Scribd Logo
Upload

Welcome to Scribd!

  • 2

    Uploaded by

    Imran Khan
    18 views4 pages
    FTK

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    FTK

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views4 pages

    2

    Uploaded by

    Imran Khan
    FTK

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    1/14/2019 AccessData A30-327 Exam Tutorial, A30-327 Practice Questions, 100% Free | Exam-Labs

    HOME NEW FILES UPLOAD FILE VCE SIMULATOR JOBS BLOG VIDEO TUTORIALS LOGIN/REGISTER FAQ CONTACT

    Practice Exams: Microsoft Cisco VMware CompTIA Citrix ECCouncil ISC ITIL Oracle PMI RedHat Amazon HP IBM View All

    Home AccessData Exams A30-327

    AccessData A30-327 Dumps How to Open VCE Files


    Exam: AccessData Certified Examiner Use VCE Exam Simulator from Avanset.com

    AccessData A30-327 Exam Tutorial


    Showing 21-40 of 60 Questions Back Next (Page 2 out of 3)

    Question No : 21
    Which pattern does the following regular expression recover? VCE Exam Simulator
    (\d{4}[\- ]){3}\d{4}
    For Windows
    A. 000-000-0000
    B. ddd-4-3-dddd-4-3 Android VCE Simulator
    C. 000-00000-000-ABC
    For Android
    D. 0000-0000-0000-0000

    Hide Answer Show Comments (1)


    iPhone VCE Simulator
    For iPhone
    Answer: D
    VCE Simulator
    For Mac OS X
    Question No : 22
    When adding data to FTK, which statement about DriveFreeSpace is true?
    A. DriveFreeSpace is merged with deleted files. A30-327 Exam Info
    B. DriveFreeSpace is segmented into 10 megabyte items.
    C. DriveFreeSpace is truncated, based on the size of the case.dat file.
    A30-327 Exam Tutorial
    D. DriveFreeSpace is classified with file slack items in the Overview tab.

    Hide Answer Show Comments (1)


    Site Search:
    Answer: D

    Question No : 23
    Which two Registry Viewer operations can be conducted from FTK? (Choose two.)
    A. list SAM file account names in FTK
    B. view all registry files from within FTK
    C. create subitems of individual keys for FTK
    D. export a registry report to the FTK case report

    Hide Answer Show Comments (1)

    Answer: B,D

    Question No : 24
    What is the purpose of the Golden Dictionary?
    A. maintains previously created level information
    B. maintains previously created profile information
    C. maintains a list of the 100 most likely passwords
    D. maintains previously recovered passwords

    Hide Answer Show Comments (1)

    Answer: D

    Question No : 25
    You create two evidence images from the suspect's drive: suspect.E01 and suspect.001.
    You want to be able to verify that the image hash values are the same for suspect.E01 and
    suspect.001 image files. Which file has the hash value for the Raw (dd) image?
    A. suspect.001.txt
    B. suspect.E01.txt
    C. suspect.001.csv
    D. suspect.E01.csv

    Hide Answer Show Comments (1)

    Answer: A

    Question No : 26
    How can you use FTK Imager to obtain registry files from a live system?

    https://www.exam-labs.com/exam/A30-327#tutorial 1/4
    1/14/2019 AccessData A30-327 Exam Tutorial, A30-327 Practice Questions, 100% Free | Exam-Labs
    A. You use the Export Files option.
    B. You use the Advanced Recovery option.
    C. Registry files cannot be exported from a live system.
    D. You use the Protected Storage System Provider option.

    Hide Answer Show Comments (1)

    Answer: A

    Question No : 27
    Which statement is true about using FTK Imager to export a folder and its subfolders?
    A. Exporting a folder will copy all its subfolders.
    B. Each subfolder must be exported individually.
    C. Exporting a folder copies only the folder without any files.
    D. Exporting a folder will copy all subfolders without the system attribute.

    Hide Answer Show Comments (1)

    Answer: A

    Question No : 28
    In FTK, which search broadening option allows you to find grammatical variations of the
    word "kill" such as "killer," "killed," and "killing"?
    A. Phonic
    B. Synonym
    C. Stemming
    D. Fuzzy Logic

    Hide Answer

    Answer: C

    Question No : 29
    Which two statements are true? (Choose two.)
    A. PRTK can recover Windows logon passwords.
    B. PRTK must run in conjunction with DNA workers to decrypt EFS files.
    C. PRTK and FTK must be installed on the same machine to decrypt EFS files.
    D. EFS files must be exported from a case and provided to PRTK for decryption.

    Hide Answer Show Comments (2)

    Answer: A,C

    Question No : 30
    To obtain protected files on a live machine with FTK Imager, which evidence item should
    be added?
    A. image file
    B. currently booted drive
    C. server object settings
    D. profile access control list

    Hide Answer Show Comments (1)

    Answer: B

    Question No : 31
    What is the most effective method to facilitate successful password recovery?
    A. Art of War
    B. Entropy Test
    C. Advanced EFS Attack
    D. Primary Dictionary Attack

    Hide Answer

    Answer: A

    Question No : 32
    Which two options are available in the FTK Report Wizard? (Choose two.)
    A. List by File Path
    B. List File Properties
    C. Include HTML File Listing
    D. Include PRTK Output List

    Hide Answer Show Comments (1)

    Answer: A,B

    Question No : 33
    Into which two categories can an imported hash set be assigned? (Choose two.)
    A. alert
    B. ignore
    C. contraband
    D. system files

    Hide Answer Show Comments (1)

    Answer: A,B

    https://www.exam-labs.com/exam/A30-327#tutorial 2/4
    1/14/2019 AccessData A30-327 Exam Tutorial, A30-327 Practice Questions, 100% Free | Exam-Labs

    Question No : 34
    In FTK, a user may alter the alert or ignore status of individual hash sets within the active
    KFF. Which utility is used to accomplish this?
    A. KFF Alert Editor
    B. ADKFF Library Selector
    C. Hash Database File Selector
    D. Hash Database Recovery Engine

    Hide Answer Show Comments (1)

    Answer: A

    Question No : 35
    In PRTK, which type of attack uses word lists?
    A. dictionary attack
    B. key space attack
    C. brute-force attack
    D. rainbow table attack

    Hide Answer Show Comments (1)

    Answer: A

    Question No : 36
    While analyzing unallocated space, you locate what appears to be a 64-bit Windows date
    and
    time. Which FTK Imager feature allows you display the information as a date and time?
    A. INFO2 Filter
    B. Base Converter
    C. Metadata Parser
    D. Hex Value Interpreter

    Hide Answer Show Comments (1)

    Answer: D

    Question No : 37
    Which statement is true about Processes to Perform in FTK?
    A. Processing options can be chosen only when adding evidence.
    B. Processing options can be chosen during or after adding evidence.
    C. Processing options can be chosen only after evidence has been added.
    D. If processing is not performed while adding evidence, the case must be started again.

    Hide Answer Show Comments (1)

    Answer: B

    Question No : 38
    When previewing a physical drive on a local machine with FTK Imager, which statement is
    true?
    A. FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.
    B. FTK Imager can operate from a USB drive, thus preventing writes to suspect media.
    C. FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.
    D. FTK Imager should always be used in conjunction with a hardware write protect device to prevent writes to suspect
    media.

    Hide Answer Show Comments (1)

    Answer: D

    Question No : 39
    You successfully export and create a file hash list while using FTK Imager. Which three
    pieces of information are included in this file? (Choose three.)
    A. MD5
    B. SHA1
    C. filename
    D. record date
    E. date modified

    Hide Answer Show Comments (1)

    Answer: A,B,C

    Question No : 40
    You are attempting to access data from the Protected Storage System Provider (PSSP)
    area of a registry. How do you accomplish this using PRTK?
    A. You drop the SAM file onto the PRTK interface.
    B. You drop the NTUSER.dat file onto the PRTK interface.
    C. You use the PSSP Attack Marshal from Registry Viewer.
    D. This area can not be accessed with PRTK as it is a registry file.

    Hide Answer Show Comments (1)

    Answer: B

    Showing 21-40 of 60 Questions Back Next (Page 2 out of 3)

    https://www.exam-labs.com/exam/A30-327#tutorial 3/4
    1/14/2019 AccessData A30-327 Exam Tutorial, A30-327 Practice Questions, 100% Free | Exam-Labs

    Upload VCE File Video Tutorials Blog Privacy Policy Terms & Conditions Archived Exams Discussion

    https://www.exam-labs.com/exam/A30-327#tutorial 4/4

    You might also like