Labour Day Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-110 - Certification Exam for EnCE Outside North America

GD0-110 Exam Dumps - Certification Exam for EnCE Outside North America

Question # 4

When a non-compressed evidence file is reacquired with compression, the acquisition and verification hash values for the evidence will remain the same for both files.

A.

True

B.

False

Full Access
Question # 5

A SCSI host adapter would most likely perform which of the following tasks?

A.

Make SCSI hard drives and other SCSI devices accessible to the operating system.

B.

Configure the motherboard settings to the BIOS.

C.

Set up the connection of IDE hard drives.

D.

None of the above.

Full Access
Question # 6

EnCase can build a hash set of a selected group of files.

A.

True

B.

False

Full Access
Question # 7

Bookmarks are stored in which of the following files?

A.

The case file

B.

The configuration Bookmarks.ini file

C.

The evidence file

D.

All of the above

Full Access
Question # 8

Temp files created by EnCase are deleted when EnCase is properly closed.

A.

True

B.

False

Full Access
Question # 9

An EnCase evidence file of a hard drive ________ be restored to another hard drive of equal or greater size.

A.

can

B.

cannot

Full Access
Question # 10

How many partitions can be found in the boot partition table found at the beginning of the drive?

A.

2

B.

4

C.

6

D.

8

Full Access
Question # 11

The boot partition table found at the beginning of a hard drive is located in what sector?

A.

Volume boot record

B.

Master boot record

C.

Master file table

D.

Volume boot sector

Full Access
Question # 12

Assume that MyNote.txt has been deleted. The FAT file system directory entry for that file has been overwritten. The data for MyNote.txt is now:

A.

Allocated

B.

Overwritten

C.

Unallocated

D.

Cross-linked

Full Access
Question # 13

RAM is used by the computer to:

A.

Permanently store electronic data.

B.

Execute the POST during start-up.

C.

Temporarily store electronic data that is being processed.

D.

Establish a connection with external devices.

Full Access
Question # 14

An evidence file can be moved to another directory without changing the file verification.

A.

True

B.

False

Full Access
Question # 15

What files are reconfigured or deleted by EnCase during the creation of an EnCase boot disk?

A.

command.com

B.

io.sys

C.

drvspace.bin

D.

autoexec.bat

Full Access
Question # 16

A FAT directory has as a logical size of:

A.

0 bytes

B.

64 bytes

C.

128 bytes

D.

One cluster

Full Access
Question # 17

A hash set would most accurately be described as:

A.

A group of hash libraries organized by category.

B.

A table of file headers and extensions.

C.

A group of hash values that can be added to the hash library.

D.

Both a and b.

Full Access
Question # 18

When an EnCase user double-clicks on a valid .jpg file, that file is:

A.

Copied to the EnCase specified temp folder and opened by an associated program.

B.

Copied to the default export folder and opened by an associated program.

C.

Opened by EnCase.

D.

Renamed to JPG_0001.jpg and copied to the default export folder.

Full Access
Question # 19

When a file is deleted in the FAT or NTFS file systems, what happens to the data on the hard drive?

A.

It is overwritten with zeroes.

B.

It is moved to a special area.

C.

Nothing.

D.

The file header is marked with a Sigma so the file is not recognized by the operating system.

Full Access
Question # 20

A hash library would most accurately be described as:

A.

A file containing hash values from one or more selected hash sets.

B.

A master table of file headers and extensions.

C.

A list of the all the MD5 hash values used to verify the evidence files.

D.

Both a and b.

Full Access
Question # 21

Pressing the power button on a computer that is running could have which of the following results?

A.

The operating system will shut down normally.

B.

The computer will instantly shut off.

C.

The computer will go into stand-by mode.

D.

Nothing will happen.

E.

All of the above could happen.

Full Access
Question # 22

You are at an incident scene and determine that a computer contains evidence as described in the search warrant. When you seize the computer, you should:

A.

Record the location that the computer was recovered from.

B.

Record the identity of the person(s) involved in the seizure.

C.

Record the date and time the computer was seized.

D.

Record nothing to avoid inaccuracies that might jeopardize the use of the evidence.

Full Access
Question # 23

Select the appropriate name for the highlighted area of the binary numbers.

A.

Word

B.

Nibble

C.

Bit

D.

Dword

E.

Byte

Full Access
Question # 24

A physical file size is:

A.

The total size in bytes of a logical file.

B.

The total size in sectors of an allocated file.

C.

The total size of all the clusters used by the file measured in bytes.

D.

The total size of the file including the ram slack in bytes.

Full Access
Question # 25

The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. credit card

A.

Credit

B.

Card

C.

Credit Card

D.

credit card

Full Access
Question # 26

The default export folder remains the same for all cases.

A.

True

B.

False

Full Access

Hot Exams

ADM-201 Dumps
Sales-Cloud-Consultant Dumps
PCNSE Dumps
Service-Cloud-Consultant Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
Associate-Cloud-Engineer Dumps
350-701 Dumps
AZ-104 Dumps
CKA Dumps
SY0-601 Dumps
NCSE-Core Dumps