Home
Premium
NEW

TestKing GD0-100

Report as inappropriate Your report has been received
Shared by: lambartdennis
Categories
Tags
-
Stats
views:
5
posted:
7/4/2010
language:
English
pages:
5
Document Sample
scope of work template 
							       TestKing Guidance Software GD0-100 Exam Questions & Answers




GD0-100
Certification Exam For ENCE North America

Exam number/code: GD0-100
Exam name: Certification Exam For ENCE North America
Questions & Answers: 174 Q&A
Related Certifications: EnCE




Hundreds of people each day pass their IT certification exams with Testking
guaranteed certification resources and training kits.

Use the Guidance Software GD0-100 questions and answers to practice for your next
Guidance Software certification exam. If you don't pass – you don't pay! Testking has the
first and only 100% product satisfaction and exam passing guarantee. Advanced practice
questions and answers help drive the information into your routine thinking and surpass
GD0-100 brain dumps in retention and skill building.

Guidance Software GD0-100 exam answers and practice questions can be used at home or
office, installable on up to two PCs, or print the questions and answers to take with you and
train on-the-go! Guidance Software GD0-100 preparation tools are the perfect fit for any
Guidance Software certification candidate with GD0-100 training materials for every level of
entry.

Exam Engine Features
Control your IT training process by customizing your practice certification questions and
answers. The fastest and best way to train.

   *   Truly interactive practice tests
   *   Create and take notes on any question
   *   Retake tests until you're satisfied
   *   YOU select the areas of the exam to cover
   *   Filter questions for a new practice test experience each time
   *   Re-visit difficult questions
       TestKing Guidance Software GD0-100 Exam Questions & Answers


  Exam: GD0-100 Certification Questions & Answers


Question 1:

The EnCase methodology dictates that ________ be created prior to acquiring evidence.

A. a unique directory on the lab drive for case management
B. a text file for notes
C. All of the above
D. an .E01 file on the lab drive

Answer: A



Question 2:

Bookmarks are stored in which of the following files?

A. The case file
B. The evidence file
C. The configuration Bookmarks.ini file
D. All of the above

Answer: A



Question 3:

How does EnCase verify that the case information (Case Number, Evidence Number,
Investigator Name, etc) in an evidence file has not been damaged or changed, after the
evidence file has been written?

A. EnCase writes a CRC value of the case information and verifies the CRC value when the
evidence is added to a case.
B. EnCase does not verify the case information and case information can be changed by the
user as it becomes necessary.
C. The .case file writes a CRC value for the case information and verifies it when the case is
opened.
D. EnCase writes an MD5 hash value for the entire evidence file, which includes the case
information, and verifies the MD5 hash when the evidence is added to a case.

Answer: A



Question 4:

The following keyword was typed in exactly as shown. Choose the answer(s) that would
result. All search criteria have default settings. Speed and Meth

A. Meth
B. Meth Speed
C. SpeedandMeth
D. Speed

Answer: C
       TestKing Guidance Software GD0-100 Exam Questions & Answers
Question 5:

The Windows 98 Start Menu has a selection called documents which displays a list of
recently used files. Which of the following The Windows 98 Start Menu has a selection
called documents which displays a list of recently used files. Which of the following folders
contain those files?

A. C:\Windows\History
B. C:\Windows\Start menu\Documents
C. C:\Windows\Documents
D. C:\Windows\Recent

Answer: D



Question 6:

When a file is deleted in the FAT or NTFS file systems, what happens to the data on the
hard drive?

A. Nothing.
B. It is moved to a special area.
C. It is overwritten with zeroes.
D. The file header is marked with a Sigma so the file is not recognized by the operating
system.

Answer: A



Question 7:

You are an investigator and have encountered a computer that is running at the home of a
suspect. The computer does not appear to be a part of a network. The operating system is
Windows XP Home. No programs are visibly running. You should:

A. Pull the plug from the back of the computer.
B. Turn it off with the power button.
C. Pull the plug from the wall.
D. Shut it down with the start menu.

Answer: A



Question 8:

You are examining a hard drive that has Windows XP installed as the operating system. You
see a file that has a date and time in the deleted column.
Where does that date and time come from?

A. Directory Entry
B. Master File Table
C. Info2 file
D. Inode Table

Answer: C



Question 9:

An evidence file can be moved to another directory without changing the file verification.
       TestKing Guidance Software GD0-100 Exam Questions & Answers
A. False
B. True

Answer: B



Question 10:

By default, EnCase will display the data from the end of a logical file, to the end of the
cluster, in what color:

A. Red
B. Red on black
C. Black on red
D. Black

Answer: A



Question 11:

A SCSI host adapter would most likely perform which of the following tasks?

A. Configure the motherboard settings to the BIOS.
B. None of the above.
C. Set up the connection of IDE hard drives.
D. Make SCSI hard drives and other SCSI devices accessible to the operating system.

Answer: D



Question 12:

You are conducting an investigation and have encountered a computer that is running in the
field. The operating system is Windows XP. A software program is currently running and is
visible on the screen. You should:

A. Navigate through the program and see what the program is all about, then pull the plug.
B. Pull the plug from the back of the computer.
C. Photograph the screen and pull the plug from the back of the computer.
D. Pull the plug from the wall.

Answer: C



Question 13:

Temp files created by EnCase are deleted when EnCase is properly closed.

A. True
B. False

Explanation:
Pending. Send your suggestion to feedback@testking.com.



Question 14:

A sector on a floppy disk is the same size as a sector on a NTFS formatted hard drive.
       TestKing Guidance Software GD0-100 Exam Questions & Answers
A. False
B. True

Explanation:
Pending. Send your suggestion to feedback@testking.com.



Question 15:

Exhibit: ** MISSING ***

Select the appropriate name for the highlighted area of the binary numbers.

A. Byte
B. Dword
C. Word
D. Bit
E. Nibble

Answer: D



  Related GD0-100 Exams:




  Popular Certification Exams:


922-080           000-222            920-450           F50-522            190-755
000-103           NS0-210            HP2-037           Section 2:         70-444
                                                       Mathematics
E20-340           920-430            190-848           CT0-101            HP0-382


  Hot Certifications:


CCNP 2010         11g                5 CNE             8.1 Certified      Master CIW
                                                       Developer          Designer


  Popular Certification Providers:


Cognos            Enterasys          LSAT              HP                 MCAT
Related docs
Testking SY0-201
Views: 61  |  Downloads: 0
Testking Qa70-272
Views: 6  |  Downloads: 0
TestKing 640-607 Edt18
Views: 6  |  Downloads: 0