Labour Day Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia
  1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-100
  5. Certification Exam For ENCE North America Questions and Answers

GD0-100 Sample Questions Answers

Questions 4

The EnCase methodology dictates that the lab drive for evidence have a __________ prior to making an image.

Options:

A.

FAT 16 partition

B.

NTFS partition

C.

unique volume label

D.

bare, unused partition

Buy Now
Questions 5

The MD5 hash algorithm produces a _____ number.

Options:

A.

32 bit

B.

256 bit

C.

64 bit

D.

128 bit

Buy Now
Questions 6

EnCase can build a hash set of a selected group of files.

Options:

A.

True

B.

False

Buy Now
Questions 7

The boot partition table found at the beginning of a hard drive is located in what sector?

Options:

A.

Volume boot sector

B.

Master boot record

C.

Master file table

D.

Volume boot record

Buy Now
Questions 8

Pressing the power button on a computer that is running could have which of the following results?

Options:

A.

The computer will instantly shut off.

B.

The computer will go into stand-by mode.

C.

Nothing will happen.

D.

All of the above could happen.

E.

The operating system will shut down normally.

Buy Now
Questions 9

If a hash analysis is run on a case, EnCase:

Options:

A.

Will compute a hash value of the evidence file and begin a verification process.

B.

Will generate a hash set for every file in the case.

C.

Will compare the hash value of the files in the case to the hash library.

D.

Will create a hash set to the user specifications. Will create a hash set to the user?specifications.

Buy Now
Questions 10

An Enhanced Metafile would best be described as:

Options:

A.

A compressed zip file.

B.

A graphics file attached to an e-mail message.

C.

A compound e-mail attachment.

D.

A file format used in the printing process by Windows.

Buy Now
Questions 11

By default, EnCase will display the data from the end of a logical file, to the end of the cluster, in what color:

Options:

A.

Red

B.

Red on black

C.

Black on red

D.

Black

Buy Now
Questions 12

A signature analysis has been run on a case. The result "Bad Signature " means:

Options:

A.

The file signature is known and does not match a known file header.

B.

The file signature is known and the file extension is known.

C.

The file signature is known and does not match a known file extension.

D.

The file signature is unknown and the file extension is known.

Buy Now
Questions 13

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. 800[) \-]+555-1212

Options:

A.

(800) 555-1212

B.

800-555 1212

C.

8005551212

D.

800.555.1212

Buy Now
Questions 14

The default export folder remains the same for all cases.

Options:

A.

True

B.

False

Buy Now
Questions 15

What information should be obtained from the BIOS during computer forensic investigations?

Options:

A.

The video caching information

B.

The date and time

C.

The port assigned to the serial port

D.

The boot sequence

Buy Now
Questions 16

The EnCase signature analysis is used to perform which of the following actions?

Options:

A.

Analyzing the relationship of a file signature to its file extension.Analyzing the relationship of a file signature to its file extension.

B.

Analyzing the relationship of a file signature to its file header.Analyzing the relationship of a file signature to its file header.

C.

Analyzing the relationship of a file signature to a list of hash sets.Analyzing the relationship of a file signature to a list of hash sets.

D.

Analyzing the relationship of a file signature to its computed MD5 hash value.Analyzing the relationship of a file signature to its computed MD5 hash value.

Buy Now
Questions 17

A signature analysis has been run on a case. The result ?*JPEG ?in the signature column means:

Options:

A.

The file signature is unknown and the header is a JPEG.

B.

The file signature is a JPEG signature and the file extension is incorrect.

C.

The file signature is unknown and the file extension is JPEG.

D.

None of the above.

Buy Now
Questions 18

If cluster #3552 entry in the FAT table contains a value of ?? this would mean:

Options:

A.

The cluster is unallocated

B.

The cluster is the end of a file

C.

The cluster is allocated

D.

The cluster is marked bad

Buy Now
Questions 19

A SCSI host adapter would most likely perform which of the following tasks?

Options:

A.

Configure the motherboard settings to the BIOS.

B.

Set up the connection of IDE hard drives.

C.

Make SCSI hard drives and other SCSI devices accessible to the operating system.

D.

None of the above.

Buy Now
Questions 20

Which statement would most accurately describe a motherboard?

Options:

A.

An add-in card that handles allRAM.

B.

Any circuit board, regardless of its function.

C.

The main circuit board that has slots for the microprocessor, RAM, ROM, and add-in cards.

D.

An add-in card that controls all hard drive activity.

Buy Now
Questions 21

Search terms are stored in what .ini configuration file

Options:

A.

FileSignatures.ini

B.

Keywords.ini

C.

TextStyle.ini

D.

FileTypes.ini

Buy Now
Questions 22

Hash libraries are commonly used to:

Options:

A.

Compare a file header to a file extension.

B.

Identify files that are already known to the user.

C.

Compare one hash set with another hash set.

D.

Verify the evidence file.

Buy Now
Questions 23

In Windows, the file MyNote.txt is deleted from C Drive and is automatically sent to the Recycle Bin. The long filename was MyNote.txt and the short filename was MYNOTE.TXT. When viewing the Recycle Bin with EnCase, how will the long filename and MyNote.txt and the short filename was MYNOTE.TXT?

Options:

A.

MyNote.txt, CD0.txt

B.

MyNote.txt, DC0.txt

C.

MyNote.del, DC1.del

D.

MyNote.del, DC0.del

Buy Now
Questions 24

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result.[\x00-\x05]\x00\x00?>[?[@?[?[?[

Options:

A.

FF 0000 00 00 FF BA

B.

0000 00 01 FF FF BA

C.

04 06 0000 00 FF FF BA

D.

04 0000 00 FF FF BA

Buy Now
Questions 25

The FAT in the File Allocation Table file system keeps track of:

Options:

A.

File fragmentation

B.

Clusters marked as bad

C.

Every addressable cluster on the partition

D.

All of the above.

Buy Now
Questions 26

Select the appropriate name for the highlighted area of the binary numbers.

Options:

A.

Bit

B.

Nibble

C.

Word

D.

Dword

E.

Byte

Buy Now
Exam Code: GD0-100
Exam Name: Certification Exam For ENCE North America
Last Update: May 1, 2024
Questions: 176
$64  $159.99
$48  $119.99
$40  $99.99
buy now GD0-100