Scribd
Upload
47 views

Looking For Real Exam Questions For IT Certification Exams!

The document is advertising study guides for IT certification exams from certificationking.com. It claims that with 10-12 hours of studying their guides, which contain actual exam questions and accurate answers, a person can pass any IT certification exam on the first attempt. It also states that one can download a free sample of any guide from their website to test the quality. The document provides the website to order guides and contact for payment options or other inquiries.

Uploaded by

shenoda aw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
47 views

Looking For Real Exam Questions For IT Certification Exams!

The document is advertising study guides for IT certification exams from certificationking.com. It claims that with 10-12 hours of studying their guides, which contain actual exam questions and accurate answers, a person can pass any IT certification exam on the first attempt. It also states that one can download a free sample of any guide from their website to test the quality. The document provides the website to order guides and contact for payment options or other inquiries.

Uploaded by

shenoda aw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Looking for Real Exam Questions for IT Certification Exams!

We guarantee you can pass any IT certification exam at your first attempt with just 10-12
hours study of our guides.

Our study guides contain actual exam questions; accurate answers with detailed explanation
verified by experts and all graphics and drag-n-drop exhibits shown just as on the real test.

To test the quality of our guides, you can download the one-fourth portion of any guide from
http://www.certificationking.com absolutely free. You can also download the guides for retired
exams that you might have taken in the past.

For pricing and placing order, please visit http://certificationking.com/order.html


We accept all major credit cards through www.paypal.com

For other payment options and any further query, feel free to mail us at
[email protected]
AccessData A30-327: Practice Exam
QUESTION NO: 1

Which three items are displayed in FTK Imager for an individual file in the Properties
window? (Choose three.)

A. flags
B. filename
C. hash set
D. timestamps
E. item number

Answer: A,B,D

QUESTION NO: 2

In FTK, which search broadening option allows you to find grammatical variations of the word "kill"
such as "killer," "killed," and "killing"?

A. Phonic
B. Synonym
C. Stemming
D. Fuzzy Logic

Answer: C

QUESTION NO: 3

When using FTK Imager to preview a physical drive, which number is assigned to the first logical
volume of an extended partition?

A. 2
B. 3
C. 4
D. 5

Answer: D

QUESTION NO: 4

When previewing a physical drive on a local machine with FTK Imager, which statement is true?

A. FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.

www.CertificationKing.com 2
AccessData A30-327: Practice Exam
B. FTK Imager can operate from a USB drive, thus preventing writes to suspect media.
C. FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.
D. FTK Imager should always be used in conjunction with a hardware write protect device to
prevent writes to suspect media.

Answer: D

QUESTION NO: 5

Which type of evidence can be added to FTK Imager?

A. individual files
B. all checked items
C. contents of a folder
D. all currently listed items

Answer: C

QUESTION NO: 6

To obtain protected files on a live machine with FTK Imager, which evidence item should be
added?

A. image file
B. currently booted drive
C. server object settings
D. profile access control list

Answer: B

QUESTION NO: 7

What are three image file formats that can be read by FTK Imager? (Choose three.)

A. E01 files
B. raw (dd) image files
C. SafeBack version 2.2 image files
D. SafeBack version 3.0 image files
E. Symantec Ghost compressed image files

Answer: A,B,C

www.CertificationKing.com 3
AccessData A30-327: Practice Exam

QUESTION NO: 8

Which statement is true about using FTK Imager to simultaneously create multiple images of a
single source?

A. In the Image Creation Wizard, you should select the Add Additional Drives option.
B. You should use the Create Multiple Images option to create server image objects.
C. You should note the evidence item source signature and add it to the Image View pane.
D. In the Image Creation Wizard, you should add multiple destination jobs from the same
source prior To beginning image creation.

Answer: D

QUESTION NO: 9

FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)

A. E01
B. Ghost
C. SMART
D. SafeBack

Answer: A,C

QUESTION NO: 10

You are converting one image file format to another using FTK Imager. Why are the hash
values of the original image and the resulting new image the same?

A. because FTK Imager's progress bar tracks the conversion


B. because FTK Imager verifies the amount of data converted
C. because FTK Imager compares the elapsed time of conversion
D. because FTK Imager hashes only the data during the conversion

Answer: D

QUESTION NO: 11

How can you use FTK Imager to obtain registry files from a live system?

www.CertificationKing.com 4
AccessData A30-327: Practice Exam
A. You use the Export Files option.
B. You use the Advanced Recovery option.
C. Registry files cannot be exported from a live system.
D. You use the Protected Storage System Provider option.

Answer: A

QUESTION NO: 12

Which statement is true about using FTK Imager to export a folder and its subfolders?

A. Exporting a folder will copy all its subfolders.


B. Each subfolder must be exported individually.
C. Exporting a folder copies only the folder without any files.
D. Exporting a folder will copy all subfolders without the system attribute.

Answer: A

QUESTION NO: 13

You used FTK Imager to create several hash list files. You view the location where the files
were exported. What is the file extension type for these files?

A. .txt = ASCII Text File


B. .dif = Data Interchange Format
C. .prn = Formatted Text Delimited
D. .csv = Comma Separated Values

Answer: D

QUESTION NO: 14

You create two evidence images from the suspect's drive: suspect.E01 and suspect.001. You
want to be able to verify that the image hash values are the same for suspect.E01 and
suspect.001 image files. Which file has the hash value for the Raw (dd) image?

A. suspect.001.txt
B. suspect.E01.txt
C. suspect.001.csv
D. suspect.E01.csv

www.CertificationKing.com 5
AccessData A30-327: Practice Exam
Answer: A

QUESTION NO: 15

You successfully export and create a file hash list while using FTK Imager. Which three
pieces of information are included in this file? (Choose three.)

A. MD5
B. SHA1
C. filename
D. record date
E. date modified

Answer: A,B,C

QUESTION NO: 16

During the execution of a search warrant, you image a suspect drive using FTK Imager and store
the Raw(dd) image files on a portable drive. Later, these files are transferred to a server for
storage. How do you verify that the information stored on the server is unaltered?

A. open and view the Summary file


B. load the image into FTK and it automatically performs file verification
C. in FTK Imager, use the Verify Drive/Image function to automatically compare a calculated hash
with a stored hash
D. use FTK Imager to create a verification hash and manually compare that value to the value
stored in the Summary file

Answer: D

QUESTION NO: 17

Which three items are contained in an Image Summary File using FTK Imager? (Choose
three.)

A. MD5
B. CRC
C. SHA1
D. Sector Count
E. Cluster Count

www.CertificationKing.com 6

You might also like