Certification Exam For ENCE North America v5.0

Page:    1 / 12   
Exam contains 176 questions

The case file should be archived with the evidence files at the termination of a case.

  • A. True
  • B. False


Answer : A

A signature analysis has been run on a case. The result "Bad Signature " means:

  • A. The file signature is known and does not match a known file header.
  • B. The file signature is known and the file extension is known.
  • C. The file signature is known and does not match a known file extension.
  • D. The file signature is unknown and the file extension is known.


Answer : D

A standard DOS 6.22 boot disk is acceptable for booting a suspect drive.

  • A. True
  • B. False


Answer : A

When can an evidence file containing a NTFS partition be logically restored to a FAT 32 partition?

  • A. Never
  • B. When the FAT 32 has the same number of sectors / clusters.
  • C. When the FAT 32 is the same size or bigger.
  • D. Both a and b


Answer : A

Which of the following selections would be used to keep track of a fragmented file in the
FAT file system?

  • A. The directory entry for the fragmented file
  • B. The partition table of extents
  • C. The File Allocation Table
  • D. All of the above


Answer : C

What files are reconfigured or deleted by EnCase during the creation of an EnCase boot disk?

  • A. command.com
  • B. autoexec.bat
  • C. drvspace.bin
  • D. io.sys


Answer : A,C,D

A signature analysis has been run on a case. The result ?*JPEG ?in the signature column means:

  • A. The file signature is unknown and the header is a JPEG.
  • B. The file signature is a JPEG signature and the file extension is incorrect.
  • C. The file signature is unknown and the file extension is JPEG.
  • D. None of the above.


Answer : B

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result.[\x00-\x05]\x00\x00?>[?[@?[?[?[

  • A. FF 0000 00 00 FF BA
  • B. 0000 00 01 FF FF BA
  • C. 04 06 0000 00 FF FF BA
  • D. 04 0000 00 FF FF BA


Answer : D

Which of the following items could contain digital evidence?

  • A. Credit card readers
  • B. Personal assistant devices
  • C. Cellular phones
  • D. Digital cameras


Answer : A,B,C,D

What information in a FAT file system directory entry refers to the location of a file on the hard drive?

  • A. The file size
  • B. The file attributes
  • C. The starting cluster
  • D. The fragmentation settings


Answer : C

The EnCase methodology dictates that ________ be created prior to acquiring evidence.

  • A. a unique directory on the lab drive for case management
  • B. a text file for notes
  • C. All of the above
  • D. an .E01 file on the lab drive


Answer : A

Select the appropriate name for the highlighted area of the binary numbers.

  • A. Byte
  • B. Dword
  • C. Bit
  • D. Word
  • E. Nibble


Answer : E

Which of the following is commonly used to encode e-mail attachments?

  • A. GIF
  • B. EMF
  • C. JPEG
  • D. Base64


Answer : D

Select the appropriate name for the highlighted area of the binary numbers.

  • A. Byte
  • B. Dword
  • C. Word
  • D. Bit
  • E. Nibble


Answer : D

If cases are worked on a lab drive in a secure room, without any cleaning of the contents of the drive, which of the following areas would be of most concern?

  • A. There is no concern
  • B. Cross-contamination
  • C. Chain-of-custody
  • D. Storage


Answer : B

Page:    1 / 12   
Exam contains 176 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.