Weekend Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors
  1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-100
  5. Certification Exam For ENCE North America Questions and Answers

GD0-100 Certification Exam For ENCE North America Questions and Answers

Questions 4

Which of the following is commonly used to encode e-mail attachments?

Options:

A.

GIF

B.

EMF

C.

JPEG

D.

Base64

Buy Now
Questions 5

In the FAT file system, the size of a deleted file can be found:

Options:

A.

In the FAT

B.

In the directory entry

C.

In the file footer

D.

In the file header

Buy Now
Questions 6

The case number in an evidence file can be changed without causing the verification feature to report an error, if:

Options:

A.

The user utilizes a text editor.

B.

The case information cannot be changed in an evidence file, without causing the verification feature to report an error.

C.

The user utilizes the case information editor within EnCase.

D.

The evidence file is reacquired.

Buy Now
Questions 7

If cluster #3552 entry in the FAT table contains a value of ?? this would mean:

Options:

A.

The cluster is unallocated

B.

The cluster is the end of a file

C.

The cluster is allocated

D.

The cluster is marked bad

Buy Now
Questions 8

Which of the following would most likely be an add-in card?

Options:

A.

A video card that is connected to the motherboard in the AGP slot

B.

Anything plugged into socket 7

C.

A motherboard

D.

The board that connects to the power supply

Buy Now
Questions 9

Which of the following aspects of the EnCase evidence file can be changed during a reacquire of the evidence file?

Options:

A.

The evidence number

B.

The acquisition notes

C.

The investigator name

D.

None of the above

Buy Now
Questions 10

During the power-up sequence, which of the following happens first?

Options:

A.

The boot sector is located on the hard drive.

B.

Theower On Self-Test.? 7KH ? RZHU2Q6HOI7HVW

C.

The floppy drive is checked for a diskette.

D.

The BIOS on an add-in card is executed.

Buy Now
Questions 11

To undelete a file in the FAT file system, EnCase computes the number of _______ the file will use based on the file ______.

Options:

A.

Clusters;starting extent

B.

Sectors;starting extent

C.

Clusters;file size

D.

Sectors;file size

Buy Now
Questions 12

The EnCase evidence file is best described as:

Options:

A.

A clone of the source hard drive.

B.

A sector-by-sector copy of the source hard drive written to the corresponding sectors of the target hard drive.

C.

A bit stream image of the source hard drive written to a file, or several file segments.

D.

A bit stream image of the source hard drive written to the corresponding sectors of the target hard drive.

Buy Now
Questions 13

A sector on a hard drive contains how many bytes?

Options:

A.

2048

B.

4096

C.

1024

D.

512

Buy Now
Questions 14

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. Bob@ [a-z]+.com

Options:

A.

Bob@New zealand.com

B.

Bob@My-Email.com

C.

Bob@America.com

D.

Bob@a-z.com

Buy Now
Questions 15

How are the results of a signature analysis examined?

Options:

A.

By sorting on the category column in the Table view. By sorting on the category column in the Table view.

B.

By sorting on the signature column in the Table view. By sorting on the signature column in the Table view.

C.

By sorting on the hash sets column in the Table view. By sorting on the hash sets column in the Table view.

D.

By sorting on the hash library column in the Table view. By sorting on the hash library column in the Table view.

Buy Now
Questions 16

The results of a hash analysis on an evidence file that has been added to a case will be stored in which of the following files?

Options:

A.

The evidence file

B.

All of the above

C.

The case file

D.

The configuration HashAnalysis.ini file

Buy Now
Questions 17

EnCase marks a file as overwritten when _____________ has been allocated to another file.

Options:

A.

all of the file

B.

the starting cluster of the file

C.

the directory entry for the file

D.

any part of the file

Buy Now
Questions 18

The spool files that are created during a print job are __________ after the print job is completed.

Options:

A.

moved

B.

wiped

C.

deleted and wiped

D.

deleted

Buy Now
Questions 19

This question addresses the EnCase for Windows search process. If a target word is within a logical file, and it begins in cluster 10 and ends in cluster 15 (the word is fragmented), the search:

Options:

A.

Will not find it unlessile slack is checked on the search dialog box.

B.

Will find it because EnCase performs a logical search.

C.

Will not find it because EnCase performs a physical search only.

D.

Will not find it because the letters of the keyword are not contiguous.

Buy Now
Questions 20

Assume that MyNote.txt was allocated to clusters 5, 9, and 11. Cluster 6, 7, and 8 belong to MyResume.doc. Both files have been deleted and the directory entry in the FAT file system for MyResume.doc has been overwritten. What clusters would EnCase use to undelete MyNote.txt?

Options:

A.

5,9,11

B.

5,6,7

C.

7,8,9

D.

6,7,8

Buy Now
Questions 21

When a file is deleted in the FAT file system, what happens to the FAT?

Options:

A.

The FAT entries for that file are marked as allocated.

B.

Nothing.

C.

It is deleted as well.

D.

The FAT entries for that file are marked as available.

Buy Now
Questions 22

EnCase is able to read and examine which of the following file systems?

Options:

A.

NTFS

B.

EXT3

C.

FAT

D.

HFS

Buy Now
Questions 23

Select the appropriate name for the highlighted area of the binary numbers.

Options:

A.

Bit

B.

Nibble

C.

Word

D.

Dword

E.

Byte

Buy Now
Questions 24

Which of the following would be a true statement about the function of the BIOS?

Options:

A.

The BIOS integrates compressed executable files with memory addresses for faster execution.

B.

The BIOS is responsible for checking and configuring the system after the power is turned on.

C.

The BIOS is responsible for swapping out memory pages when RAM fills up.

D.

Both a and c.

Buy Now
Questions 25

How many copies of the FAT are located on a FAT 32, Windows 98-formatted partition?

Options:

A.

2

B.

3

C.

1

D.

4

Buy Now
Questions 26

Which is the proper formula for determining the size in bytes of a hard drive that uses cylinders (C), heads (H), and sectors (S) geometry?

Options:

A.

C X H + S

B.

C X H X S + 512

C.

C X H X S X 512

D.

C X H X S

Buy Now
Exam Code: GD0-100
Exam Name: Certification Exam For ENCE North America
Last Update: May 8, 2024
Questions: 176

PDF + Testing Engine

$56  $159.99
buy now GD0-100 pdf + testing engine

Testing Engine

$42  $119.99
buy now GD0-100 testing engine

PDF (Q&A)

$35  $99.99
buy now GD0-100 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 12 May 2024