Guidance Software GD0-100 Exam - Questions and Answers

Question 1

The case file should be archived with the evidence files at the termination of a case.

A. True
B. False

Answer : A

Question 2

A signature analysis has been run on a case. The result "Bad Signature " means:

A. The file signature is known and does not match a known file header.
B. The file signature is known and the file extension is known.
C. The file signature is known and does not match a known file extension.
D. The file signature is unknown and the file extension is known.

Answer : D

Question 3

A standard DOS 6.22 boot disk is acceptable for booting a suspect drive.

A. True
B. False

Answer : A

Question 4

When can an evidence file containing a NTFS partition be logically restored to a FAT 32 partition?

A. Never
B. When the FAT 32 has the same number of sectors / clusters.
C. When the FAT 32 is the same size or bigger.
D. Both a and b

Answer : A

Question 5

Which of the following selections would be used to keep track of a fragmented file in the
FAT file system?

A. The directory entry for the fragmented file
B. The partition table of extents
C. The File Allocation Table
D. All of the above

Answer : C

Question 6

What files are reconfigured or deleted by EnCase during the creation of an EnCase boot disk?

A. command.com
B. autoexec.bat
C. drvspace.bin
D. io.sys

Answer : ACD

Question 7

A signature analysis has been run on a case. The result ?*JPEG ?in the signature column means:

A. The file signature is unknown and the header is a JPEG.
B. The file signature is a JPEG signature and the file extension is incorrect.
C. The file signature is unknown and the file extension is JPEG.
D. None of the above.

Answer : B

Question 8

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result.[\x00-\x05]\x00\x00?>[?[@?[?[?[

A. FF 0000 00 00 FF BA
B. 0000 00 01 FF FF BA
C. 04 06 0000 00 FF FF BA
D. 04 0000 00 FF FF BA

Answer : D

Question 9

Which of the following items could contain digital evidence?

A. Credit card readers
B. Personal assistant devices
C. Cellular phones
D. Digital cameras

Answer : A,B,C,D

Question 10

What information in a FAT file system directory entry refers to the location of a file on the hard drive?

A. The file size
B. The file attributes
C. The starting cluster
D. The fragmentation settings

Answer : C

Question 11

The EnCase methodology dictates that ________ be created prior to acquiring evidence.

A. a unique directory on the lab drive for case management
B. a text file for notes
C. All of the above
D. an .E01 file on the lab drive

Answer : A

Question 12

Select the appropriate name for the highlighted area of the binary numbers.

A. Byte
B. Dword
C. Bit
D. Word
E. Nibble

Answer : E

Question 13

Which of the following is commonly used to encode e-mail attachments?

A. GIF
B. EMF
C. JPEG
D. Base64

Answer : D

Question 14

Select the appropriate name for the highlighted area of the binary numbers.

A. Byte
B. Dword
C. Word
D. Bit
E. Nibble

Answer : D

Question 15

If cases are worked on a lab drive in a secure room, without any cleaning of the contents of the drive, which of the following areas would be of most concern?

A. There is no concern
B. Cross-contamination
C. Chain-of-custody
D. Storage

Answer : B

Certification Exam For ENCE North America v5.0

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Talk to us!