Black Friday Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

GD0-100 Questions and Answers

Question # 6

How many partitions can be found in the boot partition table found at the beginning of the drive?

A.

8

B.

4

C.

6

D.

2

Full Access
Question # 7

When Unicode is selected for a search keyword, EnCase:

A.

Will find the keyword if it is either Unicode or ASCII.

B.

Unicode is not a search option for EnCase.

C.

Will only find the keyword if it is Unicode.

D.

None of the above.

Full Access
Question # 8

Two allocated files can occupy one cluster, as long as they can both fit within the allotted number of bytes.

A.

True

B.

False

Full Access
Question # 9

Changing the filename of a file will change the hash value of the file.

A.

True

B.

False

Full Access
Question # 10

The first sector on a hard drive is called the:

A.

Master file table

B.

Master boot record

C.

Volume boot record

D.

Volume boot sector

Full Access
Question # 11

The spool files that are created during a print job are __________ after the print job is completed.

A.

moved

B.

wiped

C.

deleted and wiped

D.

deleted

Full Access
Question # 12

You are conducting an investigation and have encountered a computer that is running in the field. The operating system is Windows XP. A software program is currently running and is visible on the screen. You should:

A.

Navigate through the program and see what the program is all about, then pull the plug.

B.

Pull the plug from the back of the computer.

C.

Photograph the screen and pull the plug from the back of the computer.

D.

Pull the plug from the wall.

Full Access
Question # 13

The EnCase signature analysis is used to perform which of the following actions?

A.

Analyzing the relationship of a file signature to its file extension.Analyzing the relationship of a file signature to its file extension.

B.

Analyzing the relationship of a file signature to its file header.Analyzing the relationship of a file signature to its file header.

C.

Analyzing the relationship of a file signature to a list of hash sets.Analyzing the relationship of a file signature to a list of hash sets.

D.

Analyzing the relationship of a file signature to its computed MD5 hash value.Analyzing the relationship of a file signature to its computed MD5 hash value.

Full Access
Question # 14

If cluster #3552 entry in the FAT table contains a value of ?? this would mean:

A.

The cluster is unallocated

B.

The cluster is the end of a file

C.

The cluster is allocated

D.

The cluster is marked bad

Full Access
Question # 15

Select the appropriate name for the highlighted area of the binary numbers.

A.

Byte

B.

Dword

C.

Bit

D.

Word

E.

Nibble

Full Access
Question # 16

A physical file size is:

A.

The total size in sectors of an allocated file.

B.

The total size of all the clusters used by the file measured in bytes.

C.

The total size in bytes of a logical file.

D.

The total size of the file including the ram slack in bytes.

Full Access
Question # 17

Within EnCase, what is purpose of the default export folder?

A.

This is the folder that will be automatically selected when the copy/unerase feature is used.

B.

This is the folder that will automatically store an evidence file when the acquisition is made in DOS.

C.

This is the folder that temporarily stores all bookmark and search results.

D.

This is the folder used to hold copies of files that are sent to external viewers.

Full Access
Question # 18

The Unicode system can address ____ characters?

A.

65,536

B.

16,384

C.

256

D.

1024

Full Access
Question # 19

The EnCase evidence file logical filename can be changed without affecting the verification of the acquired evidence.

A.

True

B.

False

Full Access
Question # 20

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. Bob@ [a-z]+.com

A.

Bob@New zealand.com

B.

Bob@My-Email.com

C.

Bob@America.com

D.

Bob@a-z.com

Full Access
Question # 21

The EnCase case file can be best described as:

A.

The file that runs EnCase for Windows.

B.

A filecontain configuration settings for cases.

C.

None of the above.

D.

A file that contains information specific to one case.

Full Access
Question # 22

For an EnCase evidence file acquired with a hash value to pass verification, which of the following must be true?

A.

The MD5 hash value must verify.

B.

The CRC values must verify.

C.

The CRC values and the MD5 hash value both must verify.

D.

Either the CRC or MD5 hash values must verify.

Full Access
Question # 23

You are at an incident scene and determine that a computer contains evidence as described in the search warrant. When you seize the computer, you should:

A.

Record nothing to avoid inaccuracies that might jeopardize the use of the evidence.

B.

Record the location that the computer was recovered from.

C.

Record the identity of the person(s) involved in the seizure.

D.

Record the date and time the computer was seized.

Full Access
Question # 24

Creating an image of a hard drive that was seized as evidence:

A.

May be done by anyone because it is a relatively simple procedure.

B.

May only be done by trained personnel because the process has the potential to alter the original evidence.

C.

May only be done by computer scientists.

D.

Should be done by the user, as they are most familiar with the hard drive.

Full Access
Question # 25

How does EnCase verify that the evidence file contains an exact copy of the suspect hard drive? How does

EnCase verify that the evidence file contains an exact copy of the suspect's hard drive?

A.

By means of a CRC value of the suspect hard drive compared to a CRC value of the data stored in the evidence file.By means of a CRC value of the suspect? hard drive compared to a CRC value of the data stored in the evidence file.

B.

By means of an MD5 hash of the suspect hard drive compared to an MD5 hash of the data stored in the evidence file.By means of an MD5 hash of the suspect? hard drive compared to an MD5 hash of the data stored in the evidence file.

C.

By means of a CRC value of the evidence file itself.

D.

By means of an MD5 hash value of the evidence file itself.

Full Access
Question # 26

Which statement would most accurately describe a motherboard?

A.

An add-in card that handles allRAM.

B.

Any circuit board, regardless of its function.

C.

The main circuit board that has slots for the microprocessor, RAM, ROM, and add-in cards.

D.

An add-in card that controls all hard drive activity.

Full Access