GD0-110 Online Practice Questions and Answers

In Windows, the file MyNote.txt is deleted from C Drive and is automatically sent to the ecycle Bin. The long filename was In Windows, the file MyNote.txt is deleted from C Drive and is automatically sent to the recycle Bin. The long filename was MyNote.txt and the short filename was MYNOTE.TXT. When viewing the ecycle Bin with EnCase, how will the long filename and MyNote.txt and the short filename was MYNOTE.TXT. When viewing the recycle Bin with EnCase, how will the long filename and short filename appear?

A. MyNote.txt, DC0.txt

B. MyNote.del, DC1.del

C. MyNote.txt, CD0.txt

D. MyNote.del, DC0.del

A personal data assistant was placed in a evidence locker until an examiner has time to examine it. Which of the following areas would require special attention?

A. Chain-of-custody

B. Cross-contamination

C. Storage

D. There is no concern

The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. credit card

A. Credit Card

B. credit card

C. Card

D. Credit

The end of a logical file to the end of the cluster that the file ends in is called:

A. Unallocated space

B. Allocated space

C. Slack

D. Available space

The FAT in the File Allocation Table file system keeps track of:

A. All of the above.

B. Every addressable cluster on the partition

C. Clusters marked as bad

D. File fragmentation

The first sector on a volume is called the:

A. Master file table

B. Volume boot device

C. Volume boot sector or record

D. Master boot record

Within EnCase, you highlight a range of data within a file. The length indicator displays the value 30. How many bytes have you actually selected?

A. 15

B. 30

C. 3

D. 60

When handling computer evidence, an investigator should: A. Neither a or b

B. Both a and b

C. Avoid making any changes to the original evidence.

D. Make any changes to the evidence that will further the investigation.

RAM is tested during which phase of the power-up sequence?

A. None of the above.

B. During POST

C. After POST

D. Pre-POST

The EnCase evidence file is best described as:

A. A bit stream image of the source hard drive written to the corresponding sectors of the target hard drive.

B. A clone of the source hard drive.

C. A bit stream image of the source hard drive written to a file, or several file segments.

D. A sector-by-sector copy of the source hard drive written to the corresponding sectors of the target hard drive.