Guidance Software GD0-100 Exam Questions Free Practice Test

Viewing page 4 out of 6 pages

Viewing questions 31-40 out of questions

Questions # 31:

What are the EnCase configuration .ini files used for?

Options:

Storing information that will be available to EnCase each time it is opened, regardless of the active case(s).

Storing the results of a signature analysis.

Storing information that is specific to a particular case.

Storing pointers to acquired evidence.

Expert Solution

Questions # 32:

Which of the following statements is more accurate?

Options:

The Recycle Bin increases the chance of locating the existence of a file on a computer.

The Recycle Bin reduces the chance of locating the existence of a file on a computer.

Expert Solution

Questions # 33:

This question addresses the EnCase for Windows search process. If a target word is within a logical file, and it begins in cluster 10 and ends in cluster 15 (the word is fragmented), the search:

Options:

Will not find it unlessile slack is checked on the search dialog box.

Will find it because EnCase performs a logical search.

Will not find it because EnCase performs a physical search only.

Will not find it because the letters of the keyword are not contiguous.

Expert Solution

Questions # 34:

A suspect typed a file on his computer and saved it to a floppy diskette. The filename was MyNote.txt. You receive the floppy and the suspect computer. The suspect denies that the floppy disk belongs to him. You search the suspect computer and locate only the suspect? computer. The suspect denies that the floppy disk belongs to him. You search the suspect? computer and locate only the filename within a .LNK file. The .LNK file is located in the folder C:\Windows\Recent. How you would use the .LNK file to establish a connection between the file on the floppy diskette and the suspect computer? connection between the file on the floppy diskette and the suspect? computer?

Options:

Both a and b

The dates and time of the file found in the .LNK file, at file offset 28

The full path of the file, found in the .LNK file

The file signature found in the .LNK file

Expert Solution

Questions # 35:

RAM is an acronym for:

Options:

Random Addressable Memory

Relative Addressable Memory

Random Access Memory

Relative Address Memory

Expert Solution

Questions # 36:

Which of the following is found in the FileSignatures.ini configuration file

Options:

The results of a hash analysis

The information contained in the signature table

The results of a signature analysis

Pointers to an evidence file

Expert Solution

Questions # 37:

During the power-up sequence, which of the following happens first?

Options:

The boot sector is located on the hard drive.

Theower On Self-Test.? 7KH ? RZHU2Q6HOI7HVW

The floppy drive is checked for a diskette.

The BIOS on an add-in card is executed.

Expert Solution

Questions # 38:

The EnCase evidence file is best described as:

Options:

A clone of the source hard drive.

A sector-by-sector copy of the source hard drive written to the corresponding sectors of the target hard drive.

A bit stream image of the source hard drive written to a file, or several file segments.

A bit stream image of the source hard drive written to the corresponding sectors of the target hard drive.

Expert Solution

Questions # 39:

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. Bob@ [a-z]+.com

Options:

Bob@New zealand.com

Bob@My-Email.com

Bob@America.com

Bob@a-z.com

Expert Solution

Questions # 40:

The case file should be archived with the evidence files at the termination of a case.

Options:

True

False

Expert Solution

Viewing page 4 out of 6 pages

Viewing questions 31-40 out of questions

Pass the Guidance Software EnCE GD0-100 Questions and answers with CertsForce