Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. AccessData
  3. AccessData Certification
  4. A30-327 - AccessData Certified Examiner

AccessData A30-327 AccessData Certified Examiner Exam Practice Test

Page: 1 / 6
Total 60 questions
Get A30-327 Full Access Download A30-327 PDF

AccessData Certified Examiner Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$42  $119.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$59.5  $169.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$36.75  $104.99
Add to Cart
Question 1

Click the Exhibit button.

What change do you make to the file filter shown in the exhibit in order to show only graphics with a logical size between 500 kilobytes and 10 megabytes?

Options:

A.

You change all file status items to a red circle.

B.

You change all file status items to a yellow triangle.

C.

You make no change. The filter is correct as shown.

D.

You change Graphics in the File Type column to a yellow triangle.

Question 2

What is the purpose of the Golden Dictionary?

Options:

A.

maintains previously created level information

B.

maintains previously created profile information

C.

maintains a list of the 100 most likely passwords

D.

maintains previously recovered passwords

Question 3

What happens when a duplicate hash value is imported into a KFF database?

Options:

A.

It will not be accepted.

B.

It will be marked as a duplicate.

C.

The database will be corrupted.

D.

The database will hide the duplicate.

Question 4

In FTK, which search broadening option allows you to find grammatical variations of the word "kill" such as "killer," "killed," and "killing"?

Options:

A.

Phonic

B.

Synonym

C.

Stemming

D.

Fuzzy Logic

Question 5

To obtain protected files on a live machine with FTK Imager, which evidence item should be added?

Options:

A.

image file

B.

currently booted drive

C.

server object settings

D.

profile access control list

Question 6

You are using FTK to process e-mail files. In which two areas can E-mail attachments be

located? (Choose two.)

Options:

A.

the E-mail tab

B.

the From E-mail container in the Overview tab

C.

the Evidence Items container in the Overview tab

D.

the E-mail Messages container in the Overview tab

Question 7

What are two functions of the Summary Report in Registry Viewer? (Choose two.)

Options:

A.

adds individual key values

B.

is a template for other registry files

C.

displays investigator keyword search results

D.

permits searching of registry values based on key headers

Question 8

FTK Imager can be invoked from within which program?

Options:

A.

FTK

B.

DNA

C.

PRTK

D.

Registry Viewer

Question 9

When previewing a physical drive on a local machine with FTK Imager, which statement is true?

Options:

A.

FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.

B.

FTK Imager can operate from a USB drive, thus preventing writes to suspect media.

C.

FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.

D.

FTK Imager should always be used in conjunction with a hardware write protect device to

prevent writes to suspect media.

Load More A30-327 Questions
Page: 1 / 6
Total 60 questions
Get A30-327 Full Access Download A30-327 PDF