Windows Registry Forensics Coursera Quiz Answers 2022 | All Weeks Assessment Answers [💯Correct Answer]

by
Windows Registry Forensics Coursera Quiz Answers 2022 | All Weeks Assessment Answers [💯Correct Answer]
Table of Contents

Hello Peers, Today we are going to share all week’s assessment and quizzes answers of the Windows Registry Forensics course launched by Coursera totally free of cost✅✅✅. This is a certification course for every interested student.

In case you didn’t find this course for free, then you can apply for financial ads to get this course for totally free.

Check out this article “How to Apply for Financial Ads?”

About The Coursera

Coursera, India’s biggest learning platform launched millions of free courses for students daily. These courses are from various recognized universities, where industry experts and professors teach in a very well manner and in a more understandable way.

Here, you will find Windows Registry Forensics Exam Answers in Bold Color which are given below.

These answers are updated recently and are 100% correct✅ answers of all week, assessment, and final exam answers of Windows Registry Forensics from Coursera Free Certification Course.

Use “Ctrl+F” To Find Any Questions Answer. & For Mobile User, You Just Need To Click On Three dots In Your Browser & You Will Get A “Find” Option There. Use These Option to Get Any Random Questions Answer.

About Windows Registry Forensics Course

The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.

Course Apply Link – Windows Registry Forensics

Windows Registry Forensics Quiz Answers

Week 1 Quiz Answers

Quiz 1: Windows Registry Forensics Quiz

Q1. The Windows Registry is defined as

  • SQL database
  • Central relational database
  • Central hierarchical database
  • Flat file

Q2. The Windows Registry replaced which type of file?

  • Link Files
  • Property lists
  • Configuration and Initialization files
  • Log Files

Q3. What information is NOT contained in the Windows Registry?

  • System Information
  • Disk structure information
  • Application specific information
  • user information

Q4. The Windows Registry can be useful for?

  • Validating findings through an investigation
  • Determining the number of partitions on a drive
  • Determining cluster size
  • looking up a phone number

Q5. Registry is important because it records?

  • installed programs
  • user account information
  • all of these
  • devices attached to the computer

Q6. The type of case you are investigating…

  • will determine the type of information you are looking for
  • will NOT determine the type of information you are looking for
  • only matters if it is a Windows 7 computer
  • has nothing to do with the registry

Q7. The Windows Registry contains

  • All of these
  • Keys
  • Hives
  • Sub-Keys
  • Data
  • Values

Q8. The registry hive files are pulled into memory, handle keys, and represented as

  • user Keys (UK)
  • File Keys (FK)
  • Block Keys (BK)
  • Handle Keys (HK)

Q9. Which Registry Key is only found on a live running system?

  • Security
  • Sam
  • Hardware
  • System
  • Software

Q10. Registry values can be in several different forms. Which is not a registry value form?

  • Binary Data
  • SQL Data
  • String Data
  • Hex Data

Q11. The user specific registry files contained in the registry are?

  • PTUser.reg and user.Dat
  • Amcache and Sam
  • NTUser.Dat and UsrClass.Dat
  • None of the above

Q12. The system specific files contained within the registry are?

  • security
  • All of these
  • AmCache
  • software
  • Sam
  • system

Q13. The Sam, Security, Software, and System Registry files are located at

  • Volume root\Windows\Sam\config
  • Volume root\Windows\system32\config
  • Volume root\WindowsNT\system32\config
  • Volume root\system32\user\config

Q14. What are the two registry files that relate to a specific user?

  • NTUser.dat and Software
  • NTUser.dat and USRClass.dat
  • Sam and System
  • Sam and Security

Q15. Registry browser is a

  • Hex editor
  • Registry hive sub-key
  • Older type of Windows registry prior to Windows 95
  • Specialized tool used to view the Window Registry

Q16. Which sub-key is used to determine the current control set?

  • Windows
  • System
  • Microsoft
  • Select

Q17. What registry hive file contains the the time zone setting

  • Sam
  • Software
  • System
  • Security

Q18. The Windows OS Version and Install date are contained in the __ registry hive?

  • Security
  • System
  • Software
  • Sam

Q19. Regarding the live Windows Registry, which two hive keys or sub keys only exists in the live registry?

  • Both A and B
  • HKEY_LOCAL_MACHINE—HARDWARE SUBKEY
  • None of these
  • HKEY_LOCAL_MACHINE-SYSTEM SUBKEY
  • HKEY_LOCAL_MACHINE-SAM SUBKEY
  • HKEY_CURRENT_USER

Q20. Which two Registry files are not accessible on a live running computer. As seen in Regedit.

  • Sam
  • Both Security and software
  • security
  • software
  • system
  • Both Sam and security

Q21. What Registry sub key contains a list of recently used documents by file extension?

  • The Run Sub Once subkey
  • The Run MRU subkey
  • Recent Docs subkey
  • User Assist

Q22. The typed URL subkey contains:

  • Recently run applications
  • Search terms typed into Windows Explorer
  • Programs run at startup
  • Web Addresses typed into the Internet Explorer Address Bar

Q23. The values in which key are stored using ROT13

  • Run
  • Typed URLs
  • User Assist
  • Recent Applications

Q24. This sub key tracks recently used applications and may contain a record of the files that were opened with each application…

  • Run Once
  • User Assist
  • Recent Apps
  • Run MRU

Q25. This subkey tracks user specific, persistent, applications that are set to run at start up?

  • Run MRU
  • Recent Apps
  • Run
  • Run Once

Q26. This key tracks files that have been opened or saved within a Windows Open/Save dialog box. This includes web browsers and commonly used applications?

  • Run MRU
  • ComDlg32 OpenSavePidMRU
  • Recent Docs
  • Recent Apps

Q27. This key maintains a list of all the values typed into the Run box on the Start menu?

  • Run
  • Run MRU
  • WordWheel Query
  • Run Once

Q28. The subkey Typed Paths does what?

  • Keeps track of URL typed into the Internet Explorer Address Bar
  • Keeps track of Files, Directories, or programs accessed by typing a File path into Windows Explorer
  • comdlg 32
  • Runs at startup

Q29. Microsoft Office MRU are…

  • programs or applications launched through the windows run box
  • User specific programs that are set to run at startup with no interaction from
  • Recently used Microsoft Office Documents
  • created when a user types a path to a directory, file or application into the windows explorer.

Q30. What subkey tracks user key word searches?

  • ComDlg32
  • Recent Apps
  • Run MRU
  • WordWheel query

Q31. The SAM file stores what information?

  • Information about files and applications recently accessed by a user
  • information about the users internet accounts and browser history
  • Programs set to Run at startup by a user
  • information about each user such as login information, login password hashes, and group information

Q32. The Security identifier SID is comprised of 3 parts…

  • Issuing identifier-Domain authority-Machine identifier
  • Issuing authority- Machine/domain identifier- Relative identifier
  • user name – Profile path- User directory
  • All of the above

Q33. The Machine identifier of the local machine is found in the __ subkey

  • Users
  • Domains
  • Groups
  • Account

Q34. The relative identifier or RID identifies a?

  • User
  • Domain
  • Group
  • Machine

Q35. The Names subkey identifier the user’s name and __ ?

  • Relative Identifier
  • last logon time
  • log on count
  • password hash

Q36. The last logon time is stored in the _ subkey?

  • Names
  • Accounts
  • User
  • Domains

Q37. The V value of the users subkey contains?

  • last logon date and time
  • username and password hash
  • log on count
  • number of failed logon’s

Q38. What is the function of the RunMRU subkey in the Software Hive File?

  • all of the above
  • This key tracks user searches
  • This key shows programs that run at startup
  • This key maintains a list of all the values typed into the Run box on the Start menu

Q39. The OpenSavePidMRU sub-key, which is a sub-key of Comdlg 32 tracks … ?

  • User logon information and last logged on user
  • AutoStart locations
  • values typed into the Run box on the Start menu
  • A specific executable used to open the files

Q40. Information indicating the last logged on user would be found in which sub-key within the software hive file?

  • Comdlg 32
  • Classes
  • LogonUI
  • Run

Q41. _ is an autostart location in the Software Hive File.

  • Run Key
  • Comdlg 32
  • RunMRU
  • Installed printers

Q42. Windows OS install date and time would be found in the Software file in which sub-key?

  • Run Once
  • Winlogon
  • Windows
  • Current Version

Q43. The network list sub-keys profiles and signatures contain what information?

  • Domain user account information
  • Wireless network dates and times and gateway MAC address
  • Evidence of program execution
  • User account information

Q44. In the software hive file, what 2 sub-keys contain information regarding the connection of USB devices?

  • Mountpoints and Mountspoints2
  • Mountpoints2 and RunMRU
  • Devices and EMD Management
  • USBStore and USB

Q45. What key within the system file is used to determine the current control set?

  • Control
  • Prefetch
  • Services
  • Select

Q46. The last shutdown time is found within which sub-key in the system hive file?

  • USBstore
  • select
  • control
  • Windows

Q47. In the system hive, the Windows services sub-key tracks programs that _?

  • is not a subkey in the system hive
  • run automatically when the system is booted, and are started by the system and with no interaction from the user
  • Tracks USB Devices
  • Indicates when the system needs service

Q48. What subkey in the system hive file contains settings for the prefetch utility?

  • Select
  • prefetchParameters
  • Windows
  • Controlset

Q49. The setting within the system hive file that controls whether or not the page file is cleared at shutdown is _?

  • Memory Management
  • shutdown
  • Crash Control
  • select

Q50. What type of information is found at this location in the System hive file

Location:ControlSet001\Enum\USBSTOR\”Device”\”Serial# or Unique instance ID”\Properties{83da6326-97a6-4088-9453-a1923f573b29}

  • user account information
  • USB device connection and disconnection dates and times
  • programs set to run at startup
  • prefetch settings

Q51. Appcompatcache was created by Microsoft to identify application compatibility Issues between 32 bit and 64 bit applications. What does the cache data track?

  • All of these
  • File Path
  • Last Modified Time
  • File Size
  • None of these

Q52. Information found in the Background Activity Moderator (BAM) sub-key proves?

  • Program execution by a specific user
  • Nothing
  • Program execution but not by a specific user
  • A change to the file MFT record

Q53. What do Shellbags track?

  • Folders or Directories within the windows file system
  • File Times
  • Recently used applications
  • Programs run at startup

Q54. The _ hive file stores artifacts such as the Last write time, Install Dates, Application Name, Version, and path to exe or dill

  • The NTUser.dat Hive File
  • The AmCache Hive File
  • The Sam File
  • The System Hive File

Conclusion

Hopefully, this article will be useful for you to find all the Week, final assessment, and Peer Graded Assessment Answers of the Windows Registry Forensics Quiz of Coursera and grab some premium knowledge with less effort. If this article really helped you in any way then make sure to share it with your friends on social media and let them also know about this amazing training. You can also check out our other course Answers. So, be with us guys we will share a lot more free courses and their exam/quiz solutions also, and follow our Techno-RJ Blog for more updates.

126 thoughts on “Windows Registry Forensics Coursera Quiz Answers 2022 | All Weeks Assessment Answers [💯Correct Answer]”

  1. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You clearly know what youre talking about, why throw away your intelligence on just posting videos to your site when you could be giving us something informative to read?

    Reply

  4. Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me. Anyways, I’m definitely happy I found it and I’ll be book-marking and checking back frequently!

    Reply

  9. You actually make it seem so easy with your presentation but I find this matter to be really something which I think I would never understand. It seems too complicated and very broad for me. I’m looking forward for your next post, I’ll try to get the hang of it!

    Reply

  10. Can I just say what a reduction to seek out someone who actually knows what theyre talking about on the internet. You positively know the right way to deliver a problem to mild and make it important. More people need to read this and perceive this aspect of the story. I cant believe youre no more common since you positively have the gift.

    Reply

  12. Hello there! Do you know if they make any plugins to assist with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results. If you know of any please share. Thanks!

    Reply

  13. Generally I do not read post on blogs, but I would like to say that this write-up very forced me to take a look at and do it! Your writing style has been surprised me. Thanks, very nice article.

    Reply

  15. Hey there! I know this is somewhat off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having difficulty finding one? Thanks a lot!

    Reply

  17. I just could not depart your web site before suggesting that I really loved the standard info a person provide to your visitors? Is going to be back steadily in order to check out new posts

    Reply

  20. Great – I should definitely pronounce, impressed with your website. I had no trouble navigating through all tabs and related information ended up being truly simple to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or anything, website theme . a tones way for your client to communicate. Excellent task.

    Reply

  21. Youre so cool! I dont suppose Ive learn anything like this before. So nice to search out anyone with some original thoughts on this subject. realy thank you for beginning this up. this web site is one thing that is wanted on the net, someone with a bit of originality. helpful job for bringing something new to the web!

    Reply

  24. Today, I went to the beachfront with my kids. I found a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She put the shell to her ear and screamed. There was a hermit crab inside and it pinched her ear. She never wants to go back! LoL I know this is completely off topic but I had to tell someone!

    Reply

  27. It’s actually a great and useful piece of information. I’m glad that you shared this useful info with us. Please keep us up to date like this. Thanks for sharing.

    Reply

  43. I’m not sure where you’re getting your info, but good topic. I needs to spend some time learning more or understanding more. Thanks for great information I was looking for this info for my mission.

    Reply

  45. Spot on with this write-up, I actually think this website needs far more consideration. I’ll in all probability be again to learn rather more, thanks for that info.

    Reply

  53. Youre so cool! I dont suppose Ive learn something like this before. So good to find any individual with some original thoughts on this subject. realy thanks for beginning this up. this website is something that is needed on the internet, somebody with somewhat originality. useful job for bringing one thing new to the internet!

    Reply

  59. I am curious to find out what blog platform you’re utilizing? I’m having some minor security problems with my latest blog and I would like to find something more safe. Do you have any suggestions?

    Reply

  100. You actually make it seem really easy with your presentation however I find this matter to be really one thing which I feel I’d by no means understand. It seems too complicated and extremely huge for me. I’m having a look forward in your subsequent submit, I will try to get the dangle of it!

    Reply

Leave a Comment

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker🙏.

Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock