- (Exam Topic 1)
Why should you note all cable connections for a computer you want to seize as evidence?

1. A. to know what outside connections existed
2. B. in case other devices were connected
3. C. to know what peripheral devices exist
4. D. to know what hardware existed

Correct Answer: A

- (Exam Topic 3)
Which of the following web browser uses the Extensible Storage Engine (ESE) database format to store browsing records, including history, cache, and cookies?

1. A. Safari
2. B. Mozilla Firefox
3. C. Microsoft Edge
4. D. Google Chrome

Correct Answer: C

- (Exam Topic 2)
Which of the following tool enables data acquisition and duplication?

1. A. Colasoft’s Capsa
2. B. DriveSpy
3. C. Wireshark
4. D. Xplico

Correct Answer: B

- (Exam Topic 2)
When using an iPod and the host computer is running Windows, what file system will be used?

1. A. iPod+
2. B. HFS
3. C. FAT16
4. D. FAT32

Correct Answer: D

- (Exam Topic 2)
When operating systems mark a cluster as used but not allocated, the cluster is considered as

1. A. Corrupt
2. B. Bad
3. C. Lost
4. D. Unallocated

Correct Answer: C