The latest IT certification exams on Certinside visualtestengine.com help you pass any IT exams

GD0-110 Free Demo Download

Certinside offers free demo for GD0-110 174 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.


Download GD0-110 Exam Pdf Demo

Download GD0-110 Exam iEngine Demo

　
　
Exam : Guidance Software GD0-110
Title : Certification Exam for EnCE Outside North America

1. A logical file would be best described as:
A. The data from the beginning of the starting cluster to the length of the file.
B. The data taken from the starting cluster to the end of the last cluster that is occupied by the file.
C. A file including any RAM and disk slack.
D. A file including only RAM slack.
Answer: A

2. The BIOS chip on an IBM clone computer is most commonly located on:
A. The motherboard
B. The controller card
C. The microprocessor
D. The RAM chip
Answer: A

3. What information in a FAT file system directory entry refers to the location of a file on the hard drive?
A. The file size
B. The file attributes
C. The starting cluster
D. The fragmentation settings
Answer: C

4. Select the appropriate name for the highlighted area of the binary numbers.
A. Word
B. Nibble
C. Bit
D. Dword
E. Byte
Answer: E

5. Consider the following path in a FAT file system: C:My DocumentsMy PicturesBikes. Where does the directory bikes receive its name?
A. From the My Pictures directory
B. From itself
C. From the root directory c:
D. From the My Documents directory
Answer: A

6. The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. 800[) -]+555-1212
A. 800.555.1212
B. 8005551212
C. 800-555 1212
D. (800) 555-1212
Answer: D

7. The end of a logical file to the end of the cluster that the file ends in is called:
A. Unallocated space
B. Allocated space
C. Available space
D. Slack
Answer: D

8. A case file can contain ____ hard drive images?
A. 1
B. 5
C. 10
D. any number of
Answer: D

9. The boot partition table found at the beginning of a hard drive is located in what sector?
A. Volume boot record
B. Master boot record
C. Master file table
D. Volume boot sector
Answer: B

10. Calls to the C: volume of the hard drive are not made by DOS when a computer is booted with a standard DOS 6.22 boot disk.
A. True
B. False
Answer: B

11. If an evidence file has been added to a case and completely verified, what happens if the data area within the evidence file is later changed?
A. EnCase will detect the error when that area of the evidence file is accessed by the user.
B. EnCase detect the error if the evidence file is manually re-verified.
C. EnCase will allow the examiner to continue to access the rest of the evidence file that has not been changed.
D. All of the above.
Answer: D

12. How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file has been written?
A. The .case file writes a CRC value for the case information and verifies it when the case is opened.
B. EnCase does not verify the case information and case information can be changed by the user as it becomes necessary.
C. EnCase writes a CRC value of the case information and verifies the CRC value when the evidence is added to a case.
D. EnCase writes an MD5 hash value for the entire evidence file, which includes the case information, and verifies the MD5 hash when the evidence is added to a case.
Answer: C