


























































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Prepares candidates for Python scripting basics related to automation, forensic processing, parsing, reporting, and investigative workflow enhancement.
Typology: Exams
1 / 66
This page cannot be seen from the preview
Don't miss anything!



























































Question 1. Which Python statement correctly opens a forensic image file named “disk.img” for binary reading? A) open('disk.img', 'r') B) open('disk.img', 'rb') C) open('disk.img', 'w') D) open('disk.img', 'a') Answer: B Explanation: The mode 'rb' opens a file for reading in binary mode, preserving raw byte values essential for forensic analysis. Question 2. In Python, what is the result of the expression 0xFF + 1? A) 255 B) 256 C) 0x100 D) 0x00 Answer: B Explanation: 0xFF is hexadecimal for 255; adding 1 yields the integer 256. Python automatically converts the hex literal to an int before the operation. Question 3. Which of the following best describes Python’s “off-side rule”? A) Functions must be declared before they are called. B) Indentation determines block structure. C) All variables must be declared with a type. D) Modules must be imported at the top of the file. Answer: B Explanation: Python uses indentation (the off-side rule) to define code blocks such as loops, conditionals, and functions. Question 4. Which built-in function returns the Unicode code point of a single character? A) ord()
B) chr() C) unicode() D) hex() Answer: A Explanation: ord('A') returns 65, the integer Unicode code point for the character 'A'. Question 5. Which control-flow statement will execute a block only when a variable size is greater than 1024 and less than 2048? A) if size > 1024 or size < 2048: B) if size > 1024 and size < 2048: C) if size > 1024: D) if size < 2048: Answer: B Explanation: Both conditions must be true, so the logical and operator is required. **Question 6. What will be printed by the following code?
for i in range(0, 5, 2): print(i, end=' ') ```** A) `0 1 2 3 4` B) `0 2 4` C) `1 3 5` D) `0 2 4 5` Answer: B Explanation: `range(0,5,2)` generates 0, 2, 4; the loop prints each number followed by a space. ## Ultimate Exam **Question 10. Which regular expression pattern matches a valid IPv4 address?** A) `r'\d{1,3}(\.\d{1,3}){3}'` B) `r'([0-9]{1,3}\.){4}'` C) `r'(\d{1,3}\.){3}\d{1,3}'` D) `r'\d+\.\d+\.\d+\.\d+'` Answer: C Explanation: The pattern captures three groups of 1-3 digits followed by a dot, then a final 1- 3 - digit group. **Question 11. Which of the following statements correctly creates a CSV writer object that writes to a file named “report.csv” with UTF-8 encoding?** A) `csv.writer(open('report.csv', 'w'))` B) `csv.writer(open('report.csv', 'w', encoding='utf-8'))` C) `csv.writer(open('report.csv', 'rb'))` D) `csv.writer(open('report.csv', 'a'))` Answer: B Explanation: The file must be opened for text writing (`'w'`) with the desired encoding; then `csv.writer` can be instantiated. **Question 12. In a forensic script, which exception should be caught to handle a missing file error?** A) `ValueError` B) `IOError` C) `FileNotFoundError` D) `KeyError` Answer: C Explanation: `FileNotFoundError` is raised when `open()` cannot locate the specified file. **Question 13. Which SQLite pragma can be used to open a database in read-only mode from Python?** ## Ultimate Exam A) `PRAGMA journal_mode = OFF;` B) `PRAGMA read_only = TRUE;` C) `sqlite3.connect('file:mydb.db?mode=ro', uri=True)` D) `sqlite3.connect('mydb.db', read_only=True)` Answer: C Explanation: Using the URI syntax with `mode=ro` opens the database without write permissions. **Question 14. What is the output of the following code? ```python x = b'ABCDEF' print(x[1:4]) ```** A) `b'ABC'` B) `b'BCD'` C) `b'CDE'` D) `b'BCDE'` Answer: B Explanation: Slice indices 1-3 (stop exclusive 4) return bytes at positions 1,2,3 → `b'BCD'`. **Question 15. Which of the following is the correct way to convert a Unix epoch timestamp `1633024800` to a UTC datetime object?** A) `datetime.fromtimestamp(1633024800)` B) `datetime.utcfromtimestamp(1633024800)` C) `datetime.strptime(1633024800, '%s')` D) `datetime.timestamp(1633024800)` Answer: B ## Ultimate Exam Explanation: The `>` prefix can be inserted mid-format to switch to big-endian for subsequent fields; `'I'` reads a little-endian short then a big-endian unsigned int. **Question 19. Which Python data type is immutable and therefore safest for storing a cryptographic hash value?** A) `list` B) `dict` C) `bytes` D) `bytearray` Answer: C Explanation: `bytes` objects are immutable, preventing accidental modification of the hash value. **Question 20. Which `re` pattern will find a MAC address in the form “AA:BB:CC:DD:EE:FF”?** A) `r'([0-9A-F]{2}:){5}[0-9A-F]{2}'` B) `r'([0-9a-f]{2}-){5}[0-9a-f]{2}'` C) `r'([0-9A-F]{2}\.){5}[0-9A-F]{2}'` D) `r'([0-9A-F]{2}){6}'` Answer: A Explanation: The pattern captures five groups of two hex digits followed by a colon, then a final pair. **Question 21. In a forensic script, which built-in function should be used to safely evaluate a user-provided arithmetic expression without executing arbitrary code?** A) `eval()` B) `exec()` C) `ast.literal_eval()` D) `compile()` Answer: C ## Ultimate Exam Explanation: `ast.literal_eval` only evaluates literals (numbers, strings, tuples, lists, dicts) and rejects code execution. **Question 22. When iterating over rows returned by a SQLite cursor, which method returns each row as a dictionary rather than a tuple?** A) `cursor.fetchone()` B) `cursor.fetchall()` C) `cursor.row_factory = sqlite3.Row` D) `cursor.dictfetchall()` Answer: C Explanation: Setting `row_factory` to `sqlite3.Row` causes fetched rows to behave like dictionaries. **Question 23. Which Python statement correctly checks whether a variable `data` is of type `bytes`?** A) `if type(data) == 'bytes':` B) `if isinstance(data, bytes):` C) `if data is bytes:` D) `if data.__class__ == bytes:` Answer: B Explanation: `isinstance` is the idiomatic way to test an object’s type, supporting subclass checks. **Question 24. What does the `with` statement guarantee when opening a file for forensic processing?** A) The file is opened in binary mode. B) The file is automatically closed after the block. C) The file pointer is reset to the beginning after each read. D) The file is locked for exclusive access. Answer: B Explanation: `with` ensures the file’s `close()` method is called even if an exception occurs. ## Ultimate Exam **Question 28. Which method of a `csv.DictWriter` object writes the header row to the CSV file?** A) `writeheader()` B) `writerow(dict)` C) `writeheaders()` D) `write()` Answer: A Explanation: `writeheader()` writes the field names stored in the `DictWriter` to the output file. **Question 29. Which Python built-in function can be used to convert an integer `255` to its binary string representation?** A) `bin(255)` B) `hex(255)` C) `oct(255)` D) `str(255, 2)` Answer: A Explanation: `bin()` returns a string like `'0b11111111'`. **Question 30. In a forensic script, which of the following is the most appropriate way to log an error without terminating the program?** A) `print('Error')` B) `raise Exception('Error')` C) `logging.error('Error')` D) `sys.exit('Error')` Answer: C Explanation: The `logging` module records the error while allowing the program to continue or handle it gracefully. **Question 31. Which `struct` format character corresponds to a signed 8-byte (64-bit) integer in native byte order?** ## Ultimate Exam A) `q` B) `l` C) `i` D) `h` Answer: A Explanation: `q` denotes a signed long long (8 bytes). Without any endian prefix, it uses native order. **Question 32. What does the expression `b'\x00\x01'.hex()` return?** A) `'0001'` B) `'0x0001'` C) `'\\x00\\x01'` D) `'01'` Answer: A Explanation: The `hex()` method returns a lowercase hexadecimal string of the bytes, concatenated without prefixes. **Question 33. Which of the following statements will correctly decode a UTF- 8 encoded byte string `b'\xe2\x9c\x93'` to a Unicode string?** A) `b'\xe2\x9c\x93'.decode('utf-8')` B) `b'\xe2\x9c\x93'.encode('utf-8')` C) `str(b'\xe2\x9c\x93')` D) `unicode(b'\xe2\x9c\x93')` Answer: A Explanation: `decode('utf-8')` converts a bytes object to a `str` using the specified encoding. **Question 34. Which Python statement correctly checks that a variable `path` ends with the extension “.jpg” (case-insensitive)?** A) `if path.endswith('.jpg'):` B) `if path.lower().endswith('.jpg'):` ## Ultimate Exam C) `datetime.fromtimestamp((ft - 116444736000000000) / 10**7)` D) `datetime.utcfromtimestamp((ft - 116444736000000000) / 10**7)` Answer: D Explanation: FILETIME counts 100-nanosecond intervals since Jan 1 1601. Subtract the epoch offset (116444736000000000) and divide by 10⁷ to obtain seconds, then convert using `utcfromtimestamp`. **Question 38. Which `os` module function can be used to list all files in a directory named “evidence”?** A) `os.listdir('evidence')` B) `os.walk('evidence')` C) `os.scandir('evidence')` D) All of the above Answer: D Explanation: All three functions provide directory listings; `listdir` returns names, `scandir` returns iterator objects with metadata, and `walk` traverses sub-directories. **Question 39. Which of the following code snippets correctly writes a line “# Carved file” to a new text file `metadata.txt` using a context manager?** A) ```python with open('metadata.txt', 'w') as f: f.write('# Carved file')B)
f = open('metadata.txt', 'w') ## Ultimate Exam f.write('# Carved file')C)
with open('metadata.txt', 'a') as f: f.writelines('# Carved file')D)
with open('metadata.txt', 'wb') as f: f.write('# Carved file')Answer: A Explanation: Option A correctly opens the file for text writing, writes the string, and ensures automatic closure. Question 40. Which of the following statements about Python’s bool type is true? A) bool is a subclass of int. B) bool cannot be compared with integers. C) bool values occupy more memory than integers. D) bool cannot be used in arithmetic expressions. Answer: A Explanation: In Python, True equals 1 and False equals 0; bool is a subclass of int.
Question 44. In Python, which built-in function returns the length of a bytes object data? A) size(data) B) len(data) C) count(data) D) byteslen(data) Answer: B Explanation: len() works for strings, bytes, lists, etc., returning the number of elements. Question 45. Which SQLite command deletes all rows from a table named logs while keeping the table structure? A) DROP TABLE logs; B) DELETE FROM logs; C) TRUNCATE logs; D) REMOVE FROM logs; Answer: B Explanation: DELETE FROM removes rows but leaves the table definition intact. SQLite does not support TRUNCATE. Question 46. Which Python expression will correctly produce a list of file names that end with “.txt” from a list files? A) [f for f in files if f.endswith('.txt')] B) filter(lambda f: f.endswith('.txt'), files) C) list(map(lambda f: f if f.endswith('.txt') else None, files)) D) files.select(lambda f: f.endswith('.txt')) Answer: A Explanation: List comprehension with endswith filters the desired filenames. Question 47. Which of the following statements about the bytes slicing operation data[::2] is true?
A) It returns every second byte starting from the second byte. B) It returns every second byte starting from the first byte. C) It reverses the byte order. D) It raises a TypeError. Answer: B Explanation: A step of 2 selects indices 0, 2, 4, … (every second element starting at index 0). Question 48. Which of these statements correctly creates a dictionary named hashes mapping file names to their SHA-256 hash values? A) hashes = dict() B) hashes = {} C) hashes = [] D) Both A and B Answer: D Explanation: Both dict() and {} instantiate an empty dictionary. Question 49. Which sqlite3 method is used to commit a transaction after inserting data into a forensic database? A) cursor.commit() B) connection.commit() C) connection.save() D) cursor.save() Answer: B Explanation: Transactions are committed on the connection object via commit(). Question 50. In a forensic script, which Python statement correctly converts a UTF-16LE encoded byte string bdata to a Unicode string? A) bdata.decode('utf-16le') B) bdata.encode('utf-16le')
D) os.size('image.jpg') Answer: C Explanation: Both os.path.getsize and os.stat(...).st_size return the file size. Question 54. In Python, which statement will correctly concatenate two byte strings a = b'AB' and b = b'CD'? A) a + b B) a.append(b) C) a.extend(b) D) a.concat(b) Answer: A Explanation: The + operator concatenates bytes objects, producing b'ABCD'. Question 55. Which of the following is the correct way to format a string that includes a variable count using an f-string? A) f'Found {count} artifacts' B) 'Found %d artifacts' % count C) 'Found {0} artifacts'.format(count) D) All of the above Answer: D Explanation: All three methods produce the same result; the f-string is the most modern. Question 56. Which struct format character should be used to unpack a single precision (4-byte) floating-point number? A) f B) d C) i D) l Answer: A
Explanation: f denotes a 4-byte (float) in the struct module. Question 57. Which of the following statements correctly creates a generator that yields the squares of numbers from 0 to 9? A) (x**2 for x in range(10)) B) [x**2 for x in range(10)] C) list(x**2 for x in range(10)) D) map(lambda x: x**2, range(10)) Answer: A Explanation: Parentheses create a generator expression; the others produce a list or a map object. Question 58. Which Python module provides the hashlib library used to compute cryptographic hashes of evidence files? A) hashlib B) crypto C) hash D) digest Answer: A Explanation: hashlib includes functions such as sha256(), md5(), etc. Question 59. Which SQLite data type is best suited for storing timestamps as the number of seconds since the Unix epoch? A) INTEGER B) TEXT C) REAL D) BLOB Answer: A Explanation: Storing epoch seconds as an integer preserves exact values and allows numeric comparisons.