Labour Day Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

GD0-100 PDF

$38.5

$109.99

3 Months Free Update

Add to Cart
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

GD0-100 PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

Add to Cart
  • Exam Name: Certification Exam For ENCE North America
  • Last Update: Apr 30, 2024
  • Questions and Answers: 176
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

GD0-100 Engine

$46.2

$131.99

3 Months Free Update

Add to Cart
  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

GD0-100 Practice Exam Questions with Answers Certification Exam For ENCE North America Certification

Question # 6

Two allocated files can occupy one cluster, as long as they can both fit within the allotted number of bytes.

A.

True

B.

False

Full Access
Question # 7

The case file should be archived with the evidence files at the termination of a case.

A.

True

B.

False

Full Access
Question # 8

You are at an incident scene and determine that a computer contains evidence as described in the search warrant. When you seize the computer, you should:

A.

Record nothing to avoid inaccuracies that might jeopardize the use of the evidence.

B.

Record the location that the computer was recovered from.

C.

Record the identity of the person(s) involved in the seizure.

D.

Record the date and time the computer was seized.

Full Access
Question # 9

Search terms are case sensitive by default.

A.

False

B.

True

Full Access
Question # 10

When a file is deleted in the FAT file system, what happens to the FAT?

A.

The FAT entries for that file are marked as allocated.

B.

Nothing.

C.

It is deleted as well.

D.

The FAT entries for that file are marked as available.

Full Access
Question # 11

A FAT directory has as a logical size of:

A.

0 bytes

B.

One cluster

C.

128 bytes

D.

64 bytes

Full Access
Question # 12

To undelete a file in the FAT file system, EnCase obtains the starting extent from the:

A.

Directory entry

B.

FAT

C.

Operating system

D.

File header

Full Access
Question # 13

A case file can contain ____ hard drive images?

A.

5

B.

1

C.

any number of

D.

10

Full Access
Question # 14

You are an investigator and have encountered a computer that is running at the home of a suspect. The computer does not appear to be a part of a network. The operating system is Windows XP Home. No programs are visibly running. You should:

A.

Pull the plug from the back of the computer.

B.

Turn it off with the power button.

C.

Pull the plug from the wall.

D.

Shut it down with the start menu.

Full Access
Question # 15

The spool files that are created during a print job are __________ after the print job is completed.

A.

moved

B.

wiped

C.

deleted and wiped

D.

deleted

Full Access
Question # 16

An Enhanced Metafile would best be described as:

A.

A compressed zip file.

B.

A graphics file attached to an e-mail message.

C.

A compound e-mail attachment.

D.

A file format used in the printing process by Windows.

Full Access
Question # 17

The EnCase methodology dictates that the lab drive for evidence have a __________ prior to making an image.

A.

FAT 16 partition

B.

NTFS partition

C.

unique volume label

D.

bare, unused partition

Full Access
Question # 18

When Unicode is selected for a search keyword, EnCase:

A.

Will find the keyword if it is either Unicode or ASCII.

B.

Unicode is not a search option for EnCase.

C.

Will only find the keyword if it is Unicode.

D.

None of the above.

Full Access
Question # 19

GREP terms are automatically recognized as GREP by EnCase.

A.

True

B.

False

Full Access
Question # 20

How many copies of the FAT are located on a FAT 32, Windows 98-formatted partition?

A.

2

B.

3

C.

1

D.

4

Full Access
Question # 21

The first sector on a volume is called the:

A.

Master file table

B.

Volume boot device

C.

Volume boot sector or record

D.

Master boot record

Full Access
Question # 22

How many partitions can be found in the boot partition table found at the beginning of the drive?

A.

8

B.

4

C.

6

D.

2

Full Access
Question # 23

When a drive letter is assigned to a logical volume, that information is temporarily written the volume boot record on the hard drive.

A.

True

B.

False

Full Access
Question # 24

The end of a logical file to the end of the cluster that the file ends in is called:

A.

Allocated space

B.

Slack

C.

Unallocated space

D.

Available space

Full Access
Question # 25

A hard drive has been formatted as NTFS and Windows XP was installed. The user used fdisk to remove all partitions from that drive. Nothing else was done. You have imaged the drive and have opened the evidence file with EnCase. What would be the best way to examine this hard drive?

A.

Use the add Partition feature to rebuild the partition and then examine the system. Use the add Partition feature to rebuild the partition and then examine the system.

B.

EnCase will not see a drive that has beenfdisked.

C.

Conduct a physical search of the hard drive and bookmark any evidence.

D.

Use the Recovered Deleted Partitions feature and then examine the system.

Full Access
Question # 26

Consider the following path in a FAT file system:

A.

From the My Pictures directory

B.

From the My Documents directory

C.

From the root directory c:\

D.

From itself

Full Access