Easter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Certification Exam For ENCE North America Question and Answers

Certification Exam For ENCE North America

Last Update May 18, 2024
Total Questions : 176

We are offering FREE GD0-100 Guidance Software exam questions. All you do is to just go and sign up. Give your details, prepare GD0-100 free exam questions and then go for complete pool of Certification Exam For ENCE North America test questions that will help you more.

GD0-100 pdf

GD0-100 PDF

$35  $99.99
 Add to Cart
GD0-100 Engine

GD0-100 Testing Engine

$42  $119.99
 Add to Cart
GD0-100 PDF + Engine

GD0-100 PDF + Testing Engine

$56  $159.99
 Add to Cart
Questions 1

You are investigating a case of child pornography on a hard drive containing Windows XP. In the :\Documents and Settings\Bad You are investigating a case of child pornography on a hard drive containing Windows XP. In the C:\Documents and Settings\Bad Guy\Local Settings\Temporary Internet Files folder you find three images

of child pornography. You find no other copies of the images on the suspect hard drive, and you find no other copies of the filenames. What can be deduced from your findings?

Options:

A.  

The presence and location of the images is not strong evidence of possession.

B.  

The presence and location of the images is strong evidence of possession.

C.  

The presence and location of the images proves the images were intentionally downloaded.

D.  

Both a and c

Discussion 0
Questions 2

EnCase can build a hash set of a selected group of files.

Options:

A.  

True

B.  

False

Discussion 0
Questions 3

During the power-up sequence, which of the following happens first?

Options:

A.  

The boot sector is located on the hard drive.

B.  

Theower On Self-Test.? 7KH ? RZHU2Q6HOI7HVW

C.  

The floppy drive is checked for a diskette.

D.  

The BIOS on an add-in card is executed.

Discussion 0
Questions 4

The spool files that are created during a print job are __________ after the print job is completed.

Options:

A.  

moved

B.  

wiped

C.  

deleted and wiped

D.  

deleted

Discussion 0
Questions 5

You are at an incident scene and determine that a computer contains evidence as described in the search warrant. When you seize the computer, you should:

Options:

A.  

Record nothing to avoid inaccuracies that might jeopardize the use of the evidence.

B.  

Record the location that the computer was recovered from.

C.  

Record the identity of the person(s) involved in the seizure.

D.  

Record the date and time the computer was seized.

Discussion 0
Questions 6

In Windows, the file MyNote.txt is deleted from C Drive and is automatically sent to the Recycle Bin. The long filename was MyNote.txt and the short filename was MYNOTE.TXT. When viewing the Recycle Bin with EnCase, how will the long filename and MyNote.txt and the short filename was MYNOTE.TXT?

Options:

A.  

MyNote.txt, CD0.txt

B.  

MyNote.txt, DC0.txt

C.  

MyNote.del, DC1.del

D.  

MyNote.del, DC0.del

Discussion 0
Questions 7

Which of the following aspects of the EnCase evidence file can be changed during a reacquire of the evidence file?

Options:

A.  

The evidence number

B.  

The acquisition notes

C.  

The investigator name

D.  

None of the above

Discussion 0
Questions 8

When an EnCase user double-clicks on a file within EnCase what determines the action that will result? Select all that apply

Options:

A.  

The settings in the case file.

B.  

The settings in the FileTypes.ini file.

C.  

The setting in the evidence file.

Discussion 0
Questions 9

Select the appropriate name for the highlighted area of the binary numbers.

Options:

A.  

Byte

B.  

Dword

C.  

Bit

D.  

Word

E.  

Nibble

Discussion 0
Questions 10

If cases are worked on a lab drive in a secure room, without any cleaning of the contents of the drive, which of the following areas would be of most concern?

Options:

A.  

There is no concern

B.  

Cross-contamination

C.  

Chain-of-custody

D.  

Storage

Discussion 0
Questions 11

How does EnCase verify that the evidence file contains an exact copy of the suspect hard drive? How does

EnCase verify that the evidence file contains an exact copy of the suspect's hard drive?

Options:

A.  

By means of a CRC value of the suspect hard drive compared to a CRC value of the data stored in the evidence file.By means of a CRC value of the suspect? hard drive compared to a CRC value of the data stored in the evidence file.

B.  

By means of an MD5 hash of the suspect hard drive compared to an MD5 hash of the data stored in the evidence file.By means of an MD5 hash of the suspect? hard drive compared to an MD5 hash of the data stored in the evidence file.

C.  

By means of a CRC value of the evidence file itself.

D.  

By means of an MD5 hash value of the evidence file itself.

Discussion 0
Questions 12

Assume that MyNote.txt has been deleted. The FAT file system directory entry for that file has been overwritten.

The data for MyNote.txt is now:

Options:

A.  

Overwritten

B.  

Allocated

C.  

Cross-linked

D.  

Unallocated

Discussion 0
Questions 13

In the FAT file system, the size of a deleted file can be found:

Options:

A.  

In the FAT

B.  

In the directory entry

C.  

In the file footer

D.  

In the file header

Discussion 0
Questions 14

A file extension and signature can be manually added by:

Options:

A.  

Using the new library feature under hash libraries.

B.  

Right-clicking on a file and selecting dd.?

C.  

Using the new set feature under hash sets.

D.  

Using the new file signature feature under file signatures.

Discussion 0
Questions 15

If a hard drive is left in a room while acquiring, and several persons have access to that room, which of the following areas would be of most concern?

Options:

A.  

Storage

B.  

There is no concern

C.  

Cross-contamination

D.  

Chain-of-custody

Discussion 0
Questions 16

In DOS acquisition mode, if a physical drive is detected, but no partition information is displayed, what would be the cause:

Options:

A.  

Both a and b

B.  

The partition scheme is not recognized by DOS.

C.  

Neither a or b

D.  

There are no partitions present.

Discussion 0
Questions 17

The temporary folder of a case cannot be changed once it has been set.

Options:

A.  

False

B.  

True

Discussion 0
Questions 18

A logical file would be best described as:

Options:

A.  

The data taken from the starting cluster to the end of the last cluster that is occupied by the file.

B.  

A file including any RAM and disk slack.

C.  

A file including only RAM slack.

D.  

The data from the beginning of the starting cluster to the length of the file.

Discussion 0
Questions 19

Changing the filename of a file will change the hash value of the file.

Options:

A.  

True

B.  

False

Discussion 0
Questions 20

A case file can contain ____ hard drive images?

Options:

A.  

5

B.  

1

C.  

any number of

D.  

10

Discussion 0
Questions 21

Within EnCase, clicking on Save on the toolbar affects what file(s)?

Options:

A.  

All of the above

B.  

The evidence files

C.  

The open case file

D.  

The configuration .ini files

Discussion 0
Questions 22

The Unicode system can address ____ characters?

Options:

A.  

65,536

B.  

16,384

C.  

256

D.  

1024

Discussion 0
Questions 23

A FAT directory has as a logical size of:

Options:

A.  

0 bytes

B.  

One cluster

C.  

128 bytes

D.  

64 bytes

Discussion 0
Questions 24

To generate an MD5 hash value for a file, EnCase:

Options:

A.  

Computes the hash value including the logical file and filename.

B.  

Computes the hash value including the physical file and filename.

C.  

Computes the hash value based on the logical file.

D.  

Computes the hash value based on the physical file.

Discussion 0
Questions 25

The case number in an evidence file can be changed without causing the verification feature to report an error, if:

Options:

A.  

The user utilizes a text editor.

B.  

The case information cannot be changed in an evidence file, without causing the verification feature to report an error.

C.  

The user utilizes the case information editor within EnCase.

D.  

The evidence file is reacquired.

Discussion 0
Questions 26

The BIOS chip on an IBM clone computer is most commonly located on:

Options:

A.  

The RAM chip

B.  

The controller card

C.  

The motherboard

D.  

The microprocessor

Discussion 0
GD0-100 Questions Answers | GD0-100 Test Prep | Certification Exam For ENCE North America Questions PDF | GD0-100 Online Exam | GD0-100 Practice Test | GD0-100 PDF | GD0-100 Test Questions | GD0-100 Study Material | GD0-100 Exam Preparation | GD0-100 Valid Dumps | GD0-100 Real Questions | EnCE GD0-100 Exam Questions