GD0-110 Exam Questions
173 real GD0-110 exam questions with expert-verified answers and explanations. Page 1 of 4.
- Question #1
The end of a logical file to the end of the cluster that the file ends in is called:
- Question #2
The boot partition table found at the beginning of a hard drive is located in what sector?
- Question #3
What information in a FAT file system directory entry refers to the location of a file on the hard drive?
- Question #4
A logical file would be best described as:
- Question #5
A case file can contain ____ hard drive images?
- Question #6
Calls to the C:\ volume of the hard drive are not made by DOS when a computer is booted with a standard DOS 6.22 boot disk.
- Question #7
Select the appropriate name for the highlighted area of the binary numbers.
- Question #8
If an evidence file has been added to a case and completely verified, what happens if the data area within the evidence file is later changed?
- Question #9
The BIOS chip on an IBM clone computer is most commonly located on:
- Question #10
Consider the following path in a FAT file system: C:\My Documents\My Pictures\Bikes. Where does the directory bikes receive its name?
- Question #11
The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. 800[) \-]+555-1212
- Question #12
How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file...
- Question #13
Which of the following statements is more accurate?
- Question #14
The first sector on a volume is called the:
- Question #15
When an EnCase user double-clicks on a file within EnCase what determines the action that will result?
- Question #16
The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. Bob@[a-z]+.com
- Question #17
The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. [^a-z]Tom[^a-z]
- Question #18
The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. [\x00-\x05]\x00\x00\x00?[\x00-\x05]\x00\x00\x00
- Question #19
This question addresses the EnCase for Windows search process. If a target word is within a logical file, and it begins in cluster 10 and ends in cluster 15 (the word is fragmented...
- Question #20
When a file is deleted in the FAT file system, what happens to the FAT?
- Question #21
In DOS and Windows, how many bytes are in one FAT directory entry?
- Question #22
When a non-compressed evidence file is reacquired with compression, the acquisition and verification hash values for the evidence will remain the same for both files.
- Question #23
An EnCase evidence file of a hard drive ________ be restored to another hard drive of equal or greater size.
- Question #24
A hard drive has been formatted as NTFS and Windows XP was installed. The user used fdisk to remove all partitions from that drive. Nothing else was done. You have imaged the drive...
- Question #25
How are the results of a signature analysis examined?
- Question #27
If a floppy diskette is in the a drive, the computer will always boot to that drive before any other device.
- Question #28
During the power-up sequence, which of the following happens first?
- Question #29
A hard drive has 8 sectors per cluster. File Mystuff.doc has a logical file size of 13,000 bytes. How many clusters will be used by Mystuff.doc?
- Question #30
Select the appropriate name for the highlighted area of the binary numbers.
- Question #31
The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. Jan 1 st , 2?0?00
- Question #32
When does the POST operation occur?
- Question #33
Which is the proper formula for determining the size in bytes of a hard drive that uses cylinders (C), heads (H), and sectors (S) geometry?
- Question #34
Within EnCase, clicking on save on the toolbar affects what file(s)?
- Question #35
Hash libraries are commonly used to:
- Question #36
You are investigating a case of child pornography on a hard drive containing Windows XP. In the C:\Documents and Settings\Bad Guy\Local Settings\Temporary Internet Files folder you...
- Question #37
Which of the following items could contain digital evidence?
- Question #38
Bookmarks are stored in which of the following files?
- Question #39
Two allocated files can occupy one cluster, as long as they can both fit within the allotted number of bytes.
- Question #40
A SCSI host adapter would most likely perform which of the following tasks?
- Question #41
How does EnCase verify that the evidence file contains an exact copy of the suspect hard drive?
- Question #42
In DOS acquisition mode, if a physical drive is detected, but no partition information is displayed, what would be the cause:
- Question #43
RAM is used by the computer to:
- Question #44
If cluster number 10 in the FAT contains the number 55, this means:
- Question #45
Within EnCase for Windows, the search process is:
- Question #46
A physical file size is:
- Question #47
When can an evidence file containing a NTFS partition be logically restored to a FAT 32 partition?
- Question #48
Select the appropriate name for the highlighted area of the binary numbers.
- Question #49
To undelete a file in the FAT file system, EnCase computes the number of _______ the file will use based on the file ______.
- Question #50
ROM is an acronym for:
- Question #51
Search terms are case sensitive by default.