writes parity error checking information among several disks.
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
G
Striped set with dual distributed parity. - Provides fault tolerance from two drive failures; array continues to operate with up to two failed drives. This makes larger RAID groups more practical, especially for high availability systems.
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
H
A technique that combines multiple disk drives into a logical unit (RAID set) and provides protection, performance, or both. Can be hardware or software implementation.
A. RAID
B. Parity
C. Striping
D. Recursive
A
Uses striping, provides all performance and no fault tolerance.
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
A
Uses mirroring, provides fault tolerance. Data is duplicated.Every write manifests as two I/O operations (2 disk writes)
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
B
Nested RAID - Uses both striping and mirroring to provide fast performance as well as fault tolerance. Most expensive, requires the most storage.
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
C
Striped set with parallel access and dedicated parity disk. Old technology, strange, and specific.Only useful for LARGE sequential I/O (backups, etc.)
A. Raid 0
B. Raid 1
C. Raid 10
D. Raid 2
E. Raid 3
F. Raid 4
G. Raid 5
H. Raid 6
E [Show Less]