GD0-100 Exam Questions
173 real GD0-100 exam questions with expert-verified answers and explanations. Page 4 of 4.
- Question #156
RAM is an acronym for:
- Question #157
When handling computer evidence, an investigator should:
- Question #158
The case number in an evidence file can be changed without causing the verification feature to report an error, if:
- Question #159
In the FAT file system, the size of a deleted file can be found:
- Question #160
A sector on a hard drive contains how many bytes?
- Question #161
You are an investigator and have encountered a computer that is running at the home of a suspect. The computer does not appear to be a part of a network. The operating system is Wi...
- Question #162
The EnCase methodology dictates that ________ be created prior to acquiring evidence.
- Question #163
This question addresses the EnCase for Windows search process. If a target word is located in the unallocated space, and the word is fragmented between clusters 10 and 15, the sear...
- Question #166
If cluster #3552 entry in the FAT table contains a value of this would mean:
- Question #167
The acronym ASCII stands for:
- Question #168
You are examining a hard drive that has Windows XP installed as the operating system. You see a file that has a date and time in the deleted column. Where does that date and time c...
- Question #169
Within EnCase, what is the purpose of the temp folder?
- Question #170
Select the appropriate name for the highlighted area of the binary numbers.
- Question #171
To later verify the contents of an evidence file?
- Question #172
Assume that MyNote.txt has been deleted. The FAT file system directory entry for that file has been overwritten. The data for MyNote.txt is now:
- Question #173
An evidence file was archived onto five CD-Rom disks with the third file segment on disk number three. Can the contents of the third file segment be verified by itself while still...
- Question #174
The EnCase evidence file logical filename can be changed without affecting the verification of the acquired evidence.
- Question #175
When a file is deleted in the FAT or NTFS file systems, what happens to the data on the hard drive?
- Question #176
EnCase can make an image of a USB flash drive.
- Question #177
All investigators using EnCase should run tests on the evidence file acquisition and verification process to:
- Question #178
The term signature and header as they relate to a signature analysis are:
- Question #179
Which of the following selections is NOT found in the case file?
- Question #180
The maximum file segment size for an EnCase evidence file is: