Hello Peers, Today we are going to share all week’s assessment and quizzes answers of the Windows Registry Forensics course launched by Coursera totally free of cost✅✅✅. This is a certification course for every interested student.
In case you didn’t find this course for free, then you can apply for financial ads to get this course for totally free.
Check out this article – “How to Apply for Financial Ads?”
About The Coursera
Coursera, India’s biggest learning platform launched millions of free courses for students daily. These courses are from various recognized universities, where industry experts and professors teach in a very well manner and in a more understandable way.
Here, you will find Windows Registry Forensics Exam Answers in Bold Color which are given below.
These answers are updated recently and are 100% correct✅ answers of all week, assessment, and final exam answers of Windows Registry Forensics from Coursera Free Certification Course.
Use “Ctrl+F” To Find Any Questions Answer. & For Mobile User, You Just Need To Click On Three dots In Your Browser & You Will Get A “Find” Option There. Use These Option to Get Any Random Questions Answer.
About Windows Registry Forensics Course
The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.
Course Apply Link – Windows Registry Forensics
Windows Registry Forensics Quiz Answers
Week 1 Quiz Answers
Quiz 1: Windows Registry Forensics Quiz
Q1. The Windows Registry is defined as
- SQL database
- Central relational database
- Central hierarchical database
- Flat file
Q2. The Windows Registry replaced which type of file?
- Link Files
- Property lists
- Configuration and Initialization files
- Log Files
Q3. What information is NOT contained in the Windows Registry?
- System Information
- Disk structure information
- Application specific information
- user information
Q4. The Windows Registry can be useful for?
- Validating findings through an investigation
- Determining the number of partitions on a drive
- Determining cluster size
- looking up a phone number
Q5. Registry is important because it records?
- installed programs
- user account information
- all of these
- devices attached to the computer
Q6. The type of case you are investigating…
- will determine the type of information you are looking for
- will NOT determine the type of information you are looking for
- only matters if it is a Windows 7 computer
- has nothing to do with the registry
Q7. The Windows Registry contains
- All of these
- Keys
- Hives
- Sub-Keys
- Data
- Values
Q8. The registry hive files are pulled into memory, handle keys, and represented as
- user Keys (UK)
- File Keys (FK)
- Block Keys (BK)
- Handle Keys (HK)
Q9. Which Registry Key is only found on a live running system?
- Security
- Sam
- Hardware
- System
- Software
Q10. Registry values can be in several different forms. Which is not a registry value form?
- Binary Data
- SQL Data
- String Data
- Hex Data
Q11. The user specific registry files contained in the registry are?
- PTUser.reg and user.Dat
- Amcache and Sam
- NTUser.Dat and UsrClass.Dat
- None of the above
Q12. The system specific files contained within the registry are?
- security
- All of these
- AmCache
- software
- Sam
- system
Q13. The Sam, Security, Software, and System Registry files are located at
- Volume root\Windows\Sam\config
- Volume root\Windows\system32\config
- Volume root\WindowsNT\system32\config
- Volume root\system32\user\config
Q14. What are the two registry files that relate to a specific user?
- NTUser.dat and Software
- NTUser.dat and USRClass.dat
- Sam and System
- Sam and Security
Q15. Registry browser is a
- Hex editor
- Registry hive sub-key
- Older type of Windows registry prior to Windows 95
- Specialized tool used to view the Window Registry
Q16. Which sub-key is used to determine the current control set?
- Windows
- System
- Microsoft
- Select
Q17. What registry hive file contains the the time zone setting
- Sam
- Software
- System
- Security
Q18. The Windows OS Version and Install date are contained in the __ registry hive?
- Security
- System
- Software
- Sam
Q19. Regarding the live Windows Registry, which two hive keys or sub keys only exists in the live registry?
- Both A and B
- HKEY_LOCAL_MACHINE—HARDWARE SUBKEY
- None of these
- HKEY_LOCAL_MACHINE-SYSTEM SUBKEY
- HKEY_LOCAL_MACHINE-SAM SUBKEY
- HKEY_CURRENT_USER
Q20. Which two Registry files are not accessible on a live running computer. As seen in Regedit.
- Sam
- Both Security and software
- security
- software
- system
- Both Sam and security
Q21. What Registry sub key contains a list of recently used documents by file extension?
- The Run Sub Once subkey
- The Run MRU subkey
- Recent Docs subkey
- User Assist
Q22. The typed URL subkey contains:
- Recently run applications
- Search terms typed into Windows Explorer
- Programs run at startup
- Web Addresses typed into the Internet Explorer Address Bar
Q23. The values in which key are stored using ROT13
- Run
- Typed URLs
- User Assist
- Recent Applications
Q24. This sub key tracks recently used applications and may contain a record of the files that were opened with each application…
- Run Once
- User Assist
- Recent Apps
- Run MRU
Q25. This subkey tracks user specific, persistent, applications that are set to run at start up?
- Run MRU
- Recent Apps
- Run
- Run Once
Q26. This key tracks files that have been opened or saved within a Windows Open/Save dialog box. This includes web browsers and commonly used applications?
- Run MRU
- ComDlg32 OpenSavePidMRU
- Recent Docs
- Recent Apps
Q27. This key maintains a list of all the values typed into the Run box on the Start menu?
- Run
- Run MRU
- WordWheel Query
- Run Once
Q28. The subkey Typed Paths does what?
- Keeps track of URL typed into the Internet Explorer Address Bar
- Keeps track of Files, Directories, or programs accessed by typing a File path into Windows Explorer
- comdlg 32
- Runs at startup
Q29. Microsoft Office MRU are…
- programs or applications launched through the windows run box
- User specific programs that are set to run at startup with no interaction from
- Recently used Microsoft Office Documents
- created when a user types a path to a directory, file or application into the windows explorer.
Q30. What subkey tracks user key word searches?
- ComDlg32
- Recent Apps
- Run MRU
- WordWheel query
Q31. The SAM file stores what information?
- Information about files and applications recently accessed by a user
- information about the users internet accounts and browser history
- Programs set to Run at startup by a user
- information about each user such as login information, login password hashes, and group information
Q32. The Security identifier SID is comprised of 3 parts…
- Issuing identifier-Domain authority-Machine identifier
- Issuing authority- Machine/domain identifier- Relative identifier
- user name – Profile path- User directory
- All of the above
Q33. The Machine identifier of the local machine is found in the __ subkey
- Users
- Domains
- Groups
- Account
Q34. The relative identifier or RID identifies a?
- User
- Domain
- Group
- Machine
Q35. The Names subkey identifier the user’s name and __ ?
- Relative Identifier
- last logon time
- log on count
- password hash
Q36. The last logon time is stored in the _ subkey?
- Names
- Accounts
- User
- Domains
Q37. The V value of the users subkey contains?
- last logon date and time
- username and password hash
- log on count
- number of failed logon’s
Q38. What is the function of the RunMRU subkey in the Software Hive File?
- all of the above
- This key tracks user searches
- This key shows programs that run at startup
- This key maintains a list of all the values typed into the Run box on the Start menu
Q39. The OpenSavePidMRU sub-key, which is a sub-key of Comdlg 32 tracks … ?
- User logon information and last logged on user
- AutoStart locations
- values typed into the Run box on the Start menu
- A specific executable used to open the files
Q40. Information indicating the last logged on user would be found in which sub-key within the software hive file?
- Comdlg 32
- Classes
- LogonUI
- Run
Q41. _ is an autostart location in the Software Hive File.
- Run Key
- Comdlg 32
- RunMRU
- Installed printers
Q42. Windows OS install date and time would be found in the Software file in which sub-key?
- Run Once
- Winlogon
- Windows
- Current Version
Q43. The network list sub-keys profiles and signatures contain what information?
- Domain user account information
- Wireless network dates and times and gateway MAC address
- Evidence of program execution
- User account information
Q44. In the software hive file, what 2 sub-keys contain information regarding the connection of USB devices?
- Mountpoints and Mountspoints2
- Mountpoints2 and RunMRU
- Devices and EMD Management
- USBStore and USB
Q45. What key within the system file is used to determine the current control set?
- Control
- Prefetch
- Services
- Select
Q46. The last shutdown time is found within which sub-key in the system hive file?
- USBstore
- select
- control
- Windows
Q47. In the system hive, the Windows services sub-key tracks programs that _?
- is not a subkey in the system hive
- run automatically when the system is booted, and are started by the system and with no interaction from the user
- Tracks USB Devices
- Indicates when the system needs service
Q48. What subkey in the system hive file contains settings for the prefetch utility?
- Select
- prefetchParameters
- Windows
- Controlset
Q49. The setting within the system hive file that controls whether or not the page file is cleared at shutdown is _?
- Memory Management
- shutdown
- Crash Control
- select
Q50. What type of information is found at this location in the System hive file
Location:ControlSet001\Enum\USBSTOR\”Device”\”Serial# or Unique instance ID”\Properties{83da6326-97a6-4088-9453-a1923f573b29}
- user account information
- USB device connection and disconnection dates and times
- programs set to run at startup
- prefetch settings
Q51. Appcompatcache was created by Microsoft to identify application compatibility Issues between 32 bit and 64 bit applications. What does the cache data track?
- All of these
- File Path
- Last Modified Time
- File Size
- None of these
Q52. Information found in the Background Activity Moderator (BAM) sub-key proves?
- Program execution by a specific user
- Nothing
- Program execution but not by a specific user
- A change to the file MFT record
Q53. What do Shellbags track?
- Folders or Directories within the windows file system
- File Times
- Recently used applications
- Programs run at startup
Q54. The _ hive file stores artifacts such as the Last write time, Install Dates, Application Name, Version, and path to exe or dill
- The NTUser.dat Hive File
- The AmCache Hive File
- The Sam File
- The System Hive File
Conclusion
Hopefully, this article will be useful for you to find all the Week, final assessment, and Peer Graded Assessment Answers of the Windows Registry Forensics Quiz of Coursera and grab some premium knowledge with less effort. If this article really helped you in any way then make sure to share it with your friends on social media and let them also know about this amazing training. You can also check out our other course Answers. So, be with us guys we will share a lot more free courses and their exam/quiz solutions also, and follow our Techno-RJ Blog for more updates.
Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You clearly know what youre talking about, why throw away your intelligence on just posting videos to your site when you could be giving us something informative to read?
不知道说啥,开心快乐每一天吧!
Wow! This can be one particular of the most helpful blogs We’ve ever arrive across on this subject. Actually Great. I’m also an expert in this topic so I can understand your hard work.
Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me. Anyways, I’m definitely happy I found it and I’ll be book-marking and checking back frequently!
There is noticeably a bundle to know about this. I assume you made certain nice points in features also.
Hi my family member! I wish to say that this post is awesome, great written and come with almost all significant infos. I would like to look more posts like this .
An interesting dialogue is value comment. I think that you must write extra on this matter, it won’t be a taboo subject but usually persons are not enough to talk on such topics. To the next. Cheers
I like this web site very much, Its a rattling nice position to read and incur information. “God cannot alter the past, but historians can.” by Samuel Butler.