Scribd
Upload
87 views

Accessdata A30-327 Dumps

The document provides a tutorial and practice questions for the AccessData A30-327 exam. It contains 60 multiple choice questions covering topics like using AccessData's Forensic Toolkit (FTK) and FTK Imager software. For each question, the correct answer is provided along with an option to view additional comments. The questions test knowledge of features, functions, and capabilities within FTK and FTK Imager like searching for files, viewing file properties, decrypting encrypted files, and more.

Uploaded by

Imran Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
87 views

Accessdata A30-327 Dumps

The document provides a tutorial and practice questions for the AccessData A30-327 exam. It contains 60 multiple choice questions covering topics like using AccessData's Forensic Toolkit (FTK) and FTK Imager software. For each question, the correct answer is provided along with an option to view additional comments. The questions test knowledge of features, functions, and capabilities within FTK and FTK Imager like searching for files, viewing file properties, decrypting encrypted files, and more.

Uploaded by

Imran Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

1/14/2019 AccessData A30-327 Exam Tutorial, A30-327 Practice Questions, 100% Free | Exam-Labs

HOME NEW FILES UPLOAD FILE VCE SIMULATOR JOBS BLOG VIDEO TUTORIALS LOGIN/REGISTER FAQ CONTACT

Practice Exams: Microsoft Cisco VMware CompTIA Citrix ECCouncil ISC ITIL Oracle PMI RedHat Amazon HP IBM View All

Home AccessData Exams A30-327

AccessData A30-327 Dumps How to Open VCE Files


Exam: AccessData Certified Examiner Use VCE Exam Simulator from Avanset.com

AccessData A30-327 Exam Tutorial


Showing 41-60 of 60 Questions Back (Page 3 out of 3)

Question No : 41
Click the Exhibit button. VCE Exam Simulator
You need to search for specific data that are located in a Microsoft Word document. You do
For Windows
A. check the Fuzzy box; check the File Name Pattern box; type *.doc in the pattern container
B. check the Stemming box; check the File Name Pattern box; type *.doc in the pattern container Android VCE Simulator
C. check the Synonym box; check the File Name Pattern box; type *.doc in the pattern container
For Android
D. check the Stemming box; check the File Name Pattern box; type %.doc in the pattern container

Hide Answer Show Comments (1)


iPhone VCE Simulator
For iPhone
Answer: A
VCE Simulator
For Mac OS X
Question No : 42
In FTK, when you view the Total File Items container (rather than the Actual Files
container), why are there more items than files? A30-327 Exam Info
A. Total File Items includes files that are in archive files, while Actual Files does not.
B. Total File Items includes all unfiltered files while Actual Files includes only checked files.
A30-327 Exam Tutorial
C. Total File Items includes all KFF Ignorables while Actual Files includes only the KFF Alerts.
D. Total File Items includes files that are in the Graphics and E-Mail tabs, while Actual Files only includes files in the
Graphics tab while excluding attachments in the E-mail tab.
Site Search:
Hide Answer Show Comments (1)

Answer: A

Question No : 43
Which three items are displayed in FTK Imager for an individual file in the Properties
window? (Choose three.)
A. flags
B. filename
C. hash set
D. timestamps
E. item number

Hide Answer Show Comments (1)

Answer: A,B,D

Question No : 44
FTK Imager can be invoked from within which program?
A. FTK
B. DNA
C. PRTK
D. Registry Viewer

Hide Answer

Answer: A

Question No : 45
After creating a case, the Encrypted Files container lists EFS files. However, no decrypted
sub- items are present. All other necessary components for EFS decryption are present in
the case. Which two files must be used to recover the EFS password for use in FTK?
(Choose two.)
A. SAM
B. system
C. SECURITY
D. Master Key
E. FEK Certificate

https://www.exam-labs.com/exam/A30-327#tutorial 1/4
1/14/2019 AccessData A30-327 Exam Tutorial, A30-327 Practice Questions, 100% Free | Exam-Labs

Hide Answer Show Comments (1)

Answer: A,B

Question No : 46
You are using FTK to process e-mail files. In which two areas can E-mail attachments be
located? (Choose two.)
A. the E-mail tab
B. the From E-mail container in the Overview tab
C. the Evidence Items container in the Overview tab
D. the E-mail Messages container in the Overview tab

Hide Answer Show Comments (1)

Answer: A,B

Question No : 47
When using FTK Imager to preview a physical drive, which number is assigned to the first
logical volume of an extended partition?
A. 2
B. 3
C. 4
D. 5

Hide Answer

Answer: D

Question No : 48
FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose
two.)
A. E01
B. Ghost
C. SMART
D. SafeBack

Hide Answer Show Comments (1)

Answer: A,C

Question No : 49
Which two image formats contain an embedded hash value for file verification? (Choose
two.)
A. E01
B. S01
C. ISO
D. CUE
E. 001 (dd)

Hide Answer Show Comments (1)

Answer: A,B

Question No : 50
In FTK, which tab provides specific information on the evidence items, file items, file status
and file category?
A. E-mail tab
B. Explore tab
C. Overview tab
D. Graphics tab

Hide Answer Show Comments (1)

Answer: C

Question No : 51
When using Registry Viewer to view a key with 20 values, what option can be used to
display only 5 of the 20 values in a report?
A. Report
B. Special Reports
C. Summary Report
D. Add to Report With Children

Hide Answer Show Comments (1)

Answer: C

Question No : 52
What happens when a duplicate hash value is imported into a KFF database?
A. It will not be accepted.
B. It will be marked as a duplicate.
C. The database will be corrupted.
D. The database will hide the duplicate.

Hide Answer Show Comments (1)

https://www.exam-labs.com/exam/A30-327#tutorial 2/4
1/14/2019 AccessData A30-327 Exam Tutorial, A30-327 Practice Questions, 100% Free | Exam-Labs

Answer: A

Question No : 53
What are three image file formats that can be read by FTK Imager? (Choose three.)
A. E01 files
B. raw (dd) image files
C. SafeBack version 2.2 image files
D. SafeBack version 3.0 image files
E. Symantec Ghost compressed image files

Hide Answer Show Comments (1)

Answer: A,B,C

Question No : 54
In FTK, you navigate to the Graphics tab at the Case level and you do not see any
graphics. What should you do to see all graphics in the case?
A. list all descendants
B. run the graphic files filter
C. check all items in the current list
D. select the Graphics container button

Hide Answer Show Comments (1)

Answer: A

Question No : 55
You examine evidence and flag several graphic images found in different folders. You now
want to bookmark these items into a single bookmark. Which tab in FTK do you use to view
only the flagged thumbnails?
A. Explore tab
B. Graphics tab
C. Overview tab
D. Bookmark tab

Hide Answer Show Comments (1)

Answer: C

Question No : 56
Which data in the Registry can the Registry Viewer translate for the user? (Choose three.)
A. calculate MD5 hashes of individual keys
B. translate the MRUs in chronological order
C. present data stored in null terminated keys
D. present the date and time of each typed URL
E. View Protected Storage System Provider (PSSP) data

Hide Answer Show Comments (1)

Answer: B,C,E

Question No : 57
Which statement is true about using FTK Imager to simultaneously create multiple images
of a single source?
A. In the Image Creation Wizard, you should select the Add Additional Drives option.
B. You should use the Create Multiple Images option to create server image objects.
C. You should note the evidence item source signature and add it to the Image View pane.
D. In the Image Creation Wizard, you should add multiple destination jobs from the same source prior To beginning image
creation.

Hide Answer Show Comments (1)

Answer: D

Question No : 58
You are converting one image file format to another using FTK Imager. Why are the hash
values of the original image and the resulting new image the same?
A. because FTK Imager's progress bar tracks the conversion
B. because FTK Imager verifies the amount of data converted
C. because FTK Imager compares the elapsed time of conversion
D. because FTK Imager hashes only the data during the conversion

Hide Answer Show Comments (1)

Answer: D

Question No : 59
Which three items are contained in an Image Summary File using FTK Imager? (Choose
three.)
A. MD5
B. CRC
C. SHA1
D. Sector Count
E. Cluster Count

Hide Answer Show Comments (1)

https://www.exam-labs.com/exam/A30-327#tutorial 3/4
1/14/2019 AccessData A30-327 Exam Tutorial, A30-327 Practice Questions, 100% Free | Exam-Labs

Answer: A,C,D

Question No : 60
Which type of evidence can be added to FTK Imager?
A. individual files
B. all checked items
C. contents of a folder
D. all currently listed items

Hide Answer Show Comments (1)

Answer: C

Showing 41-60 of 60 Questions Back (Page 3 out of 3)

Upload VCE File Video Tutorials Blog Privacy Policy Terms & Conditions Archived Exams Discussion

https://www.exam-labs.com/exam/A30-327#tutorial 4/4

You might also like