1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-110
  5. Certification Exam for EnCE Outside North America Questions and Answers

Pass the Guidance Software EnCE GD0-110 Questions and answers with CertsForce

 Guidance Software Exams      Go to Exam Detail      Get Premium Access
Viewing page 5 out of 6 pages
Viewing questions 41-50 out of questions
Questions # 41:

Which is the proper formula for determining the size in bytes of a hard drive that uses cylinders (C), heads (H), and sectors (S) geometry?

Options:
A.

C X H X S

B.

C X H + S

C.

C X H X S + 512

D.

C X H X S X 512

Expert Solution
Questions # 42:

Temp files created by EnCase are deleted when EnCase is properly closed.

Options:
A.

True

B.

False

Expert Solution
Questions # 43:

A signature analysis has been run on a case. The result ?*JPEG ?in the signature column means:

Options:
A.

The file signature is unknown and the file extension is JPEG.

B.

The file signature is unknown and the header is a JPEG.

C.

The file signature is a JPEG signature and the file extension is incorrect.

D.

None of the above.

Expert Solution
Questions # 44:

You are conducting an investigation and have encountered a computer that is running in the field. The operating system is Windows XP. A software program is currently running and is visible on the screen. You should:

Options:
A.

Photograph the screen and pull the plug from the back of the computer.

B.

Navigate through the program and see what the program is all about, then pull the plug.

C.

Pull the plug from the back of the computer.

D.

Pull the plug from the wall.

Expert Solution
Questions # 45:

EnCase can build a hash set of a selected group of files.

Options:
A.

True

B.

False

Expert Solution
Questions # 46:

A SCSI drive is pinned as a master when it is:

Options:
A.

The only drive on the computer.

B.

The primary of two drives connected to one cable.

C.

A SCSI drive is not pinned as a master.

D.

Whenever another drive is on the same cable and is pinned as a slave.

Expert Solution
Questions # 47:

When a drive letter is assigned to a logical volume, that information is temporarily written the volume boot record on the hard drive.

Options:
A.

True

B.

False

Expert Solution
Questions # 48:

Select the appropriate name for the highlighted area of the binary numbers.

Question # 48
Options:
A.

Word

B.

Nibble

C.

Bit

D.

Dword

E.

Byte

Expert Solution
Questions # 49:

Within EnCase, what is the purpose of the temp folder?

Options:
A.

This is the folder that will automatically store an evidence file when the acquisition is made in DOS.

B.

This is the folder that temporarily stores all bookmark and search results.

C.

This is the folder used to hold copies of files that are sent to external viewers.

D.

This is the folder that will be automatically selected when the copy/unerase feature is used.

Expert Solution
Questions # 50:

Using good forensic practices, when seizing a computer at a business running Windows 2000 Server you should:

Options:
A.

Shut it down normally.

B.

Pull the plug from the wall.

C.

Pull the plug from the back of the computer.

D.

Press the power button and hold it in.

Expert Solution
Viewing page 5 out of 6 pages
Viewing questions 41-50 out of questions