1. The BIOS chip on an IBM clone computer is most commonly located on:
A. The motherboard
B. The controller card
C. The microprocessor
D. The RAM chip
Answer: A
2. How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an
evidence file has not been damaged or changed, after the evidence file has been written?
A. The .case file writes a CRC value for the case information and verifies it when the case is opened.
B. EnCase does not verify the case information and case information can be changed by the user as it becomes
necessary.
C. EnCase writes a CRC value of the case information and verifies the CRC value when the evidence is added to a
case.
D. EnCase writes an MD5 hash value for the entire evidence file, which includes the case information, and verifies the
MD5 hash when the evidence is added to a case.
Answer: C
3. The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. 800[) -]
+555-1212
A. 800.555.1212
B. 8005551212
C. 800-555 1212
D. (800) 555-1212
Answer: D
4. Select the appropriate name for the highlighted area of the binary numbers.
A. Word
B. Nibble
C. Bit
D. Dword
E. Byte
Answer: E
5. The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. Bob@[az]+.
com
A. Bob@America.com
B. Bob@New zealand.com
C. Bob@a-z.com
D. Bob@My-Email.com
Answer: A
6. The first sector on a volume is called the:
A. Volume boot device
B. Master boot record
C. Master file table
D. Volume boot sector or record
Answer: D
7. A case file can contain ____ hard drive images?
A. 1
B. 5
C. 10
D. any number of
Answer: D
8. The boot partition table found at the beginning of a hard drive is located in what sector?
A. Volume boot record
B. Master boot record
C. Master file table
D. Volume boot sector
Answer: B
9. Consider the following path in a FAT file system: C:My DocumentsMy PicturesBikes. Where does the directory
bikes receive its name?
A. From the My Pictures directory
B. From itself
C. From the root directory c:
D. From the My Documents directory
Answer: A
10. The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. [x00-
x05]x00x00x00?[x00-x05]x00x00x00
A. 00 00 00 01 FF FF BA
B. FF 00 00 00 00 FF BA
C. 04 00 00 00 FF FF BA
D. 04 06 00 00 00 FF FF BA
Answer: C
11. Calls to the C: volume of the hard drive are not made by DOS when a computer is booted with a standard DOS 22
boot disk.
A. True
B. False
Answer: B
12. When a file is deleted in the FAT file system, what happens to the FAT?
A. It is deleted as well.
B. Nothing.
C. The FAT entries for that file are marked as allocated.
D. The FAT entries for that file are marked as available.
Answer: D
13. The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. [^a-z]
Tom[^a-z]
A. Stomp
B. Tomato
C. Tom
D. Toms
Answer: C
14. Which of the following statements is more accurate?
A. The Recycle Bin increases the chance of locating the existence of a file on a computer.
B. The Recycle Bin reduces the chance of locating the existence of a file on a computer.
Answer: A
15. The end of a logical file to the end of the cluster that the file ends in is called:
A. Unallocated space
B. Allocated space
C. Available space
D. Slack
Answer: D
16. When an EnCase user double-clicks on a file within EnCase what determines the action that will result?
A. The settings in the case file.
B. The setting in the evidence file.
C. The settings in the FileTypes.ini file.
D. Both a and b.
Answer: C
17. If an evidence file has been added to a case and completely verified, what happens if the data area within the
evidence file is later changed?
A. EnCase will detect the error when that area of the evidence file is accessed by the user.
B. EnCase detect the error if the evidence file is manually re-verified.
C. EnCase will allow the examiner to continue to access the rest of the evidence file that has not been changed.
D. All of the above.
Answer: D
18. This question addresses the EnCase for Windows search process. If a target word is within a logical file, and it
begins in cluster 10 and ends in cluster 15 (the word is fragmented), the search:
A. Will not find it because the letters of the keyword are not contiguous.
B. Will not find it unless File slack is checked on the search dialog box.
C. Will find it because EnCase performs a logical search.
D. Will not find it because EnCase performs a physical search only.
Answer: C
19. A logical file would be best described as:
A. The data from the beginning of the starting cluster to the length of the file.
B. The data taken from the starting cluster to the end of the last cluster that is occupied by the file.
C. A file including any RAM and disk slack.
D. A file including only RAM slack.
Answer: A
20. What information in a FAT file system directory entry refers to the location of a file on the hard drive?
A. The file size
B. The file attributes
C. The starting cluster
D. The fragmentation settings
Answer: C
GD0-110 Braindumps
GD0-110 Certification Exam for EnCE Outside North America
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/23942882/viewspace-666238/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/23942882/viewspace-666238/
3539
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
