A30-327 : FTK AccessData Certified Examiner - ACE - Uma ajudinha nas perguntas da certificação em FTK - Parte 8
Oitava parte da coleção de questões para a certificação A30-327 AccessData Certified Examiner ACE, para a ferramenta FTK, FTK Imager, PRTK e Registry Viewer.
Volto a referir que é muito importante a leitura dos manuais:
Manual FTK: http://marketing.accessdata.com/acton/attachment/4390/f-0643/1/-/-/-/-/FTK_UG.pdf
Manual FTK Imager: http://marketing.accessdata.com/acton/attachment/4390/f-000d/1/-/-/-/-/file.pdf
Manual PRTK: http://marketing.accessdata.com/acton/attachment/4390/f-0653/1/-/-/-/-/PRTK_DNA%20User%20Guide.pdf
Manual Registry Viewer: http://marketing.accessdata.com/acton/attachment/4390/f-0672/1/-/-/-/-/RegistryViewer_UG.pdf
Estas perguntas foram retiradas de um antigo dump disponível pela internet fora.
Q.When adding data to FTK, which statement about DriveFreeSpace is true?
A. DriveFreeSpace is merged with deleted files.
B. DriveFreeSpace is segmented into 10 megabyte items.
C. DriveFreeSpace is truncated, based on the size of the case.dat file.
D. DriveFreeSpace is classified with file slack items in the Overview tab.
Answer: D
Q.You are using FTK to process e-mail files. In which two areas can E-mail attachments be located? (Choose two.)
A. the E-mail tab
B. the From E-mail container in the Overview tab
C. the Evidence Items container in the Overview tab
D. the E-mail Messages container in the Overview tab
Answer: A,B
Q.In FTK, which tab provides specific information on the evidence items, file items, file status and file category?
A. E-mail tab
B. Explore tab
C. Overview tab
D. Graphics tab
Answer: C
Q.In FTK, you navigate to the Graphics tab at the Case level and you do not see any graphics. What should you do to see all graphics in the case?
A. list all descendants
B. run the graphic files filter
C. check all items in the current list
D. select the Graphics container button
Answer: A
Q.In FTK, which two formats can be used to export an E-mail message? (Choose two.)
A. raw format
B. XML format
C. PDF format
D. HTML format
E. binary format
Answer: A,D
Q.In FTK, when you view the Total File Items container (rather than the Actual Files container), why are there more items than files?
A. Total File Items includes files that are in archive files, while Actual Files does not.
B. Total File Items includes all unfiltered files while Actual Files includes only checked files.
C. Total File Items includes all KFFIgnorables while Actual Files includes only the KFF Alerts.
D. Total File Items includes files that are in the Graphics and E-Mail tabs, while Actual Files only includes files in the Graphics tab while excluding attachments in the E-mail tab.
Answer: A
Q.Which statement is true about Processes to Perform in FTK?
A. Processing options can be chosen only when adding evidence.
B. Processing options can be chosen during or after adding evidence.
C. Processing options can be chosen only after evidence has been added.
D. If processing is not performed while adding evidence, the case must be started again.
Answer: B
Q.What are three types of evidence that can be added to a case in FTK? (Choose three.)
A. local drive
B. registry MRU list
C. contents of a folder
D. acquired image of a drive
E. compressed volume files (CVFs)
Answer: A,C,D
Q.You want to search for two words within five words of each other. Which search request would accomplish this function?
A. apple by pear w/5
B. June near July w/5
C. supernova w/5cassiopeia
D. supernova bycassiopeia w/5
Answer: C
Q.Click the Exhibit button.You need to search for specific data that are located in a Microsoft Word document. You do not know the exact spelling of this datA. Using the Index Search Options as displayed in the exhibit, which changes do you make in the Broadening Options and Search Limiting Options containers?
A. check the Fuzzy box;check the File Name Pattern box;type *.doc in the pattern container
B. check the Stemming box;check the File Name Pattern box;type *.doc in the pattern container
C. check the Synonym box;check the File Name Pattern box;type *.doc in the pattern container
D. check the Stemming box;check the File Name Pattern box;type %.doc in the pattern container
Answer: A
Parte 1: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified.HTML
Parte 2: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_11.HTML
Parte 3: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_12.HTML
Parte 4: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_13.HTML
Parte 5: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_14.HTML
Parte 6: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_28.HTML
Parte 7: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_6649.HTML
Parte 9: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_31.HTML
Parte 10: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified.HTML
Parte 11: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified_3.html
