312-49 Question #523: Real Exam Question with Answer & Explanation

The correct answer is C: Key cell. In the Windows Registry binary structure (hive format), a key cell (also called an 'nk' record for Named Key) stores metadata about a registry key, including: offsets (pointers) to its parent key, subkeys list, value list, and security descriptor cell, as well as the LastWrite ti

Submitted by jaden.t· Apr 18, 2026Disk Forensics

Question

Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

Options

AValue list cell
BValue cell
CKey cell
DSecurity descriptor cell

Explanation

In the Windows Registry binary structure (hive format), a key cell (also called an 'nk' record for Named Key) stores metadata about a registry key, including: offsets (pointers) to its parent key, subkeys list, value list, and security descriptor cell, as well as the LastWrite timestamp that records when the key was last modified. This timestamp is forensically significant. Value cells (vk records) store individual value names and data. Value list cells store arrays of offsets pointing to value cells. Security descriptor cells (sk records) store access control information.

Topics

#Windows Registry#Registry structure#Key cell#Forensic analysis

Community Discussion

No community discussion yet for this question.

Full 312-49 Practice Browse All 312-49 Questions