A30-327 : FTK AccessData Certified Examiner - ACE - Uma ajudinha nas perguntas da certificação em FTK - Parte 10
Decima parte da coleção de questões para a certificação A30-327 AccessData Certified Examiner ACE, para a ferramenta FTK, FTK Imager, PRTK e Registry Viewer.
Volto a referir que é muito importante a leitura dos manuais:
Manual FTK: http://marketing.accessdata.com/acton/attachment/4390/f-0643/1/-/-/-/-/FTK_UG.pdf
Manual FTK Imager: http://marketing.accessdata.com/acton/attachment/4390/f-000d/1/-/-/-/-/file.pdf
Manual PRTK: http://marketing.accessdata.com/acton/attachment/4390/f-0653/1/-/-/-/-/PRTK_DNA%20User%20Guide.pdf
Manual Registry Viewer: http://marketing.accessdata.com/acton/attachment/4390/f-0672/1/-/-/-/-/RegistryViewer_UG.pdf
Estas perguntas foram retiradas de um antigo dump disponível pela internet fora.
Q.Which data in the Registry can the Registry Viewer translate for the user? (Choose three.)
A. calculate MD5 hashes of individual keys
B. translate the MRUs in chronological order
C. present data stored in null terminated keys
D. present the date and time of each typed URL
E. View Protected Storage System Provider (PSSP) data
Answer: B,C,E
Q.What are two functions of the Summary Report in Registry Viewer? (Choose two.)
A. adds individual key values
B. is a template for other registry files
C. displays investigator keyword search results
D. permits searching of registry values based on key headers
Answer: A,B
Q.When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?
A. Report
B. Special Reports
C. Summary Report
D. Add to ReportWith Children
Answer: C
Q.You view a registry file in Registry Viewer. You want to create a report, which includes items that you have marked "Add to Report." Which Registry Viewer option accomplishes this task?
A. Common Areas
B. Generate Report
C. Define Summary Report
D. Manage Summary Reports
Answer: B
Q.Which Registry Viewer function would allow you to automatically document multiple unknown user names?
A. Add to Report
B. Export User List
C. Add to Report with Children
D. Summary Report with Wildcard
Answer: D
Q.In PRTK, which type of attack uses word lists?
A. dictionary attack
B. key space attack
C. brute-force attack
D. rainbow table attack
Answer: A
Q.What is the purpose of the Golden Dictionary?
A. maintains previously created level information
B. maintains previously created profile information
C. maintains a list of the 100 most likely passwords
D. maintains previously recovered passwords
Answer: D
Q.What is the most effective method to facilitate successful password recovery?
A. Art of War
B. Entropy Test
C. Advanced EFS Attack
D. Primary Dictionary Attack
Answer: A
Q.You are attempting to access data from the Protected Storage System Provider (PSSP) area of a registry. How do you accomplish this using PRTK?
A. You drop the SAM file onto the PRTK interface.
B. You drop the NTUSER.dat file onto the PRTK interface.
C. You use the PSSP Attack Marshal from Registry Viewer.
D. This area can not be accessed with PRTK as it is a registry file.
Answer: B
Q.When using PRTK to attack encrypted files exported from a case, which statement is true?
A. PRTK will request the user access control list from FTK.
B. PRTK will generate temporary copies of decrypted files for printing.
C. FTK will stop all active jobs to allow PRTK to decrypt the exported files.
D. File hash values will change when they are saved in their decrypted format.
E. Additional interoperability between PRTK andNTAccess becomes available when files begin decrypting.
Answer: D
Parte 1: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified.HTML
Parte 2: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_11.HTML
Parte 3: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_12.HTML
Parte 4: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_13.HTML
Parte 5: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_14.HTML
Parte 6: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_28.HTML
Parte 7: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_6649.HTML
Parte 8: http://e-forense.blogspot.com/2014/03/q.HTML
Parte 9: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_31.HTML
Parte 11: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified_3.html
