What is the term for data attached to a file but not stored within the file itself on an NTFS system?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

What is the term for data attached to a file but not stored within the file itself on an NTFS system?

Explanation:
NTFS supports more than one data stream for a file, with the default stream holding the visible contents. Additional data streams can be attached to the same file without altering its main content. This concept is called an alternate data stream. It explains data that is associated with a file but not stored inside the file itself, which is why you can have hidden or metadata-like content alongside the visible data. You access these streams by referring to the file name followed by a colon and the stream name, such as file.txt:stream, and you’d use specific tools or commands to view or extract them. This capability can be used legitimately for metadata, but it’s important for security and forensics because hidden streams can conceal data or payloads. The other terms don’t fit: NTFS is the file system, RAM is volatile memory, and the MBR is the partition’s boot record, none of which describe data attached to a file within the filesystem.

NTFS supports more than one data stream for a file, with the default stream holding the visible contents. Additional data streams can be attached to the same file without altering its main content. This concept is called an alternate data stream. It explains data that is associated with a file but not stored inside the file itself, which is why you can have hidden or metadata-like content alongside the visible data. You access these streams by referring to the file name followed by a colon and the stream name, such as file.txt:stream, and you’d use specific tools or commands to view or extract them. This capability can be used legitimately for metadata, but it’s important for security and forensics because hidden streams can conceal data or payloads. The other terms don’t fit: NTFS is the file system, RAM is volatile memory, and the MBR is the partition’s boot record, none of which describe data attached to a file within the filesystem.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy