Month End Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-100 - Certification Exam For ENCE North America

Guidance Software GD0-100 Certification Exam For ENCE North America Exam Practice Test

Demo: 26 questions
Total 176 questions
Get GD0-100 Full Access Download GD0-100 PDF

Certification Exam For ENCE North America Questions and Answers

Question 1

RAM is tested during which phase of the power-up sequence?

Options:

A.

Pre-POST

B.

After POST

C.

During POST

D.

None of the above.

Question 2

The Windows 98 Start Menu has a selection called documents which displays a list of recently used files. Which of the following The Windows 98 Start Menu has a selection called documents which displays a list of recently used files. Which of the following folders contain those files?

Options:

A.

C:\Windows\History

B.

C:\Windows\Start menu\Documents

C.

C:\Windows\Documents

D.

C:\Windows\Recent

Question 3

In Unicode, one printed character is composed of ____ bytes of data.

Options:

A.

8

B.

4

C.

2

D.

1

Question 4

Search results are found in which of the following files? Select all that apply.

Options:

A.

The evidence file

B.

The configuration Searches.ini file

C.

The case file

Question 5

How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file has been written?

Options:

A.

EnCase writes a CRC value of the case information and verifies the CRC value when the evidence is added to a case.

B.

EnCase does not verify the case information and case information can be changed by the user as it becomes necessary.

C.

The .case file writes a CRC value for the case information and verifies it when the case is opened.

D.

EnCase writes an MD5 hash value for the entire evidence file, which includes the case information, and verifies the MD5 hash when the evidence is added to a case.

Question 6

RAM is an acronym for:

Options:

A.

Random Addressable Memory

B.

Relative Addressable Memory

C.

Random Access Memory

D.

Relative Address Memory

Question 7

A hash set would most accurately be described as:

Options:

A.

A group of hash libraries organized by category.

B.

A group of hash values that can be added to the hash library.

C.

A table of file headers and extensions.

D.

Botha and b.

Question 8

Assume that MyNote.txt was allocated to clusters 5, 9, and 11. Cluster 6, 7, and 8 belong to MyResume.doc. Both files have been deleted and the directory entry in the FAT file system for MyResume.doc has been overwritten. What clusters would EnCase use to undelete MyNote.txt?

Options:

A.

5,9,11

B.

5,6,7

C.

7,8,9

D.

6,7,8

Question 9

What files are reconfigured or deleted by EnCase during the creation of an EnCase boot disk?

Options:

A.

command.com

B.

autoexec.bat

C.

drvspace.bin

D.

io.sys

Question 10

By default, what color does EnCase use for the contents of a logical file

Options:

A.

Red

B.

Red on black

C.

Black

D.

Black on red

Question 11

When an EnCase user double-clicks on a valid .jpg file, that file is:

Options:

A.

Copied to the default export folder and opened by an associated program.

B.

Renamed to JPG_0001.jpg and copied to the default export folder.

C.

Copied to the EnCase specified temp folder and opened by an associated program.

D.

Opened by EnCase.

Question 12

A standard Windows 98 boot disk is acceptable for booting a suspect drive.

Options:

A.

True

B.

False

Question 13

By default, what color does EnCase use for slack?

Options:

A.

Black on red

B.

Red on black

C.

Red

D.

Black

Question 14

A hash library would most accurately be described as:

Options:

A.

A master table of file headers and extensions.

B.

A file containing hash values from one or more selected hash sets.

C.

Botha and b.

D.

A list of the all the MD5 hash values used to verify the evidence files.

Question 15

Within EnCase, clicking on Save on the toolbar affects what file(s)?

Options:

A.

All of the above

B.

The evidence files

C.

The open case file

D.

The configuration .ini files

Question 16

To later verify the contents of an evidence file 7RODWHUYHULI\WKHFRQWHQWVRIDQHYLGHQFHILOH

Options:

A.

EnCase writes a CRC value for every 64 sectors copied.

B.

EnCase writes a CRC value for every 128 sectors copied.

C.

EnCase writes an MD5 hash value every 64 sectors copied.

D.

EnCase writes an MD5 hash value for every 32 sectors copied.

Question 17

Within EnCase, you highlight a range of data within a file. The length indicator displays the value 30. How many bytes have you actually selected?

Options:

A.

30

B.

3

C.

60

D.

15

Question 18

How many clusters can a FAT 16 system address?

Options:

A.

65,536

B.

4,096

C.

268,435,456

D.

4,294,967,296

Question 19

In DOS and Windows, how many bytes are in one FAT directory entry?

Options:

A.

Variable

B.

32

C.

16

D.

64

E.

8

Question 20

Assume that MyNote.txt has been deleted. The FAT file system directory entry for that file has been overwritten.

The data for MyNote.txt is now:

Options:

A.

Overwritten

B.

Allocated

C.

Cross-linked

D.

Unallocated

Question 21

When an EnCase user double-clicks on a file within EnCase what determines the action that will result? Select all that apply

Options:

A.

The settings in the case file.

B.

The settings in the FileTypes.ini file.

C.

The setting in the evidence file.

Question 22

4 bits allows what number of possibilities?

Options:

A.

16

B.

4

C.

2

D.

8

Question 23

Temp files created by EnCase are deleted when EnCase is properly closed.

Options:

A.

True

B.

False

Question 24

How are the results of a signature analysis examined?

Options:

A.

By sorting on the category column in the Table view. By sorting on the category column in the Table view.

B.

By sorting on the signature column in the Table view. By sorting on the signature column in the Table view.

C.

By sorting on the hash sets column in the Table view. By sorting on the hash sets column in the Table view.

D.

By sorting on the hash library column in the Table view. By sorting on the hash library column in the Table view.

Question 25

The case file should be archived with the evidence files at the termination of a case.

Options:

A.

True

B.

False

Question 26

What are the EnCase configuration .ini files used for?

Options:

A.

Storing information that will be available to EnCase each time it is opened, regardless of the active case(s).

B.

Storing the results of a signature analysis.

C.

Storing information that is specific to a particular case.

D.

Storing pointers to acquired evidence.

Load More GD0-100 Questions
Demo: 26 questions
Total 176 questions
Get GD0-100 Full Access Download GD0-100 PDF