A30-327 : FTK AccessData Certified Examiner - ACE - Uma ajudinha nas perguntas da certificação em FTK - Parte 4

quinta-feira, 13 de março de 2014

Quarta parte da coleção de questões para a certificação A30-327 AccessData Certified Examiner ACE, para a ferramenta FTK, FTK Imager, PRTK e Registry Viewer.

Volto a referir que é muito importante a leitura dos manuais:

Manual FTK: http://marketing.accessdata.com/acton/attachment/4390/f-0643/1/-/-/-/-/FTK_UG.pdf
Manual FTK Imager: http://marketing.accessdata.com/acton/attachment/4390/f-000d/1/-/-/-/-/file.pdf
Manual PRTK: http://marketing.accessdata.com/acton/attachment/4390/f-0653/1/-/-/-/-/PRTK_DNA%20User%20Guide.pdf
Manual Registry Viewer: http://marketing.accessdata.com/acton/attachment/4390/f-0672/1/-/-/-/-/RegistryViewer_UG.pdf

Q. Which FTK processing option would indicate a simillarity between two graphic files?
a.Entropy Test
b.PhotoDNA
c.Explicit Image Detection (EID)
d.Meta Carve

Q. Which FTK Tab would allow viewing the Process List from a RAM memory dump file?
a.Graphics Tab
b.Volatile Tab
c.Explore Tab
d.Memory Tab

Q. Which statement is true concerning the Video Thumbnail feature of FTK?
a.Videos can be shortened to make viewing faster
b.Thumbnails can be generated at user-designated intervals
c.Thumbnails are only generated at 10 seconds intervals
d.Videos can be converted to QuickTime (MOV) format

Q. Which statement is true concerning bookmarks in an FTK report?
a.FTK will only allow bookmarks containing graphics to be included in a report
b.An email attachment not part of the original bookmarked email can still be included
c.Bookmarks to be included in a report must be chosen before Report function is started
d.Filters cannot be applied to bookmarks in a report

Q. In which FTK Overview Tab container/node are Internet Explorer index.dat files classified?
a.Archive container
b.Documents container
c.Java Code container
d.Internet/Chat Files container

Q. Which of the following is NOT an option available in the FTK Report?
a.Registry Selections
b.Volatile Data
c.Create a PDF version of the report
d.Videos

Q. The last 3 pages of a 12 page English document contain Portuguese. Which statement below is true?
a.The document will be identified as Portugues by Language Identification in FTK
b.The document will be identified as English by Language Identification in FTK
c.The document's language will not be identified by Language Identification in FTK
d.The document will be identified as "multi-language" by Language Identification in FTK

Q. Which Registry Viewer operation can be conducted from FTK?
a.view all registry files from within FTK
b.create subitems of individual keys for FTK
c.display all encrypted registry content
d.decrypt passwords from the SAM file

Q. In which file format can a list of hash values be imported into FTK?
a.ISO
b.CSV
c.DD
d.AD1

Q. Which statement is true concerning decryption of filesfrom within FTK?
a.EFS files can't be decrypted from within FTK; they must be exported from the case
b.The newly decrypted file replaces the encrypted file in the FTK database
c.Multiple passwords may be attempted simultaneously via Tools > Decrypt Files
d.Only one password at a time may be attempted via Tools > Decrypt Files

Parte 1: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified.HTML
Parte 2: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_11.HTML
Parte 3: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_12.HTML
Parte 5: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_14.HTML
Parte 6: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_28.HTML
Parte 6: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_28.HTML
Parte 7: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_6649.HTML
Parte 8: http://e-forense.blogspot.com/2014/03/q.HTML
Parte 9: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_31.HTML
Parte 10: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified.HTML
Parte 11: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified_3.html

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Labels

Question Dump A30-327 ACE AccessData AccessData ACE AccessData Certified Examiner AccessData FTK FTK Segurança da Informação Software (ISC)² CISSP Certified Information System Security Professional Preparação para Certificação Browsers Ferramentas Windows Análise Forense Microsoft OSINT Ouya Redes Android Malware Open Source Open Source Intelligence Sysinternals Sysinternals Live Sysinternals tools Cache Cookies Fingerprint Games Internet Explorer Mozilla Firefox Notícia Pentesting Python Script Skype Vulnerabilidades .dd .net 3.5 1Z0-144 ARPwner AccessChk v5.11 AccessEnum v1.32 Auburn Base de Dados Bypass C# CERT CISP CMS CSIP Canonical Centro de Cibersegurança China China Software and Integrated Chip Promotions Ciência Forense Computacional Cloud Creepy Cyber Security Information Sharing Partnership Código Dev Developer Disassembler Exploits FOCA Favorites Fingerprinting Organizations with Collected Archives Firefox Foundstone FoxOne Scanner Futuremark GCHQ Galleta GameInformer Gamepop Gaming Geolocalization Github Gmail Google Chrome Hardware Hash Hotmail IDS IP IPS JSON Javascript Object Notation Format Kaspersky Lab Kon-boot Live View MAC OSX MAC OSX Bypass MI5 Malware Bancário McAfee labs Microsoft Office Mozilla Foundation Msiecfexport Netflix Nirsoft Nmap Notepad++ ODA Online DisAssembler Oracle Oracle 11G Oryon C Oryon C Portable Outlook Ouya Specs PL/SQL Pasco Passwords Phishing Poisoning Programar Programação RAW RPC Republica Popular da China SQL SQLite Sandbox Sandboxie Scan Security Meeting ShadowSEC Skype Log Viewer Smartphones SmoothSec Startup Terdot The Verge Timestamp Trojan UK Ubuntu UbuntuKylin OS Userrole Virtualização WIFI WebApp Webmails Windows Bypass Windows Registry Write Blocker XML Yahoo Zeus hash-identifier iFixIt index.dat profiles.ini sqlite3 th3j35t3r wig

Posts + Vistos

Com tecnologia do Blogger.