









































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This certification validates skills in using Python scripting within Cellebrite Physical Analyzer. Topics include automation, custom scripts, artifact parsing, workflow optimization, and advanced data analysis. Candidates demonstrate the ability to extend forensic capabilities through scripting.
Typology: Exams
1 / 81
This page cannot be seen from the preview
Don't miss anything!










































































Question 1. Which Python interpreter is integrated into Cellebrite Physical Analyzer for scripting automation? A) CPython B) Jython C) IronPython D) PyPy Answer: C Explanation: Cellebrite Physical Analyzer integrates IronPython, which allows Python scripting within the tool’s .NET environment. Question 2. What is the correct way to declare a string variable in IronPython used in Physical Analyzer? A) string name = "John" B) var name = "John" C) name = "John" D) let name = "John" Answer: C Explanation: IronPython uses standard Python syntax, so a string variable is declared as name = "John". Question 3. How do you convert a Unix Epoch timestamp to a readable date in Python? A) datetime.fromtimestamp(epoch) B) convert(epoch) C) epoch.to_datetime() D) str(epoch) Answer: A
Explanation: datetime.fromtimestamp(epoch) converts a Unix Epoch integer to a human- readable date. Question 4. Which structure best suits storing a collection of chat messages in Python? A) String B) List C) Integer D) Boolean Answer: B Explanation: A list can store multiple message objects, making it suitable for collections. Question 5. What is the main advantage of using functions in Python scripts for forensics? A) Reduces typing B) Enables code reuse and modularity C) Makes code slower D) Increases errors Answer: B Explanation: Functions help make code reusable and organized, especially when parsing similar data structures. Question 6. Which of the following would best handle missing files in a script? A) If/Else B) Try/Except C) While loop D) Print statements Answer: B
Explanation: The bool type is designed for True/False values, such as deletion status. Question 10. What does the split() function do when used on a string? A) Joins strings B) Removes whitespace C) Splits a string into a list D) Converts to uppercase Answer: C Explanation: split() breaks a string into a list based on a delimiter (default is space). Question 11. Which regular expression pattern would best extract email addresses from text? A) \d{3}-\d{2}-\d{4} B) [\w.-]+@[\w.-]+ C) [A-Z][a-z]+ D) \w{8,} Answer: B Explanation: [\w.-]+@[\w.-]+ matches most standard email formats. Question 12. What Python statement is used to check if a variable is equal to 10? A) if var = 10 B) if var equal 10 C) if var == 10 D) if var := 10 Answer: C Explanation: "==" checks for equality in Python conditions.
Question 13. How does IronPython differ from CPython in Cellebrite scripting? A) IronPython runs on .NET and integrates with PA B) CPython is faster in PA C) IronPython cannot use Python syntax D) IronPython is only for Mac Answer: A Explanation: IronPython is built for .NET, allowing integration with Physical Analyzer's internals. Question 14. Which method would you use to handle incorrect data types in a database column? A) Ignore B) Try/Except C) Loop D) Print Answer: B Explanation: Try/Except blocks catch type conversion errors during parsing. Question 15. What Python keyword is used to define a function? A) function B) define C) def D) fn Answer: C Explanation: Python functions are defined using the "def" keyword.
Question 19. What is the purpose of mapping custom data fields to the "Instant Messages" category in PA? A) To hide data B) To standardize reporting C) To make scripts slower D) To delete messages Answer: B Explanation: Mapping fields ensures that custom app data appears in PA's standard reports. Question 20. Which Python object is returned by executing a SELECT statement using cursor.execute()? A) List B) Dict C) Cursor D) Set Answer: C Explanation: Cursor objects allow iteration over query results. Question 21. What is the result of the following code: "if not found: print('No record')" when found is False? A) Prints 'No record' B) Does nothing C) Gives error D) Loops infinitely Answer: A Explanation: "not False" is True, so it prints the message.
Question 22. Which Python function reads all lines from a file into a list? A) read() B) readlines() C) readline() D) readall() Answer: B Explanation: readlines() returns a list of strings, one per line. Question 23. Which method is used to add a note to an artifact in PA using Python? A) add_note() B) setNote() C) artifact.addNote() D) create_note() Answer: C Explanation: artifact.addNote() attaches a note to the given artifact object. Question 24. What is the default delimiter for the split() function in Python? A) Comma B) Space C) Tab D) Semicolon Answer: B Explanation: split(), when called without arguments, splits on whitespace.
A) For B) While C) Recursive D) Infinite Answer: A Explanation: For loops are best for a known number of iterations. Question 29. What is the output type of cursor.fetchall() in Python's sqlite3 module? A) List of tuples B) Dict C) Set D) Single tuple Answer: A Explanation: fetchall() returns all rows as a list of tuples. Question 30. Which Python module is required for regular expressions? A) regex B) re C) regexp D) str Answer: B Explanation: The re module provides regex support in Python. Question 31. What is the best way to ensure a script does not crash when accessing a missing key in a dictionary?
A) Use dict.get() B) Use list index C) Use a for loop D) Use print Answer: A Explanation: dict.get() can return a default value if the key is missing, preventing errors. Question 32. Which Python statement is used for importing modules? A) use B) require C) import D) include Answer: C Explanation: "import" is the standard statement for loading modules. Question 33. What does the 'continue' statement do in a Python loop? A) Exits the loop B) Skips to the next iteration C) Stops the script D) Pauses execution Answer: B Explanation: continue skips the remaining statements and starts the next loop iteration. Question 34. What is the main reason to use Python scripts within Cellebrite Physical Analyzer? A) Game development
C) Stop script D) Use only print statements Answer: B Explanation: try/except allows you to manage parsing errors gracefully. Question 38. What does the 'pass' statement do in Python? A) Skips execution B) Exits the script C) Raises an error D) Pauses the program Answer: A Explanation: pass is a no-op; it's used as a placeholder. Question 39. Which is the correct way to start a multiline comment in Python? A) // B) /* C) """ D) # Answer: C Explanation: Triple quotes """ are used for multiline comments or docstrings. Question 40. What is the result of running len([1,2,3,4])? A) 1 B) 2 C) 4
Answer: C Explanation: len() returns the number of elements in a list. Question 41. To parse timestamps stored as Mac Absolute time, which base date is used? A) Jan 1, 1970 B) Jan 1, 2001 C) Jan 1, 1980 D) Jan 1, 1990 Answer: B Explanation: Mac Absolute time counts from Jan 1, 2001. Question 42. What is the role of the Physical Analyzer Python API? A) To run Java code B) To interact with PA internals and automate tasks C) To send emails D) To edit photos Answer: B Explanation: The API allows scripts to access and manipulate PA’s data models and artifacts. Question 43. Which method is used to remove whitespace from both ends of a string? A) trim() B) strip() C) clean() D) erase()
Explanation: raise Exception("message") creates a new exception. Question 47. Which Python module is used for working with dates and times? A) datetime B) time C) calendar D) dateutil Answer: A Explanation: datetime is the standard module for date/time objects. Question 48. How can you check if a substring exists within a string in Python? A) in B) == C) contains() D) equals() Answer: A Explanation: The 'in' operator checks if a substring is present. Question 49. Which function is used to parse a plist file in Python? A) plistlib.load() B) json.load() C) plist.parse() D) parse_plist() Answer: A Explanation: plistlib.load() parses plist files into Python objects.
Question 50. What does the enumerate() function do in a loop? A) Returns index and value pairs B) Sorts list C) Removes duplicates D) Flattens list Answer: A Explanation: enumerate() yields both the index and the element per iteration. Question 51. What is the effect of using break in a Python loop? A) Starts next iteration B) Skips all loops C) Exits the current loop D) Ignores condition Answer: C Explanation: break immediately exits the loop. Question 52. What is the recommended way to format a string with variable values in Python 3? A) % B) .format() C) f-strings D) + Answer: C Explanation: f-strings (e.g., f"{value}") are the modern, readable way.
A) To handle exceptions B) To process collections of records C) To import modules D) To define functions Answer: B Explanation: For loops are used to iterate over multiple data entries. Question 57. Which of the following is a valid Python dictionary? A) dict = [1,2,3] B) dict = (key:value) C) dict = {"name":"John"} D) dict = "key:value" Answer: C Explanation: Dictionaries use curly braces with key:value pairs. Question 58. What is the output of type(42)? A) "integer" B) <class 'int'> C) int D) "int" Answer: B Explanation: type(42) returns the class type of the object. Question 59. What is a practical use of regular expressions in mobile forensics? A) Extracting phone numbers from text
B) Encrypting data C) Drawing graphics D) Calculating checksums Answer: A Explanation: Regex is used to extract patterns like phone numbers or emails. Question 60. What does the 'with' statement do when working with files? A) Closes files automatically B) Deletes files C) Prints files D) Ignores errors Answer: A Explanation: with ensures files are closed after the block is exited. Question 61. Which of the following is a valid Python comment? A) // This is a comment B) # This is a comment C) -- This is a comment D) ; This is a comment Answer: B Explanation: Python comments start with #. Question 62. When using the Physical Analyzer Python API, what is an Artifact? A) A deleted file B) A unit of extracted data