Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

GD0-110 Certification Exam for EnCE Outside North America Questions and Answers

Questions 4

Select the appropriate name for the highlighted area of the binary numbers.

GD0-110 Question 4

Options:

A.

Word

B.

Nibble

C.

Bit

D.

Dword

E.

Byte

Buy Now
Questions 5

The default export folder remains the same for all cases.

Options:

A.

True

B.

False

Buy Now
Questions 6

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. [\x00-\x05]\x00\x00\x00?[\x00-\x05]\x00\x00\x00

Options:

A.

00 00 00 01 FF FF BA

B.

FF 00 00 00 00 FF BA

C.

04 00 00 00 FF FF BA

D.

04 06 00 00 00 FF FF BA

Buy Now
Questions 7

Before utilizing an analysis technique on computer evidence, the investigator should:

Options:

A.

Be trained in the employment of the technique.

B.

Test the technique on simulated evidence in a controlled environment to confirm that the results are consistent.

C.

Both a and b.

D.

Neither a or b.

Buy Now
Questions 8

Which of the following statements is more accurate?

Options:

A.

The Recycle Bin increases the chance of locating the existence of a file on a computer.

B.

The Recycle Bin reduces the chance of locating the existence of a file on a computer.

Buy Now
Questions 9

Calls to the C:\ volume of the hard drive are not made by DOS when a computer is booted with a standard DOS 6.22 boot disk.

Options:

A.

True

B.

False

Buy Now
Questions 10

The EnCase methodology dictates that the lab drive for evidence have a __________ prior to making an image.

Options:

A.

unique volume label

B.

FAT 16 partition

C.

NTFS partition

D.

bare, unused partition

Buy Now
Questions 11

A FAT directory has as a logical size of:

Options:

A.

0 bytes

B.

64 bytes

C.

128 bytes

D.

One cluster

Buy Now
Questions 12

Assume that MyNote.txt was allocated to clusters 5, 9, and 11. Cluster 6, 7, and 8 belong to MyResume.doc. Both files have been deleted and the directory entry in the FAT file system for MyResume.doc has been overwritten. What clusters would EnCase use to undelete MyNote.txt?

Options:

A.

5,9,11

B.

6,7,8

C.

5,6,7

D.

7,8,9

Buy Now
Questions 13

A suspect typed a file on his computer and saved it to a floppy diskette. The filename was MyNote.txt. You receive the floppy and the suspect's computer. The suspect denies that the floppy disk belongs to him. You search the suspect's computer and locate only the filename within a .LNK file. The .LNK file is located in the folder C:\Windows\Recent. How you would use the .LNK file to establish a connection between the file on the floppy diskette and the suspect computer?

Options:

A.

The dates and time of the file found in the .LNK file, at file offset 28

B.

The full path of the file, found in the .LNK file

C.

The file signature found in the .LNK file

D.

Both a and b

Buy Now
Questions 14

The BIOS chip on an IBM clone computer is most commonly located on:

Options:

A.

The motherboard

B.

The controller card

C.

The microprocessor

D.

The RAM chip

Buy Now
Questions 15

The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. Speed and Meth

Options:

A.

Speed

B.

Meth

C.

Speed and Meth

D.

Meth Speed

Buy Now
Questions 16

Within EnCase, clicking on save on the toolbar affects what file(s)?

Options:

A.

The open case file

B.

The configuration .ini files

C.

The evidence files

D.

All of the above

Buy Now
Questions 17

Which of the following would be a true statement about the function of the BIOS?

Options:

A.

The BIOS is responsible for swapping out memory pages when RAM fills up.

B.

The BIOS is responsible for checking and configuring the system after the power is turned on.

C.

The BIOS integrates compressed executable files with memory addresses for faster execution.

D.

Both a and c.

Buy Now
Questions 18

The EnCase signature analysis is used to perform which of the following actions?

Options:

A.

Analyzing the relationship of a file signature to its file header.

B.

Analyzing the relationship of a file signature to its computed MD5 hash value.

C.

Analyzing the relationship of a file signature to a list of hash sets.

D.

Analyzing the relationship of a file signature to its file extension.

Buy Now
Questions 19

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. Bob@[a-z]+.com

Options:

A.

Bob@America.com

B.

Bob@New zealand.com

C.

Bob@a-z.com

D.

Bob@My-Email.com

Buy Now
Questions 20

The EnCase methodology dictates that ________ be created prior to acquiring evidence.

Options:

A.

an .E01 file on the lab drive

B.

a unique directory on the lab drive for case management

C.

a text file for notes

D.

All of the above

Buy Now
Questions 21

An Enhanced Metafile would best be described as:

Options:

A.

A file format used in the printing process by Windows.

B.

A compound e-mail attachment.

C.

A compressed zip file.

D.

A graphics file attached to an e-mail message.

Buy Now
Questions 22

You are investigating a case involving fraud. You seized a computer from a suspect who stated that the computer is not used by anyone other than himself. The computer has Windows 98 installed on the hard drive. You find the filename C:\downloads\check01.jpg that EnCase shows as being moved. The starting extent is 0C4057. You find another filename :\downloads\chk1.dll with the starting extent 0C4057, which EnCase also shows as being moved. In the C:\Windows\System folder you find an allocated file named chk1.dll with the starting extent 0C4057. The chk1.dll file is a JPEG image of a counterfeit check. What can be deduced from your findings?

Options:

A.

The presence and location of the files is strong evidence the suspect committed the crime.

B.

The presence and location of the files is not strong evidence the suspect committed the crime.

Buy Now
Questions 23

During the power-up sequence, which of the following happens first?

Options:

A.

The boot sector is located on the hard drive.

B.

The power On Self-Test.

C.

The floppy drive is checked for a diskette.

D.

The BIOS on an add-in card is executed.

Buy Now
Questions 24

Search terms are stored in what .ini configuration file?

Options:

A.

FileTypes.ini

B.

FileSignatures.ini

C.

Keywords.ini

D.

TextStyle.ini

Buy Now
Questions 25

The MD5 hash algorithm produces a _____ number.

Options:

A.

32 bit

B.

64 bit

C.

128 bit

D.

256 bit

Buy Now
Questions 26

The EnCase evidence file is best described as:

Options:

A.

A clone of the source hard drive.

B.

A sector-by-sector copy of the source hard drive written to the corresponding sectors of the target hard drive.

C.

A bit stream image of the source hard drive written to the corresponding sectors of the target hard drive.

D.

A bit stream image of the source hard drive written to a file, or several file segments.

Buy Now
Exam Code: GD0-110
Exam Name: Certification Exam for EnCE Outside North America
Last Update: Nov 16, 2024
Questions: 174

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now GD0-110 testing engine

PDF (Q&A)

$31.5  $104.99
buy now GD0-110 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024