Nuix Certified Master Pathways Exam, Exams of Technology

The Nuix Certified Master Pathways Exam validates advanced mastery of Nuix investigative and analytics platforms. It covers large-scale data processing, complex queries, analytics workflows, automation, and advanced reporting. This certification prepares professionals to manage and analyze massive datasets for eDiscovery, investigations, and intelligence analysis.

Typology: Exams

2025/2026

Available from 01/23/2026

shilpi-jain-2
shilpi-jain-2 🇮🇳

1

(1)

25K documents

1 / 92

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Nuix Certified Master Pathways Exam
**Question 1. Which component of the Nuix Workstation coordinates the distribution of processing
tasks to workers?**
A) Case Manager
B) Engine Core
C) Worker Scheduler
D) UI Controller
Answer: C
Explanation: The Worker Scheduler decides how tasks are allocated to each Nuix Worker, balancing load
and resources.
**Question 2. In a Nuix case directory, where are the original evidence files stored after ingestion?**
A) evidence/ folder
B) source/ folder
C) original/ folder
D) ingest/ folder
Answer: A
Explanation: The “evidence” subdirectory holds the raw files as they were added to the case, preserving
original timestamps and metadata.
**Question 3. Which processing profile option enables optical character recognition (OCR) on image
files?**
A) Imaging SlipSheeting
B) OCR Enable Text Extraction
C) MIME Force Binary
D) Performance HighSpeed Mode
Answer: B
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c

Partial preview of the text

Download Nuix Certified Master Pathways Exam and more Exams Technology in PDF only on Docsity!

Question 1. Which component of the Nuix Workstation coordinates the distribution of processing tasks to workers? A) Case Manager B) Engine Core C) Worker Scheduler D) UI Controller Answer: C Explanation: The Worker Scheduler decides how tasks are allocated to each Nuix Worker, balancing load and resources. Question 2. In a Nuix case directory, where are the original evidence files stored after ingestion? A) evidence/ folder B) source/ folder C) original/ folder D) ingest/ folder Answer: A Explanation: The “evidence” sub‑directory holds the raw files as they were added to the case, preserving original timestamps and metadata. Question 3. Which processing profile option enables optical character recognition (OCR) on image files? A) Imaging – Slip‑Sheeting B) OCR – Enable Text Extraction C) MIME – Force Binary D) Performance – High‑Speed Mode Answer: B

Explanation: The OCR option tells the engine to run text extraction on supported image types during processing. Question 4. When adding a forensic image (e.g., E01) to a case, which Nuix feature automatically mounts the image for file‑level access? A) Virtual File System (VFS) B) Image Loader C) Disk Reader D) Evidence Wrapper Answer: A Explanation: Nuix’s Virtual File System presents the contents of the image as a regular file hierarchy for analysis. Question 5. How can a Nuix administrator limit a worker’s memory usage to 8 GB? A) Set “maxMemory” in worker.properties B) Edit the Java heap argument in the worker launch script C) Use the “Memory Cap” slider in the UI D) Adjust the OS‑level cgroup limit Answer: B Explanation: The Java heap size (‑Xmx) in the worker’s start‑up script determines the maximum RAM the worker can allocate. Question 6. Which Nuix feature helps identify “Irregular Items” that failed to process normally? A) Exception Dashboard B) Irregular Item Report C) Processing Log Viewer

B) Date C) String (Free Text) D) Enumerated List Answer: C Explanation: The String (Free Text) field type accepts any textual input, suitable for reviewer comments. Question 10. In Windows Registry forensics, which hive contains the list of installed programs and their uninstall keys? A) SAM B) SOFTWARE C) SYSTEM D) NTUSER.DAT Answer: B Explanation: The SOFTWARE hive stores information about installed applications, including the “Uninstall” sub‑key. Question 11. Which registry hive holds user‑specific environment variables and recent file lists? A) SAM B) SOFTWARE C) SYSTEM D) NTUSER.DAT Answer: D Explanation: NTUSER.DAT contains per‑user settings, including RecentDocs and environment variables. Question 12. LNK files are most useful for reconstructing which type of activity?

A) Network connections B) File system timestamps C) User file access and shortcut usage D) Email correspondence Answer: C Explanation: LNK (shortcut) files store the target path, timestamps, and sometimes the working directory, revealing user navigation. Question 13. Jump Lists in Windows 10 are stored in which location? A) %AppData%\Roaming\Microsoft\Windows\Recent B) %AppData%\Local\Microsoft\Windows\JumpLists C) %ProgramData%\Microsoft\Windows\JumpLists D) %UserProfile%\AppData\Local\Microsoft\Windows\Explorer\JumpLists Answer: D Explanation: Jump List data resides in the Explorer folder under the user’s Local AppData. Question 14. Which Windows Event Log file extension is parsed by Nuix for security analysis? A) .evt B) .evtx C) .log D) .xml Answer: B Explanation: Modern Windows logs are stored in the .evtx binary format, which Nuix can parse for event records.

Question 18. When analyzing a PST file, which Nuix feature helps maintain email threading? A) Conversation Indexing B) Thread Reconstruction Engine C) Parent‑Child Relationship Mapping D) Message Grouping Wizard Answer: B Explanation: The Thread Reconstruction Engine uses the “In‑Reply‑To” and “References” headers to rebuild conversation threads. Question 19. Which file format is used by Microsoft Exchange to store mailbox data on the server? A) PST B) OST C) EDB D) MSG Answer: C Explanation: Exchange stores mailboxes in Extensible Storage Engine (EDB) files. Question 20. XRY and Cellebrite exports are typically imported into Nuix as: A) EnCase Evidence Files B) Raw Binary Images C) Structured XML/JSON bundles D) Proprietary proprietary containers Answer: C

Explanation: Both tools can generate XML/JSON export packages that Nuix can ingest for mobile data analysis. Question 21. In NQL, which operator is used for proximity searching within 5 words of each other? A) AND B) NEAR/ C) W/ D) PROX(5) Answer: B Explanation: The “NEAR/5” operator finds terms appearing within five words of each other. Question 22. To search for items where the field “kind” equals “email”, which NQL syntax is correct? A) kind == email B) kind:email C) kind = “email” D) kind IS email Answer: B Explanation: NQL uses the colon syntax for fielded searches (field:value). Question 23. Which regular expression pattern will match a 16‑digit credit‑card number with optional spaces or dashes? A) \d{16} B) (\d{4}[- ]?){4} C) \b\d{4} \d{4} \d{4} \d{4}\b D) (\d{4}\s?){4}

D) Scheduling processing jobs Answer: B Explanation: Cubes allow analysts to slice and dice data along multiple fields (e.g., custodian, keyword, date) for insight. Question 27. Which of the following is a characteristic of Continuous Active Learning (CAL) in TAR? A) The model is retrained after every reviewer decision B) Only a fixed set of seed documents is used C) Reviewers label a random sample once, then the model stops learning D) CAL requires manual adjustment of thresholds after each round Answer: A Explanation: CAL continuously incorporates reviewer feedback, updating the predictive model after each judgment. Question 28. The F1 score is the harmonic mean of which two metrics? A) Accuracy and Precision B) Recall and Specificity C) Precision and Recall D) Sensitivity and Specificity Answer: C Explanation: F1 balances precision (relevant retrieved) and recall (relevant retrieved out of all relevant). Question 29. In Nuix licensing, a “dongle” refers to: A) A software‑based license key file B) A hardware USB device that stores the license

C) A cloud‑based subscription token D) An enterprise license server Answer: B Explanation: A dongle is a physical USB device that contains the license information for the Nuix engine. Question 30. Which log file contains detailed information about each item processed during a case ingest? A) case.log B) worker.log C) engine.log D) audit.log Answer: A Explanation: case.log records per‑item processing details, including successes, warnings, and errors. Question 31. When migrating a case from SSD storage to HDD, which Nuix feature helps preserve the case’s index integrity? A) Re‑index Wizard B) Case Export/Import C) Storage Tiering Assistant D) Index Relocation Tool Answer: D Explanation: The Index Relocation Tool moves index files while updating internal references, ensuring search performance remains intact. Question 32. Which export format is most commonly used for loading data into Relativity? A) DAT

Question 35. When ingesting cloud‑based mail (e.g., Office 365), which Nuix feature retrieves items directly via API? A) Cloud Connector B) Email Harvestor C) Remote Ingest Agent D) API Pull Engine Answer: A Explanation: The Cloud Connector authenticates to Office 365 and pulls mail items without needing PST/OST files. Question 36. Which registry key records the last logged‑on user on a Windows workstation? A) HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser B) HKCU\Control Panel\Desktop\LogonUser C) HKLM\System\CurrentControlSet\Control\ComputerName\ComputerName D) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Answer: A Explanation: The “LastLoggedOnUser” value stores the username of the most recent interactive logon. Question 37. In a forensic image, the presence of a “slack space” indicates: A) Unallocated disk space that may contain residual data B) Encrypted partitions C) Hidden partitions D) Corrupted sectors Answer: A

Explanation: Slack space is the unused portion of a disk cluster that can retain fragments of previously deleted data. Question 38. Which Nuix feature can automatically flag items containing Social Security Numbers (SSN) using a built‑in pattern? A) PII Detector B) Sensitive Data Finder C) Entity Extraction Engine D) Data Classification Wizard Answer: A Explanation: The PII Detector includes predefined regular expressions for SSNs and other common identifiers. Question 39. When configuring a processing profile, the “Slip‑Sheeting” option is primarily used for: A) Adding a header page to PDF outputs B) Creating a single continuous PDF from multiple items C) Removing blank pages from scanned documents D) Merging OCR text layers with original images Answer: B Explanation: Slip‑Sheeting concatenates a series of PDFs into one continuous document, easing review. Question 40. Which field in Nuix’s metadata schema indicates whether an item was flagged as “deleted” by the source system? A) flag:deleted B) status:removed C) attribute:deleted

B) Applying filters to reduce the dataset to a manageable size for review C) Exporting selected items to a load file D) Archiving completed cases Answer: B Explanation: Culling is the process of using queries, clusters, or tags to narrow down the pool of items before detailed review. Question 44. Which NQL operator would you use to exclude items containing the term “password”? A) NOT password B) - password C) password! D) EXCLUDE password Answer: A Explanation: The “NOT” operator negates the presence of the specified term in the search results. Question 45. When creating a custom TAR model, which metric should be monitored to ensure the model is not over‑fitting? A) Training set precision only B) Validation set recall C) Difference between training and validation F1 scores D) Number of features used Answer: C Explanation: A large gap between training and validation scores indicates over‑fitting; monitoring both helps maintain model generalization.

Question 46. Which Nuix log entry would most likely indicate a worker crash due to insufficient memory? A) “Worker started successfully” B) “OutOfMemoryError: Java heap space” C) “Processing completed in 0 ms” D) “License check failed” Answer: B Explanation: An “OutOfMemoryError” directly signals that the Java heap limit was exceeded, causing the worker to terminate. Question 47. In Nuix Discover, a “coding form” that uses radio buttons is best suited for: A) Multiple‑select tagging B) Single‑choice categorization (e.g., Relevant / Non‑Relevant) C) Free‑text notes D) Hierarchical tagging Answer: B Explanation: Radio buttons enforce a single selection, ideal for mutually exclusive coding decisions. Question 48. Which of the following best describes “CAL” in the context of TAR? A) A static model trained on a fixed seed set B) A model that continuously updates as reviewers label items C) A manual review technique without machine assistance D) A post‑processing step that cleans up false positives Answer: B Explanation: Continuous Active Learning (CAL) retrains the predictive model after each reviewer judgment, improving accuracy over time.

Answer: B Explanation: Streaming Mode reads mailbox items sequentially, keeping memory usage low for massive mailboxes. Question 52. In a forensic investigation, the presence of a “prefetch” (.pf) file most likely indicates: A) Recent execution of the associated executable file B) A deleted Windows registry hive C) Encrypted data stored in memory D) Network traffic capture file Answer: A Explanation: Prefetch files store metadata about program launches, including timestamps and file paths. Question 53. Which Nuix setting determines the maximum size of a single item that will be processed (e.g., to avoid extremely large files)? A) maxItemSize B) itemSizeLimit C) processingThreshold D) fileSizeCap Answer: B Explanation: The “itemSizeLimit” parameter defines the upper bound for item size; items exceeding it are skipped or flagged. Question 54. The “Export Profile” in Nuix Discover can be configured to include which of the following optional fields? A) Original file path, Custodian, and Custom metadata fields B) Only the item’s hash value

C) System logs from the processing server D) Worker CPU utilization statistics Answer: A Explanation: Export Profiles allow inclusion of any metadata, such as original path, custodian, and user‑defined fields. Question 55. In the context of Nuix, “metadata profiling” primarily helps analysts to: A) Speed up OCR processing B) Identify which metadata fields are present across the dataset for later filtering C) Encrypt case data at rest D) Generate hash values for deduplication Answer: B Explanation: Profiling scans the case to list available metadata fields and their values, informing query design and review strategies. Question 56. Which Windows artifact contains information about recently accessed USB devices? A) SYSTEM hive – USBSTOR key B) SAM hive – USBDevices sub‑key C) SOFTWARE hive – DeviceClasses D) NTUSER.DAT – MountedDevices key Answer: A Explanation: The USBSTOR key under the SYSTEM hive records device IDs, timestamps, and connection history. Question 57. When analyzing a mobile device export, which Nuix view is most useful for visualizing call‑log relationships?