A30-327 Online Practice Questions and Answers

When previewing a physical drive on a local machine with FTK Imager, which statement is true?

A. FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.

B. FTK Imager can operate from a USB drive, thus preventing writes to suspect media.

C. FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.

D. FTK Imager should always be used in conjunction with a hardware write protect device to prevent writes to suspect media.

Which type of evidence can be added to FTK Imager?

A. individual files

B. all checked items

C. contents of a folder

D. all currently listed items

You are converting one image file format to another using FTK Imager. Why are the hash values of the original image and the resulting new image the same?

A. because FTK Imager's progress bar tracks the conversion

B. because FTK Imager verifies the amount of data converted

C. because FTK Imager compares the elapsed time of conversion

D. because FTK Imager hashes only the data during the conversion

Which statement is true about using FTK Imager to export a folder and its subfolders?

A. Exporting a folder will copy all its subfolders.

B. Each subfolder must be exported individually.

C. Exporting a folder copies only the folder without any files.

D. Exporting a folder will copy all subfolders without the system attribute.

You have processed a case in FTK using all the default options. The investigator supplies you with a list of 400 names in an electronic format. What is the quickest way to search unallocated space for all of these names?

A. build adtSearch string with all 400 names

B. create a Regular Expression with all the names

C. make an imported text file of the names in Live Search

D. use an imported text file containing the names in Indexed Search

When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?

A. Report

B. Special Reports

C. Summary Report

D. Add to ReportWith Children

You view a registry file in Registry Viewer. You want to create a report, which includes items that you have marked "Add to Report." Which Registry Viewer option accomplishes this task?

A. Common Areas

B. Generate Report

C. Define Summary Report

D. Manage Summary Reports

What is the purpose of the Golden Dictionary?

A. maintains previously created level information

B. maintains previously created profile information

C. maintains a list of the 100 most likely passwords

D. maintains previously recovered passwords

What is the most effective method to facilitate successful password recovery?

A. Art of War

B. Entropy Test

C. Advanced EFS Attack

D. Primary Dictionary Attack

You are attempting to access data from the Protected Storage System Provider (PSSP) area of a registry.

How do you accomplish this using PRTK?

A. You drop the SAM file onto the PRTK interface.

B. You drop the NTUSER.dat file onto the PRTK interface.

C. You use the PSSP Attack Marshal from Registry Viewer.

D. This area can not be accessed with PRTK as it is a registry file.