A30-327 : FTK AccessData Certified Examiner - ACE - Uma ajudinha nas perguntas da certificação em FTK - Parte 5

sexta-feira, 14 de março de 2014

Quinta parte da coleção de questões para a certificação A30-327 AccessData Certified Examiner ACE, para a ferramenta FTK, FTK Imager, PRTK e Registry Viewer.

Volto a referir que é muito importante a leitura dos manuais:

Manual FTK: http://marketing.accessdata.com/acton/attachment/4390/f-0643/1/-/-/-/-/FTK_UG.pdf
Manual FTK Imager: http://marketing.accessdata.com/acton/attachment/4390/f-000d/1/-/-/-/-/file.pdf
Manual PRTK: http://marketing.accessdata.com/acton/attachment/4390/f-0653/1/-/-/-/-/PRTK_DNA%20User%20Guide.pdf
Manual Registry Viewer: http://marketing.accessdata.com/acton/attachment/4390/f-0672/1/-/-/-/-/RegistryViewer_UG.pdf


Q. Which Registry Viewer function allows automatic documentation of multiple unknown user names?
a.Add to Report with Children
b.Export User List
c.Summary Report with WildCard
d.Add to Report
 
Q.Which statement is true concerning the Biographical Dictionary in PRTK?
a.Data can be input in any category without affecting effectiveness
b.The resulting dictionary creates permutations of input terms
c.It helps to create an overall picture of the computer user
d.The Biographical Dictionary contains locally recovered passwords
 
Q.Using FTK’s Data Carving function, a new item named “carved[2768].jpg” is carved from unallocated space. What does the “[2768]” indicate?
a.2768 is the FTK item number for the newly carved graphic
b.2768 is the FTK item number of the parent item
c.The carved graphic was located at offset 2,768 within the parent item
d.The carved item is the 2,768th carved item in the FTK case
 
Q.Which statement is true concerning bookmarks in an FTK report?
a.FTK will only allow bookmarks containing graphics to be included in a report
b.Filters cannot be applied to bookmarks in a report
c.An email attachment not part of the original bookmarked email can still be included.
d.Bookmarks to be included in a report must be chosen before the Report function is started
 
Q.Which statement concerning TR1 Regular Expressions in FTK is true?
a.A TR1 expression can be run from the Index Search Tab
b.A TR1 expression can be run as a processing option during case creation
c.A TR1 expression must be run from the Live Search Tab
d.A TR1 expression can be shared via the Manage menu


Q.Which statment is true concerning files sent directly from FTK for decryption in PRTK/DNA?
a.The FTK Wordlist will also be sent with the file to be decrypted.
b.A Biographical Dictionary may be added to the attack profile after the file is sent.
c.PRTK/DNA must be running before the file is sent.
d.The default attack profile will be used for the decryption job.


Parte 1: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified.HTML
Parte 2: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_11.HTML
Parte 3: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_12.HTML
Parte 4: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_13.HTML
Parte 6: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_28.HTML
Parte 6: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_28.HTML
Parte 7: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_6649.HTML
Parte 8: http://e-forense.blogspot.com/2014/03/q.HTML
Parte 9: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_31.HTML
Parte 10: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified.HTML
Parte 11: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified_3.html

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Labels

Question Dump A30-327 ACE AccessData AccessData ACE AccessData Certified Examiner AccessData FTK FTK Segurança da Informação Software (ISC)² CISSP Certified Information System Security Professional Preparação para Certificação Browsers Ferramentas Windows Análise Forense Microsoft OSINT Ouya Redes Android Malware Open Source Open Source Intelligence Sysinternals Sysinternals Live Sysinternals tools Cache Cookies Fingerprint Games Internet Explorer Mozilla Firefox Notícia Pentesting Python Script Skype Vulnerabilidades .dd .net 3.5 1Z0-144 ARPwner AccessChk v5.11 AccessEnum v1.32 Auburn Base de Dados Bypass C# CERT CISP CMS CSIP Canonical Centro de Cibersegurança China China Software and Integrated Chip Promotions Ciência Forense Computacional Cloud Creepy Cyber Security Information Sharing Partnership Código Dev Developer Disassembler Exploits FOCA Favorites Fingerprinting Organizations with Collected Archives Firefox Foundstone FoxOne Scanner Futuremark GCHQ Galleta GameInformer Gamepop Gaming Geolocalization Github Gmail Google Chrome Hardware Hash Hotmail IDS IP IPS JSON Javascript Object Notation Format Kaspersky Lab Kon-boot Live View MAC OSX MAC OSX Bypass MI5 Malware Bancário McAfee labs Microsoft Office Mozilla Foundation Msiecfexport Netflix Nirsoft Nmap Notepad++ ODA Online DisAssembler Oracle Oracle 11G Oryon C Oryon C Portable Outlook Ouya Specs PL/SQL Pasco Passwords Phishing Poisoning Programar Programação RAW RPC Republica Popular da China SQL SQLite Sandbox Sandboxie Scan Security Meeting ShadowSEC Skype Log Viewer Smartphones SmoothSec Startup Terdot The Verge Timestamp Trojan UK Ubuntu UbuntuKylin OS Userrole Virtualização WIFI WebApp Webmails Windows Bypass Windows Registry Write Blocker XML Yahoo Zeus hash-identifier iFixIt index.dat profiles.ini sqlite3 th3j35t3r wig

Posts + Vistos

Com tecnologia do Blogger.