A30-327 : FTK AccessData Certified Examiner - ACE - Uma ajudinha nas perguntas da certificação em FTK - Parte 11

quinta-feira, 3 de abril de 2014

Decima primeira parte da coleção de questões para a certificação A30-327 AccessData Certified Examiner ACE, para a ferramenta FTK, FTK Imager, PRTK e Registry Viewer.

Volto a referir que é muito importante a leitura dos manuais:

Manual FTK: http://marketing.accessdata.com/acton/attachment/4390/f-0643/1/-/-/-/-/FTK_UG.pdf
Manual FTK Imager: http://marketing.accessdata.com/acton/attachment/4390/f-000d/1/-/-/-/-/file.pdf
Manual PRTK: http://marketing.accessdata.com/acton/attachment/4390/f-0653/1/-/-/-/-/PRTK_DNA%20User%20Guide.pdf
Manual Registry Viewer: http://marketing.accessdata.com/acton/attachment/4390/f-0672/1/-/-/-/-/RegistryViewer_UG.pdf

Estas perguntas foram retiradas de um antigo dump disponível pela internet fora.

Q.In FTK, a user may alter the alert or ignore status of individual hash sets within the active KFF. Which utility is used to accomplish this?
A. KFF Alert Editor
B. ADKFF Library Selector
C. Hash Database File Selector
D. Hash Database Recovery Engine
Answer: A

Q.After creating a case, the Encrypted Files container lists EFS files. However, no decrypted sub- items are present. All other necessary components for EFS decryption are present in the case. Which two files must be used to recover the EFS password for use in FTK? (Choose two.)
A. SAM
B. system
C. SECURITY
D. Master Key
E. FEK Certificate
Answer: A,B

Q.Which two statements are true? (Choose two.)
A. PRTK can recover Windows logon passwords.
B. PRTK must run in conjunction with DNA workers to decrypt EFS files.
C. PRTK and FTK must be installed on the same machine to decrypt EFS files.
D. EFS files must be exported from a case and provided to PRTK for decryption.
Answer: A,C


Q.Which two Registry Viewer operations can be conducted from FTK? (Choose two.)
A. list SAM file account names in FTK
B. view all registry files from within FTK
C. createsubitems of individual keys for FTK
D. export a registry report to the FTK case report
Answer: B,D

Q.FTK Imager can be invoked from within which program?
A. FTK
B. DNA
C. PRTK
D. Registry Viewer
Answer: A

Q.Into which two categories can an imported hash set be assigned? (Choose two.)
A. alert
B. ignore
C. contraband
D. system files
Answer: A,B

Q.What happens when a duplicate hash value is imported into a KFF database?
A. It will not be accepted.
B. It will be marked as a duplicate.
C. The database will be corrupted.
D. The database will hide the duplicate.
Answer: A

Q.You currently store alternate hash libraries on a remote server. Where do you configure FTK to access these files rather than the default library, ADKFFLibrary.hdb?
A. Preferences
B. User Options
C. Analysis Tools
D. Import KFF Hashes
Answer: A

Q.Which file should be selected to open an existing case in FTK?
A. ftk.exe
B. case.ini
C. case.dat
D. isobuster.dll
Answer: C

Parte 1: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified.HTML
Parte 2: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_11.HTML
Parte 3: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_12.HTML
Parte 4: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_13.HTML
Parte 5: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_14.HTML
Parte 6: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_28.HTML
Parte 7: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_6649.HTML
Parte 8: http://e-forense.blogspot.com/2014/03/q.HTML
Parte 9: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_31.HTML
Parte 10: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified.html

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Labels

Question Dump A30-327 ACE AccessData AccessData ACE AccessData Certified Examiner AccessData FTK FTK Segurança da Informação Software (ISC)² CISSP Certified Information System Security Professional Preparação para Certificação Browsers Ferramentas Windows Análise Forense Microsoft OSINT Ouya Redes Android Malware Open Source Open Source Intelligence Sysinternals Sysinternals Live Sysinternals tools Cache Cookies Fingerprint Games Internet Explorer Mozilla Firefox Notícia Pentesting Python Script Skype Vulnerabilidades .dd .net 3.5 1Z0-144 ARPwner AccessChk v5.11 AccessEnum v1.32 Auburn Base de Dados Bypass C# CERT CISP CMS CSIP Canonical Centro de Cibersegurança China China Software and Integrated Chip Promotions Ciência Forense Computacional Cloud Creepy Cyber Security Information Sharing Partnership Código Dev Developer Disassembler Exploits FOCA Favorites Fingerprinting Organizations with Collected Archives Firefox Foundstone FoxOne Scanner Futuremark GCHQ Galleta GameInformer Gamepop Gaming Geolocalization Github Gmail Google Chrome Hardware Hash Hotmail IDS IP IPS JSON Javascript Object Notation Format Kaspersky Lab Kon-boot Live View MAC OSX MAC OSX Bypass MI5 Malware Bancário McAfee labs Microsoft Office Mozilla Foundation Msiecfexport Netflix Nirsoft Nmap Notepad++ ODA Online DisAssembler Oracle Oracle 11G Oryon C Oryon C Portable Outlook Ouya Specs PL/SQL Pasco Passwords Phishing Poisoning Programar Programação RAW RPC Republica Popular da China SQL SQLite Sandbox Sandboxie Scan Security Meeting ShadowSEC Skype Log Viewer Smartphones SmoothSec Startup Terdot The Verge Timestamp Trojan UK Ubuntu UbuntuKylin OS Userrole Virtualização WIFI WebApp Webmails Windows Bypass Windows Registry Write Blocker XML Yahoo Zeus hash-identifier iFixIt index.dat profiles.ini sqlite3 th3j35t3r wig

Posts + Vistos

Com tecnologia do Blogger.