Certbus > AccessData > AccessData Certifications > A30-327 > A30-327 Online Practice Questions and Answers

A30-327 Online Practice Questions and Answers

Questions 4

In FTK, which search broadening option allows you to find grammatical variations of the word "kill"such as "killer," "killed," and "killing"?

A. Phonic

B. Synonym

C. Stemming

D. Fuzzy Logic

Browse 60 Q&As
Questions 5

When using FTK Imager to preview a physical drive, which number is assigned to the first logical volume of an extended partition?

A. 2

B. 3

C. 4

D. 5

Browse 60 Q&As
Questions 6

Which statement is true about using FTK Imager to simultaneously create multiple images of a single source?

A. In the Image Creation Wizard, you should select the Add Additional Drives option.

B. You should use the Create Multiple Images option to create server image objects.

C. You should note the evidence item source signature and add it to the Image View pane.

D. In the Image Creation Wizard, you should add multiple destination jobs from the same source prior To beginning image creation.

Browse 60 Q&As
Questions 7

FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)

A. E01

B. Ghost

C. SMART

D. SafeBack

Browse 60 Q&As
Questions 8

You are converting one image file format to another using FTK Imager. Why are the hash values of the original image and the resulting new image the same?

A. because FTK Imager's progress bar tracks the conversion

B. because FTK Imager verifies the amount of data converted

C. because FTK Imager compares the elapsed time of conversion

D. because FTK Imager hashes only the data during the conversion

Browse 60 Q&As
Questions 9

In which Overview tab container are HTML files classified?

A. Archive container

B. Java Code container

C. Documents container

D. Internet Files container

Browse 60 Q&As
Questions 10

In FTK, when you view the Total File Items container (rather than the Actual Files container), why are there more items than files?

A. Total File Items includes files that are in archive files, while Actual Files does not.

B. Total File Items includes all unfiltered files while Actual Files includes only checked files.

C. Total File Items includes all KFFIgnorables while Actual Files includes only the KFF Alerts.

D. Total File Items includes files that are in the Graphics and E-Mail tabs, while Actual Files only includes files in the Graphics tab while excluding attachments in the E-mail tab.

Browse 60 Q&As
Questions 11

Which data in the Registry can the Registry Viewer translate for the user? (Choose three.)

A. calculate MD5 hashes of individual keys

B. translate the MRUs in chronological order

C. present data stored in null terminated keys

D. present the date and time of each typed URL

E. View Protected Storage System Provider (PSSP) data

Browse 60 Q&As
Questions 12

When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?

A. Report

B. Special Reports

C. Summary Report

D. Add to ReportWith Children

Browse 60 Q&As
Questions 13

You view a registry file in Registry Viewer. You want to create a report, which includes items that you have marked "Add to Report." Which Registry Viewer option accomplishes this task?

A. Common Areas

B. Generate Report

C. Define Summary Report

D. Manage Summary Reports

Browse 60 Q&As
Questions 14

In PRTK, which type of attack uses word lists?

A. dictionary attack

B. key space attack

C. brute-force attack

D. rainbow table attack

Browse 60 Q&As
Questions 15

What is the most effective method to facilitate successful password recovery?

A. Art of War

B. Entropy Test

C. Advanced EFS Attack

D. Primary Dictionary Attack

Browse 60 Q&As
Questions 16

You are attempting to access data from the Protected Storage System Provider (PSSP) area of a registry.

How do you accomplish this using PRTK?

A. You drop the SAM file onto the PRTK interface.

B. You drop the NTUSER.dat file onto the PRTK interface.

C. You use the PSSP Attack Marshal from Registry Viewer.

D. This area can not be accessed with PRTK as it is a registry file.

Browse 60 Q&As
Questions 17

In FTK, a user may alter the alert or ignore status of individual hash sets within the active KFF. Which utility is used to accomplish this?

A. KFF Alert Editor

B. ADKFF Library Selector

C. Hash Database File Selector

D. Hash Database Recovery Engine

Browse 60 Q&As
Questions 18

Which file should be selected to open an existing case in FTK?

A. ftk.exe

B. case.ini

C. case.dat

D. isobuster.dll

Browse 60 Q&As
Exam Code: A30-327
Exam Name: AccessData Certified Examiner
Last Update: Mar 19, 2025
Questions: 60 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99