1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-100
  5. Certification Exam For ENCE North America Questions and Answers

Pass the Guidance Software EnCE GD0-100 Questions and answers with CertsForce

 Guidance Software Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 6 pages
Viewing questions 21-30 out of questions
Questions # 21:

How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file has been written?

Options:
A.

EnCase writes a CRC value of the case information and verifies the CRC value when the evidence is added to a case.

B.

EnCase does not verify the case information and case information can be changed by the user as it becomes necessary.

C.

The .case file writes a CRC value for the case information and verifies it when the case is opened.

D.

EnCase writes an MD5 hash value for the entire evidence file, which includes the case information, and verifies the MD5 hash when the evidence is added to a case.

Expert Solution
Questions # 22:

In hexadecimal notation, one byte is represented by _____ character(s).

Options:
A.

2

B.

1

C.

8

D.

4

Expert Solution
Questions # 23:

When a file is deleted in the FAT file system, what happens to the FAT?

Options:
A.

The FAT entries for that file are marked as allocated.

B.

Nothing.

C.

It is deleted as well.

D.

The FAT entries for that file are marked as available.

Expert Solution
Questions # 24:

GREP terms are automatically recognized as GREP by EnCase.

Options:
A.

True

B.

False

Expert Solution
Questions # 25:

The acronym ASCII stands for:

Options:
A.

American Standard Communication Information Index

B.

American Standard Code for Information Interchange

C.

Accepted Standard Code for Information Interchange

D.

Accepted Standard Communication Information Index

Expert Solution
Questions # 26:

A logical file would be best described as:

Options:
A.

The data taken from the starting cluster to the end of the last cluster that is occupied by the file.

B.

A file including any RAM and disk slack.

C.

A file including only RAM slack.

D.

The data from the beginning of the starting cluster to the length of the file.

Expert Solution
Questions # 27:

By default, EnCase will display the data from the end of a logical file, to the end of the cluster, in what color:

Options:
A.

Red

B.

Red on black

C.

Black on red

D.

Black

Expert Solution
Questions # 28:

How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file has been written?

Options:
A.

a search of the physical disk in unallocated clusters and other unused disk areas

B.

a search of the logical files

C.

both a and b

D.

None of the above

Expert Solution
Questions # 29:

The first sector on a hard drive is called the:

Options:
A.

Master file table

B.

Master boot record

C.

Volume boot record

D.

Volume boot sector

Expert Solution
Questions # 30:

Pressing the power button on a computer that is running could have which of the following results?

Options:
A.

The computer will instantly shut off.

B.

The computer will go into stand-by mode.

C.

Nothing will happen.

D.

All of the above could happen.

E.

The operating system will shut down normally.

Expert Solution
Viewing page 3 out of 6 pages
Viewing questions 21-30 out of questions