1. Home
  2. AccessData
  3. AccessData Certification
  4. A30-327
  5. AccessData Certified Examiner Questions and Answers

Pass the AccessData AccessData Certification A30-327 Questions and answers with CertsForce

 AccessData Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

In Registry Viewer, which steps initiate the Hex Interpreter?

Options:
A.

highlight the data and select the Hex Value Interpreter tab

B.

highlight the data, right-click on the highlighted data and select the Show Hex Interpreter

Window

C.

select the Hex Value Interpreter tab, highlight the data, right-click on the data to initiate the

Hex Interpreter

D.

right-click on the data area and select the Show Hex Interpreter Window and highlight the

data you want to interpret

Questions # 2:

Click the Exhibit button.

Question # 2

What change do you make to the file filter shown in the exhibit in order to show only graphics with a logical size between 500 kilobytes and 10 megabytes?

Options:
A.

You change all file status items to a red circle.

B.

You change all file status items to a yellow triangle.

C.

You make no change. The filter is correct as shown.

D.

You change Graphics in the File Type column to a yellow triangle.

Questions # 3:

How can you use FTK Imager to obtain registry files from a live system?

Options:
A.

You use the Export Files option.

B.

You use the Advanced Recovery option.

C.

Registry files cannot be exported from a live system.

D.

You use the Protected Storage System Provider option.

Questions # 4:

You currently store alternate hash libraries on a remote server. Where do you configure FTK to access these files rather than the default library, ADKFFLibrary.hdb?

Options:
A.

Preferences

B.

User Options

C.

Analysis Tools

D.

Import KFF Hashes

Questions # 5:

What are two functions of the Summary Report in Registry Viewer? (Choose two.)

Options:
A.

adds individual key values

B.

is a template for other registry files

C.

displays investigator keyword search results

D.

permits searching of registry values based on key headers

Questions # 6:

In FTK, when you view the Total File Items container (rather than the Actual Files container), why are there more items than files?

Options:
A.

Total File Items includes files that are in archive files, while Actual Files does not.

B.

Total File Items includes all unfiltered files while Actual Files includes only checked files.

C.

Total File Items includes all KFF Ignorables while Actual Files includes only the KFF

Alerts.

D.

Total File Items includes files that are in the Graphics and E-Mail tabs, while Actual Files

only includes files in the Graphics tab while excluding attachments in the E-mail tab.

Questions # 7:

Which two options are available in the FTK Report Wizard? (Choose two.)

Options:
A.

List by File Path

B.

List File Properties

C.

Include HTML File Listing

D.

Include PRTK Output List

Questions # 8:

Which pattern does the following regular expression recover?

(\d{4}[\- ]){3}\d{4}

Options:
A.

000-000-0000

B.

ddd-4-3-dddd-4-3

C.

000-00000-000-ABC

D.

0000-0000-0000-0000

Questions # 9:

In FTK, which tab provides specific information on the evidence items, file items, file status and file category?

Options:
A.

E-mail tab

B.

Explore tab

C.

Overview tab

D.

Graphics tab

Questions # 10:

What are three image file formats that can be read by FTK Imager? (Choose three.)

Options:
A.

E01 files

B.

raw (dd) image files

C.

SafeBack version 2.2 image files

D.

SafeBack version 3.0 image files

E.

Symantec Ghost compressed image files

Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions