CertsTopics Logo

Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium Guidance Software GD0-100 Dumps Questions Answers

Page: 1 / 7
Total 176 questions
Get GD0-100 Full Access Download GD0-100 PDF

Certification Exam For ENCE North America Questions and Answers

Question 1

What are the EnCase configuration .ini files used for?

Options:

A.

Storing information that will be available to EnCase each time it is opened, regardless of the active case(s).

B.

Storing the results of a signature analysis.

C.

Storing information that is specific to a particular case.

D.

Storing pointers to acquired evidence.

Buy Now
Question 2

A file extension and signature can be manually added by:

Options:

A.

Using the new library feature under hash libraries.

B.

Right-clicking on a file and selecting dd.?

C.

Using the new set feature under hash sets.

D.

Using the new file signature feature under file signatures.

Question 3

A hash library would most accurately be described as:

Options:

A.

A master table of file headers and extensions.

B.

A file containing hash values from one or more selected hash sets.

C.

Botha and b.

D.

A list of the all the MD5 hash values used to verify the evidence files.

Question 4

A signature analysis has been run on a case. The result "Bad Signature " means:

Options:

A.

The file signature is known and does not match a known file header.

B.

The file signature is known and the file extension is known.

C.

The file signature is known and does not match a known file extension.

D.

The file signature is unknown and the file extension is known.

Question 5

A case file can contain ____ hard drive images?

Options:

A.

5

B.

1

C.

any number of

D.

10

Question 6

4 bits allows what number of possibilities?

Options:

A.

16

B.

4

C.

2

D.

8

Question 7

EnCase uses the _________________ to conduct a signature analysis.

Options:

A.

Both a and b

B.

file signature table

C.

hash library

D.

file Viewers

Question 8

To undelete a file in the FAT file system, EnCase computes the number of _______ the file will use based on the file ______.

Options:

A.

Clusters;starting extent

B.

Sectors;starting extent

C.

Clusters;file size

D.

Sectors;file size

Question 9

Which of the following would most likely be an add-in card?

Options:

A.

A video card that is connected to the motherboard in the AGP slot

B.

Anything plugged into socket 7

C.

A motherboard

D.

The board that connects to the power supply

Question 10

What information in a FAT file system directory entry refers to the location of a file on the hard drive?

Options:

A.

The file size

B.

The file attributes

C.

The starting cluster

D.

The fragmentation settings

Question 11

The results of a hash analysis on an evidence file that has been added to a case will be stored in which of the following files?

Options:

A.

The evidence file

B.

All of the above

C.

The case file

D.

The configuration HashAnalysis.ini file

Question 12

Select the appropriate name for the highlighted area of the binary numbers.

Options:

A.

Byte

B.

Dword

C.

Bit

D.

Word

E.

Nibble

Question 13

The EnCase methodology dictates that the lab drive for evidence have a __________ prior to making an image.

Options:

A.

FAT 16 partition

B.

NTFS partition

C.

unique volume label

D.

bare, unused partition

Question 14

GREP terms are automatically recognized as GREP by EnCase.

Options:

A.

True

B.

False

Question 15

When a non-compressed evidence file is reacquired with compression, the acquisition and verification hash values for the evidence will remain the same for both files.

Options:

A.

True

B.

False

Question 16

By default, what color does EnCase use for slack?

Options:

A.

Black on red

B.

Red on black

C.

Red

D.

Black

Question 17

RAM is used by the computer to:

Options:

A.

Execute the POST during start-up.

B.

Temporarily store electronic data that is being processed.

C.

Permanently store electronic data.

D.

Establish a connection with external devices.

Question 18

A suspect typed a file on his computer and saved it to a floppy diskette. The filename was MyNote.txt. You receive the floppy and the suspect computer. The suspect denies that the floppy disk belongs to him. You search the suspect computer and locate only the suspect? computer. The suspect denies that the floppy disk belongs to him. You search the suspect? computer and locate only the filename within a .LNK file. The .LNK file is located in the folder C:\Windows\Recent. How you would use the .LNK file to establish a connection between the file on the floppy diskette and the suspect computer? connection between the file on the floppy diskette and the suspect? computer?

Options:

A.

Both a and b

B.

The dates and time of the file found in the .LNK file, at file offset 28

C.

The full path of the file, found in the .LNK file

D.

The file signature found in the .LNK file

Question 19

A sector on a hard drive contains how many bytes?

Options:

A.

2048

B.

4096

C.

1024

D.

512

Question 20

A hard drive has 8 sectors per cluster. File Mystuff.doc has a logical file size of 13,000 bytes. How many clusters will be used by Mystuff.doc?

Options:

A.

4

B.

1

C.

2

D.

3

Question 21

Using good forensic practices, when seizing a computer at a business running Windows 2000 Server you should:

Options:

A.

Pull the plug from the back of the computer.

B.

Press the power button and hold it in.

C.

Shut it down normally.

D.

Pull the plug from the wall.

Question 22

For an EnCase evidence file acquired with a hash value to pass verification, which of the following must be true?

Options:

A.

The MD5 hash value must verify.

B.

The CRC values must verify.

C.

The CRC values and the MD5 hash value both must verify.

D.

Either the CRC or MD5 hash values must verify.

Question 23

Hash libraries are commonly used to:

Options:

A.

Compare a file header to a file extension.

B.

Identify files that are already known to the user.

C.

Compare one hash set with another hash set.

D.

Verify the evidence file.

Question 24

A SCSI host adapter would most likely perform which of the following tasks?

Options:

A.

Configure the motherboard settings to the BIOS.

B.

Set up the connection of IDE hard drives.

C.

Make SCSI hard drives and other SCSI devices accessible to the operating system.

D.

None of the above.

Question 25

The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. Speed and Meth

Options:

A.

Meth

B.

Meth Speed

C.

Speed andMeth

D.

Speed

Question 26

Which of the following selections would be used to keep track of a fragmented file in the FAT file system?

Options:

A.

The directory entry for the fragmented file

B.

The partition table of extents

C.

The File Allocation Table

D.

All of the above

Exam Detail
Vendor: Guidance Software
Certification: EnCE
Exam Code: GD0-100
Exam Name: Certification Exam For ENCE North America
Last Update: Nov 21, 2024
GD0-100 Question Answers
Page: 1 / 7
Total 176 questions
Get GD0-100 Full Access Download GD0-100 PDF