A30-327 Online Practice Questions and Answers

In FTK, which search broadening option allows you to find grammatical variations of the word "kill"such as "killer," "killed," and "killing"?

A. Phonic

B. Synonym

C. Stemming

D. Fuzzy Logic

When using FTK Imager to preview a physical drive, which number is assigned to the first logical volume of an extended partition?

A. 2

B. 3

C. 4

D. 5

Which statement is true about using FTK Imager to simultaneously create multiple images of a single source?

A. In the Image Creation Wizard, you should select the Add Additional Drives option.

B. You should use the Create Multiple Images option to create server image objects.

C. You should note the evidence item source signature and add it to the Image View pane.

D. In the Image Creation Wizard, you should add multiple destination jobs from the same source prior To beginning image creation.

FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)

A. E01

B. Ghost

C. SMART

D. SafeBack

You are converting one image file format to another using FTK Imager. Why are the hash values of the original image and the resulting new image the same?

A. because FTK Imager's progress bar tracks the conversion

B. because FTK Imager verifies the amount of data converted

C. because FTK Imager compares the elapsed time of conversion

D. because FTK Imager hashes only the data during the conversion

In which Overview tab container are HTML files classified?

A. Archive container

B. Java Code container

C. Documents container

D. Internet Files container

In FTK, when you view the Total File Items container (rather than the Actual Files container), why are there more items than files?

A. Total File Items includes files that are in archive files, while Actual Files does not.

B. Total File Items includes all unfiltered files while Actual Files includes only checked files.

C. Total File Items includes all KFFIgnorables while Actual Files includes only the KFF Alerts.

D. Total File Items includes files that are in the Graphics and E-Mail tabs, while Actual Files only includes files in the Graphics tab while excluding attachments in the E-mail tab.

Which data in the Registry can the Registry Viewer translate for the user? (Choose three.)

A. calculate MD5 hashes of individual keys

B. translate the MRUs in chronological order

C. present data stored in null terminated keys

D. present the date and time of each typed URL

E. View Protected Storage System Provider (PSSP) data

When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?

A. Report

B. Special Reports

C. Summary Report

D. Add to ReportWith Children

You view a registry file in Registry Viewer. You want to create a report, which includes items that you have marked "Add to Report." Which Registry Viewer option accomplishes this task?

A. Common Areas

B. Generate Report

C. Define Summary Report

D. Manage Summary Reports

In PRTK, which type of attack uses word lists?

A. dictionary attack

B. key space attack

C. brute-force attack

D. rainbow table attack

What is the most effective method to facilitate successful password recovery?

A. Art of War

B. Entropy Test

C. Advanced EFS Attack

D. Primary Dictionary Attack

You are attempting to access data from the Protected Storage System Provider (PSSP) area of a registry.

How do you accomplish this using PRTK?

A. You drop the SAM file onto the PRTK interface.

B. You drop the NTUSER.dat file onto the PRTK interface.

C. You use the PSSP Attack Marshal from Registry Viewer.

D. This area can not be accessed with PRTK as it is a registry file.

In FTK, a user may alter the alert or ignore status of individual hash sets within the active KFF. Which utility is used to accomplish this?

A. KFF Alert Editor

B. ADKFF Library Selector

C. Hash Database File Selector

D. Hash Database Recovery Engine

Which file should be selected to open an existing case in FTK?

A. ftk.exe

B. case.ini

C. case.dat

D. isobuster.dll