Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

GD0-100 Certification Exam For ENCE North America Questions and Answers

Questions 4

A case file can contain ____ hard drive images?

Options:

A.

5

B.

1

C.

any number of

D.

10

Buy Now
Questions 5

The spool files that are created during a print job are __________ after the print job is completed.

Options:

A.

moved

B.

wiped

C.

deleted and wiped

D.

deleted

Buy Now
Questions 6

When a drive letter is assigned to a logical volume, that information is temporarily written the volume boot record on the hard drive.

Options:

A.

True

B.

False

Buy Now
Questions 7

Which of the following would be a true statement about the function of the BIOS?

Options:

A.

The BIOS integrates compressed executable files with memory addresses for faster execution.

B.

The BIOS is responsible for checking and configuring the system after the power is turned on.

C.

The BIOS is responsible for swapping out memory pages when RAM fills up.

D.

Both a and c.

Buy Now
Questions 8

For an EnCase evidence file acquired with a hash value to pass verification, which of the following must be true?

Options:

A.

The MD5 hash value must verify.

B.

The CRC values must verify.

C.

The CRC values and the MD5 hash value both must verify.

D.

Either the CRC or MD5 hash values must verify.

Buy Now
Questions 9

What does the acronym BIOS stand for?

Options:

A.

Basic Integrated Operating System

B.

Basic Input/Output System

C.

Binary Input/Output System

D.

Binary Integrated Operating System

Buy Now
Questions 10

Calls to the C:\ volume of the hard drive are not made by DOS when a computer is booted with a standard DOS 6.22 boot disk.

Options:

A.

False

B.

True

Buy Now
Questions 11

Before utilizing an analysis technique on computer evidence, the investigator should:

Options:

A.

Test the technique on simulated evidence in a controlled environment to confirm that the results are consistent.

B.

Be trained in the employment of the technique.

C.

Botha and b.

D.

Neithera or b.

Buy Now
Questions 12

How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file has been written?

Options:

A.

EnCase writes a CRC value of the case information and verifies the CRC value when the evidence is added to a case.

B.

EnCase does not verify the case information and case information can be changed by the user as it becomes necessary.

C.

The .case file writes a CRC value for the case information and verifies it when the case is opened.

D.

EnCase writes an MD5 hash value for the entire evidence file, which includes the case information, and verifies the MD5 hash when the evidence is added to a case.

Buy Now
Questions 13

To undelete a file in the FAT file system, EnCase computes the number of _______ the file will use based on the file ______.

Options:

A.

Clusters;starting extent

B.

Sectors;starting extent

C.

Clusters;file size

D.

Sectors;file size

Buy Now
Questions 14

You are working in a computer forensic lab. A law enforcement investigator brings you a computer and a valid search warrant. You have legal authority to search the computer. The investigator hands you a piece of paper that has three printed checks on it. All three checks have the same check and account number. You image the suspect computer and open the evidence file with EnCase. You checks have the same check and account number. You image the suspect's computer and open the evidence file with EnCase. You perform a text search for the account number and check number. Nothing returns on the search results. You perform a text search for all other information found on the printed checks and there is still nothing returned in the search results. You run a signature analysis and check the gallery. You cannot locate any graphical copies of the printed checks in the gallery. At this point, is it safe to say that the checks are not located on the suspect computer?

Options:

A.

No. The images could be located a compressed file.

B.

No. The images could be embedded in a document.

C.

No. The images could be in unallocated clusters.

D.

No. The images could be in an image format not viewable inside EnCase.

E.

All of the above.

Buy Now
Questions 15

In Unicode, one printed character is composed of ____ bytes of data.

Options:

A.

8

B.

4

C.

2

D.

1

Buy Now
Questions 16

The MD5 hash algorithm produces a _____ number.

Options:

A.

32 bit

B.

256 bit

C.

64 bit

D.

128 bit

Buy Now
Questions 17

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. [^a-z] Tom[^a-z]

Options:

A.

Tomato

B.

om? ? RP

C.

Toms

D.

Stomp

Buy Now
Questions 18

Select the appropriate name for the highlighted area of the binary numbers.

Options:

A.

Bit

B.

Nibble

C.

Word

D.

Dword

E.

Byte

Buy Now
Questions 19

The EnCase signature analysis is used to perform which of the following actions?

Options:

A.

Analyzing the relationship of a file signature to its file extension.Analyzing the relationship of a file signature to its file extension.

B.

Analyzing the relationship of a file signature to its file header.Analyzing the relationship of a file signature to its file header.

C.

Analyzing the relationship of a file signature to a list of hash sets.Analyzing the relationship of a file signature to a list of hash sets.

D.

Analyzing the relationship of a file signature to its computed MD5 hash value.Analyzing the relationship of a file signature to its computed MD5 hash value.

Buy Now
Questions 20

The EnCase case file can be best described as:

Options:

A.

The file that runs EnCase for Windows.

B.

A filecontain configuration settings for cases.

C.

None of the above.

D.

A file that contains information specific to one case.

Buy Now
Questions 21

Creating an image of a hard drive that was seized as evidence:

Options:

A.

May be done by anyone because it is a relatively simple procedure.

B.

May only be done by trained personnel because the process has the potential to alter the original evidence.

C.

May only be done by computer scientists.

D.

Should be done by the user, as they are most familiar with the hard drive.

Buy Now
Questions 22

When a file is deleted in the FAT or NTFS file systems, what happens to the data on the hard drive?

Options:

A.

Nothing

B.

It is moved to a special area.

C.

It is overwritten with zeroes.

D.

The file header is marked with a Sigma so the file is not recognized by the operating system.

Buy Now
Questions 23

The EnCase evidence file is best described as:

Options:

A.

A clone of the source hard drive.

B.

A sector-by-sector copy of the source hard drive written to the corresponding sectors of the target hard drive.

C.

A bit stream image of the source hard drive written to a file, or several file segments.

D.

A bit stream image of the source hard drive written to the corresponding sectors of the target hard drive.

Buy Now
Questions 24

In DOS and Windows, how many bytes are in one FAT directory entry?

Options:

A.

Variable

B.

32

C.

16

D.

64

E.

8

Buy Now
Questions 25

Pressing the power button on a computer that is running could have which of the following results?

Options:

A.

The computer will instantly shut off.

B.

The computer will go into stand-by mode.

C.

Nothing will happen.

D.

All of the above could happen.

E.

The operating system will shut down normally.

Buy Now
Questions 26

A FAT directory has as a logical size of:

Options:

A.

0 bytes

B.

One cluster

C.

128 bytes

D.

64 bytes

Buy Now
Exam Code: GD0-100
Exam Name: Certification Exam For ENCE North America
Last Update: Nov 23, 2024
Questions: 176
GD0-100 pdf

GD0-100 PDF

$25.5  $84.99
 Add to Cart
GD0-100 Engine

GD0-100 Testing Engine

$30  $99.99
 Add to Cart
GD0-100 PDF + Engine

GD0-100 PDF + Testing Engine

$40.5  $134.99
 Add to Cart