New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-110 - Certification Exam for EnCE Outside North America

Guidance Software GD0-110 Certification Exam for EnCE Outside North America Exam Practice Test

Page: 1 / 17
Total 174 questions
Get GD0-110 Full Access Download GD0-110 PDF

Certification Exam for EnCE Outside North America Questions and Answers

Question 1

RAM is used by the computer to:

Options:

A.

Permanently store electronic data.

B.

Execute the POST during start-up.

C.

Temporarily store electronic data that is being processed.

D.

Establish a connection with external devices.

Question 2

In Windows 98 and ME, Internet based e-mail, such as Hotmail, will most likely be recovered in the _____________________ folder.

Options:

A.

C:\Windows\Temp

B.

C:\Windows\Temporary Internet files

C.

C:\Windows\History\Email

D.

C:\Windows\Online\Applications\email

Question 3

What information in a FAT file system directory entry refers to the location of a file on the hard drive?

Options:

A.

The file size

B.

The file attributes

C.

The starting cluster

D.

The fragmentation settings

Question 4

Which of the following would be a true statement about the function of the BIOS?

Options:

A.

The BIOS is responsible for swapping out memory pages when RAM fills up.

B.

The BIOS is responsible for checking and configuring the system after the power is turned on.

C.

The BIOS integrates compressed executable files with memory addresses for faster execution.

D.

Both a and c.

Question 5

Select the appropriate name for the highlighted area of the binary numbers.

Question # 5

Options:

A.

Word

B.

Nibble

C.

Bit

D.

Dword

E.

Byte

Question 6

An Enhanced Metafile would best be described as:

Options:

A.

A file format used in the printing process by Windows.

B.

A compound e-mail attachment.

C.

A compressed zip file.

D.

A graphics file attached to an e-mail message.

Question 7

RAM is an acronym for:

Options:

A.

Random Access Memory

B.

Relative Address Memory

C.

Random Addressable Memory

D.

Relative Addressable Memory

Question 8

Search terms are stored in what .ini configuration file?

Options:

A.

FileTypes.ini

B.

FileSignatures.ini

C.

Keywords.ini

D.

TextStyle.ini

Question 9

When a file is deleted in the FAT or NTFS file systems, what happens to the data on the hard drive?

Options:

A.

It is overwritten with zeroes.

B.

It is moved to a special area.

C.

Nothing.

D.

The file header is marked with a Sigma so the file is not recognized by the operating system.

Question 10

Which of the following items could contain digital evidence?

Options:

A.

Cellular phones

B.

Digital cameras

C.

Personal assistant devices

D.

Credit card readers

Question 11

You are investigating a case of child pornography on a hard drive containing Windows XP. In the C:\Documents and Settings\Bad Guy\Local Settings\Temporary Internet Files folder you find three images of child pornography. You find no other copies of the images on the suspect hard drive, and you find no other copies of the filenames. What can be deduced from your findings?

Options:

A.

The presence and location of the images is strong evidence of possession.

B.

The presence and location of the images is not strong evidence of possession.

C.

The presence and location of the images proves the images were intentionally downloaded.

D.

Both a and c

Question 12

How many clusters can a FAT 16 system address?

Options:

A.

4,096

B.

65,536

C.

268,435,456

D.

4,294,967,296

Question 13

The temporary folder of a case cannot be changed once it has been set.

Options:

A.

True

B.

False

Question 14

EnCase is able to read and examine which of the following file systems?

Options:

A.

NTFS

B.

FAT

C.

EXT3

D.

HFS

Question 15

If cluster number 10 in the FAT contains the number 55, this means:

Options:

A.

That there is a cross-linked file.

B.

That cluster 10 is used and the file continues in cluster number 55.

C.

The cluster number 55 is the end of an allocated file.

D.

That the file starts in cluster number 55 and continues to cluster number 10.

Question 16

A hard drive has 8 sectors per cluster. File Mystuff.doc has a logical file size of 13,000 bytes. How many clusters will be used by Mystuff.doc?

Options:

A.

1

B.

2

C.

3

D.

4

Question 17

In DOS and Windows, how many bytes are in one FAT directory entry?

Options:

A.

8

B.

16

C.

32

D.

64

E.

Variable

Question 18

A hash set would most accurately be described as:

Options:

A.

A group of hash libraries organized by category.

B.

A table of file headers and extensions.

C.

A group of hash values that can be added to the hash library.

D.

Both a and b.

Question 19

When an EnCase user double-clicks on a valid .jpg file, that file is:

Options:

A.

Copied to the EnCase specified temp folder and opened by an associated program.

B.

Copied to the default export folder and opened by an associated program.

C.

Opened by EnCase.

D.

Renamed to JPG_0001.jpg and copied to the default export folder.

Question 20

An evidence file was archived onto five CD-Rom disks with the third file segment on disk number three. Can the contents of the third file segment be verified by itself while still on the CD?

Options:

A.

No. All file segments must be put back together.

B.

Yes. Any segment of an evidence file can be verified through re-computing and comparing the CRCs, even if it is on a CD.

C.

No. EnCase cannot verify files on CDs.

D.

No. Archived files are compressed and cannot be verified until un-archived.

Question 21

Creating an image of a hard drive that was seized as evidence:

Options:

A.

May be done by anyone because it is a relatively simple procedure.

B.

May only be done by trained personnel because the process has the potential to alter the original evidence.

C.

May only be done by computer scientists.

D.

Should be done by the user, as they are most familiar with the hard drive.

Question 22

When undeleting a file in the FAT file system, EnCase will check the _____________ to see if it has already been overwritten.

Options:

A.

directory entry

B.

FAT

C.

data on the hard drive

D.

deletion table

Question 23

By default, what color does EnCase use for slack?

Options:

A.

Black

B.

Red

C.

Black on red

D.

Red on black

Question 24

EnCase can build a hash set of a selected group of files.

Options:

A.

True

B.

False

Question 25

Select the appropriate name for the highlighted area of the binary numbers.

Question # 25

Options:

A.

Word

B.

Nibble

C.

Bit

D.

Dword

E.

Byte

Question 26

The default export folder remains the same for all cases.

Options:

A.

True

B.

False

Load More GD0-110 Questions 
Page: 1 / 17
Total 174 questions
Get GD0-110 Full Access Download GD0-110 PDF