1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-110
  5. Certification Exam for EnCE Outside North America Questions and Answers

Pass the Guidance Software EnCE GD0-110 Questions and answers with CertsForce

 Guidance Software Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 6 pages
Viewing questions 1-10 out of questions
Questions # 1:

During the power-up sequence, which of the following happens first?

Options:
A.

The boot sector is located on the hard drive.

B.

The power On Self-Test.

C.

The floppy drive is checked for a diskette.

D.

The BIOS on an add-in card is executed.

Expert Solution
Questions # 2:

Changing the filename of a file will change the hash value of the file.

Options:
A.

True

B.

False

Expert Solution
Questions # 3:

When a file is deleted in the FAT file system, what happens to the FAT?

Options:
A.

It is deleted as well.

B.

Nothing.

C.

The FAT entries for that file are marked as allocated.

D.

The FAT entries for that file are marked as available.

Expert Solution
Questions # 4:

If cases are worked on a lab drive in a secure room, without any cleaning of the contents of the drive, which of the following areas would be of most concern?

Options:
A.

Cross-contamination

B.

Storage

C.

Chain-of-custody

D.

There is no concern

Expert Solution
Questions # 5:

Search terms are case sensitive by default.

Options:
A.

True

B.

False

Expert Solution
Questions # 6:

In the EnCase environment, the term uxternal viewers is best described as:

Options:
A.

Programs that are exported out of an evidence file.

B.

Programs that are associated with EnCase to open specific file types.

C.

Any program that is loaded on the lab hard drive.

D.

Any program that will work with EnCase.

Expert Solution
Questions # 7:

All investigators using EnCase should run tests on the evidence file acquisition and verification process to:

Options:
A.

Further the investigator understanding of the evidence file.

B.

Give more weight to the investigator testimony in court.

C.

Insure that the investigator is using the proper method of acquisition.

D.

All of the above.

Expert Solution
Questions # 8:

The spool files that are created during a print job are __________ after the print job is completed.

Options:
A.

wiped

B.

deleted and wiped

C.

deleted

D.

moved

Expert Solution
Questions # 9:

Before utilizing an analysis technique on computer evidence, the investigator should:

Options:
A.

Be trained in the employment of the technique.

B.

Test the technique on simulated evidence in a controlled environment to confirm that the results are consistent.

C.

Both a and b.

D.

Neither a or b.

Expert Solution
Questions # 10:

The EnCase evidence file is best described as:

Options:
A.

A clone of the source hard drive.

B.

A sector-by-sector copy of the source hard drive written to the corresponding sectors of the target hard drive.

C.

A bit stream image of the source hard drive written to the corresponding sectors of the target hard drive.

D.

A bit stream image of the source hard drive written to a file, or several file segments.

Expert Solution
Viewing page 1 out of 6 pages
Viewing questions 1-10 out of questions