Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Certensure Logo
  1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-110 - Certification Exam for EnCE Outside North America

Guidance Software GD0-110 Certification Exam for EnCE Outside North America Exam Practice Test

Demo: 26 questions
Total 174 questions
Get GD0-110 Full Access Download GD0-110 PDF

Certification Exam for EnCE Outside North America Questions and Answers

Question 1

The first sector on a volume is called the:

Options:

A.

Volume boot device

B.

Master boot record

C.

Master file table

D.

Volume boot sector or record

Question 2

ROM is an acronym for:

Options:

A.

Read Only Memory

B.

Random Open Memory

C.

Relative Open Memory

D.

Read Open Memory

Question 3

Select the appropriate name for the highlighted area of the binary numbers.

Options:

A.

Word

B.

Nibble

C.

Bit

D.

Dword

E.

Byte

Question 4

In hexadecimal notation, one byte is represented by _____ character(s).

Options:

A.

1

B.

2

C.

4

D.

8

Question 5

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. Bob@[a-z]+.com

Options:

A.

Bob@America.com

B.

Bob@New zealand.com

C.

Bob@a-z.com

D.

Bob@My-Email.com

Question 6

The BIOS chip on an IBM clone computer is most commonly located on:

Options:

A.

The motherboard

B.

The controller card

C.

The microprocessor

D.

The RAM chip

Question 7

What information should be obtained from the BIOS during computer forensic investigations?

Options:

A.

The video caching information

B.

The port assigned to the serial port

C.

The date and time

D.

The boot sequence

Question 8

The EnCase evidence file is best described as:

Options:

A.

A clone of the source hard drive.

B.

A sector-by-sector copy of the source hard drive written to the corresponding sectors of the target hard drive.

C.

A bit stream image of the source hard drive written to the corresponding sectors of the target hard drive.

D.

A bit stream image of the source hard drive written to a file, or several file segments.

Question 9

Select the appropriate name for the highlighted area of the binary numbers.

Options:

A.

Word

B.

Nibble

C.

Bit

D.

Dword

E.

Byte

Question 10

EnCase uses the _________________ to conduct a signature analysis.

Options:

A.

file signature table

B.

hash library

C.

file Viewers

D.

Both a and b

Question 11

If cluster #3552 entry in the FAT table contains a value of this would mean:

Options:

A.

The cluster is allocated

B.

The cluster is unallocated

C.

The cluster is marked bad

D.

The cluster is the end of a file

Question 12

How does EnCase verify that the evidence file contains an exact copy of the suspect hard drive?

Options:

A.

By means of an MD5 hash of the suspect hard drive compared to an MD5 hash of the data stored in the evidence file.

B.

By means of a CRC value of the suspect hard drive compared to a CRC value of the data stored in the evidence file.

C.

By means of an MD5 hash value of the evidence file itself.

D.

By means of a CRC value of the evidence file itself.

Question 13

When a drive letter is assigned to a logical volume, that information is temporarily written the volume boot record on the hard drive.

Options:

A.

True

B.

False

Question 14

The spool files that are created during a print job are __________ after the print job is completed.

Options:

A.

wiped

B.

deleted and wiped

C.

deleted

D.

moved

Question 15

The temporary folder of a case cannot be changed once it has been set.

Options:

A.

True

B.

False

Question 16

A standard DOS 6.22 boot disk is acceptable for booting a suspect drive.

Options:

A.

True

B.

False

Question 17

Which of the following would most likely be an add-in card?

Options:

A.

A motherboard

B.

The board that connects to the power supply

C.

A video card that is connected to the motherboard in the AGP slot

D.

Anything plugged into socket 7

Question 18

Pressing the power button on a computer that is running could have which of the following results?

Options:

A.

The operating system will shut down normally.

B.

The computer will instantly shut off.

C.

The computer will go into stand-by mode.

D.

Nothing will happen.

E.

All of the above could happen.

Question 19

When does the POST operation occur?

Options:

A.

When the power button to a computer is turned on.

B.

After a computer begins to boot from a device.

C.

When Windows starts up.

D.

When SCSI devices are configured.

Question 20

Which of the following selections is NOT found in the case file?

Options:

A.

External viewers

B.

Pointers to evidence files

C.

Signature analysis results

D.

Search results

Question 21

When an EnCase user double-clicks on a valid .jpg file, that file is:

Options:

A.

Copied to the EnCase specified temp folder and opened by an associated program.

B.

Copied to the default export folder and opened by an associated program.

C.

Opened by EnCase.

D.

Renamed to JPG_0001.jpg and copied to the default export folder.

Question 22

When Unicode is selected for a search keyword, EnCase:

Options:

A.

Will only find the keyword if it is Unicode.

B.

Will find the keyword if it is either Unicode or ASCII.

C.

Unicode is not a search option for EnCase.

D.

None of the above.

Question 23

How are the results of a signature analysis examined?

Options:

A.

By sorting on the signature column in the table view.

B.

By sorting on the hash library column in the table view.

C.

By sorting on the hash sets column in the table view

D.

By sorting on the category column in the table view.

Question 24

Which of the following would be a true statement about the function of the BIOS?

Options:

A.

The BIOS is responsible for swapping out memory pages when RAM fills up.

B.

The BIOS is responsible for checking and configuring the system after the power is turned on.

C.

The BIOS integrates compressed executable files with memory addresses for faster execution.

D.

Both a and c.

Question 25

Consider the following path in a FAT file system: C:\My Documents\My Pictures\Bikes. Where does the directory bikes receive its name?

Options:

A.

From the My Pictures directory

B.

From itself

C.

From the root directory c:\

D.

From the My Documents directory

Question 26

The EnCase signature analysis is used to perform which of the following actions?

Options:

A.

Analyzing the relationship of a file signature to its file header.

B.

Analyzing the relationship of a file signature to its computed MD5 hash value.

C.

Analyzing the relationship of a file signature to a list of hash sets.

D.

Analyzing the relationship of a file signature to its file extension.

Load More GD0-110 Questions
Demo: 26 questions
Total 174 questions
Get GD0-110 Full Access Download GD0-110 PDF