1. Home
  2. Guidance Software
  3. GD0-100

Certification Exam For ENCE North America

Exam Details

  • Exam Code
    :GD0-100
  • Exam Name
    :Certification Exam For ENCE North America
  • Certification
    :Guidance Software Certification
  • Vendor
    :Guidance Software
  • Total Questions
    :185 Q&As
  • Last Updated
    :May 17, 2024

Guidance Software Guidance Software Certification GD0-100 Questions & Answers

  • Question 41:

    Search terms are stored in what .ini configuration file

    A. FileSignatures.ini

    B. Keywords.ini

    C. TextStyle.ini

    D. FileTypes.ini

  • Question 42:

    Within EnCase for Windows, the search process is:

    A. None of the above

    B. both a and b

    C. a search of the physical disk in unallocated clusters and other unused disk areas

    D. a search of the logical files

  • Question 43:

    GREP terms are automatically recognized as GREP by EnCase.

    A. True

    B. False

  • Question 44:

    By default, what color does EnCase use for slack?

    A. Black on red

    B. Red on black

    C. Red

    D. Black

  • Question 45:

    When a file is deleted in the FAT or NTFS file systems, what happens to the data on the hard drive?

    A. Nothing.

    B. It is moved to a special area.

    C. It is overwritten with zeroes.

    D. The file header is marked with a Sigma so the file is not recognized by the operating system.

  • Question 46:

    Assume that MyNote.txt was allocated to clusters 5, 9, and 11. Cluster 6, 7, and 8 belong to MyResume.doc. Both files have been deleted and the directory entry in the FAT file system for MyResume.doc has been overwritten. What clusters would EnCase use to undelete MyNote.txt?

    A. 5,9,11

    B. 5,6,7

    C. 7,8,9

    D. 6,7,8

  • Question 47:

    EnCase can build a hash set of a selected group of files.

    A. True

    B. False

  • Question 48:

    When handling computer evidence, an investigator should:

    A. Both a and b

    B. Make any changes to the evidence that will further the investigation.

    C. Neither a or b

    D. Avoid making any changes to the original evidence.

  • Question 49:

    RAM is an acronym for: A. Random Addressable Memory

    B. Relative Addressable Memory

    C. Random Access Memory

    D. Relative Address Memory

  • Question 50:

    The term signature and reader as they relate to a signature analysis are

    A. None of the above

    B. The signature is the file extension. The header is a standard pattern normally found at the beginning of a file.

    C. Synonymous.

    D. Areas compared with each other to verify the correct file type.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Guidance Software exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GD0-100 exam preparations and Guidance Software certification application, do not hesitate to visit our Vcedump.com to find your solutions here.