Exam Code: A30-327 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: AccessData Certified Examiner
Certification Provider: AccessData
Free Today! Guaranteed Training- Pass A30-327 Exam.
Online AccessData A30-327 free dumps demo Below:
NEW QUESTION 1
Which statement is true about Processes to Perform in FTK?
- A. Processing options can be chosen only when adding evidence.
- B. Processing options can be chosen during or after adding evidence.
- C. Processing options can be chosen only after evidence has been added.
- D. If processing is not performed while adding evidence, the case must be started again.
Answer: B
NEW QUESTION 2
You view a registry file in Registry Viewer. You want to create a report, which includes items that you have marked "Add to Report." Which Registry Viewer option accomplishes
this task?
- A. Common Areas
- B. Generate Report
- C. Define Summary Report
- D. Manage Summary Reports
Answer: B
NEW QUESTION 3
Which pattern does the following regular expression recover?
(d{4}[- ]){3}d{4}
- A. 000-000-0000
- B. ddd-4-3-dddd-4-3
- C. 000-00000-000-ABC
- D. 0000-0000-0000-0000
Answer: D
NEW QUESTION 4
You examine evidence and flag several graphic images found in different folders. You now want to bookmark these items into a single bookmark. Which tab in FTK do you use to view only the flagged thumbnails?
- A. Explore tab
- B. Graphics tab
- C. Overview tab
- D. Bookmark tab
Answer: C
NEW QUESTION 5
You want to search for two words within five words of each other. Which search request would accomplish this function?
- A. apple by pear w/5
- B. June near July w/5
- C. supernova w/5 cassiopeia
- D. supernova by cassiopeia w/5
Answer: C
NEW QUESTION 6
You are converting one image file format to another using FTK Imager. Why are the hash values of the original image and the resulting new image the same?
- A. because FTK Imager's progress bar tracks the conversion
- B. because FTK Imager verifies the amount of data converted
- C. because FTK Imager compares the elapsed time of conversion
- D. because FTK Imager hashes only the data during the conversion
Answer: D
NEW QUESTION 7
Which two Registry Viewer operations can be conducted from FTK? (Choose two.)
- A. list SAM file account names in FTK
- B. view all registry files from within FTK
- C. create subitems of individual keys for FTK
- D. export a registry report to the FTK case report
Answer: BD
NEW QUESTION 8
When adding data to FTK, which statement about DriveFreeSpace is true?
- A. Mastered
- B. Not Mastered
Answer: A
NEW QUESTION 9
After creating a case, the Encrypted Files container lists EFS files. However, no decrypted
sub- items are present. All other necessary components for EFS decryption are present in the case. Which two files must be used to recover the EFS password for use in FTK? (Choose two.)
- A. SAM
- B. system
- C. SECURITY
- D. Master Key
- E. FEK Certificate
Answer: AB
NEW QUESTION 10
Which type of evidence can be added to FTK Imager?
- A. individual files
- B. all checked items
- C. contents of a folder
- D. all currently listed items
Answer: C
NEW QUESTION 11
You create two evidence images from the suspect's drive: suspect.E01 and suspect.001. You want to be able to verify that the image hash values are the same for suspect.E01 and
suspect.001 image files. Which file has the hash value for the Raw (dd) image?
- A. suspect.001.txt
- B. suspect.E01.txt
- C. suspect.001.csv
- D. suspect.E01.csv
Answer: A
NEW QUESTION 12
Which three items are contained in an Image Summary File using FTK Imager? (Choose three.)
- A. MD5
- B. CRC
- C. SHA1
- D. Sector Count
- E. Cluster Count
Answer: ACD
NEW QUESTION 13
What is the purpose of the Golden Dictionary?
- A. maintains previously created level information
- B. maintains previously created profile information
- C. maintains a list of the 100 most likely passwords
- D. maintains previously recovered passwords
Answer: D
NEW QUESTION 14
FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)
- A. E01
- B. Ghost
- C. SMART
- D. SafeBack
Answer: AC
NEW QUESTION 15
You are using FTK to process e-mail files. In which two areas can E-mail attachments be located? (Choose two.)
- A. the E-mail tab
- B. the From E-mail container in the Overview tab
- C. the Evidence Items container in the Overview tab
- D. the E-mail Messages container in the Overview tab
Answer: AB
NEW QUESTION 16
Click the Exhibit button.
You need to search for specific data that are located in a Microsoft Word document. You do not know the exact spelling of this datA. Using the Index Search Options as displayed in the exhibit, which changes do you make in the Broadening Options and Search Limiting Options containers?
- A. check the Fuzzy box;check the File Name Pattern box; type *.doc in the pattern container
- B. check the Stemming box; check the File Name Pattern box; type *.doc in the pattern container
- C. check the Synonym box; check the File Name Pattern box; type *.doc in the pattern container
- D. check the Stemming box; check the File Name Pattern box;type %.doc in the pattern container
Answer: A
NEW QUESTION 17
What are three types of evidence that can be added to a case in FTK? (Choose three.)
- A. local drive
- B. registry MRU list
- C. contents of a folder
- D. acquired image of a drive
- E. compressed volume files (CVFs)
Answer: ACD
NEW QUESTION 18
During the execution of a search warrant, you image a suspect drive using FTK Imager and store the Raw(dd) image files on a portable drive. Later, these files are transferred to a server for storage. How do you verify that the information stored on the server is unaltered?
- A. open and view the Summary file
- B. load the image into FTK and it automatically performs file verification
- C. in FTK Imager, use the Verify Drive/Image function to automatically compare a calculatedhash with a stored hash
- D. use FTK Imager to create a verification hash and manually compare that value to the valuestored in the Summary file
Answer: D
NEW QUESTION 19
Which file should be selected to open an existing case in FTK?
- A. ftk.exe
- B. case.ini
- C. case.dat
- D. isobuster.dll
Answer: C
NEW QUESTION 20
Which statement is true about using FTK Imager to export a folder and its subfolders?
- A. Exporting a folder will copy all its subfolders.
- B. Each subfolder must be exported individually.
- C. Exporting a folder copies only the folder without any files.
- D. Exporting a folder will copy all subfolders without the system attribute.
Answer: A
NEW QUESTION 21
What is the most effective method to facilitate successful password recovery?
- A. Mastered
- B. Not Mastered
Answer: A
NEW QUESTION 22
FTK Imager can be invoked from within which program?
- A. FTK
- B. DNA
- C. PRTK
- D. Registry Viewer
Answer: A
NEW QUESTION 23
Click the Exhibit button.
When decrypting EFS files in a case, you receive the result shown in the exhibit. What is the most plausible explanation for this result?
- A. The encrypted file was corrupt.
- B. A different user encrypted the remaining encrypted file.
- C. The hash value of the remaining encrypted file did not match.
- D. The remaining encrypted file had previously been bookmarked.
- E. An incorrect CRC value for the $EFS certificate was applied by the user.
Answer: B
NEW QUESTION 24
When using PRTK to attack encrypted files exported from a case, which statement is true?
- A. PRTK will request the user access control list from FTK.
- B. PRTK will generate temporary copies of decrypted files for printing.
- C. FTK will stop all active jobs to allow PRTK to decrypt the exported files.
- D. File hash values will change when they are saved in their decrypted format.
- E. Additional interoperability between PRTK and NTAccess becomes available when files begin decrypting.
Answer: D
NEW QUESTION 25
In PRTK, which type of attack uses word lists?
- A. dictionary attack
- B. key space attack
- C. brute-force attack
- D. rainbow table attack
Answer: A
NEW QUESTION 26
......
100% Valid and Newest Version A30-327 Questions & Answers shared by Surepassexam, Get Full Dumps HERE: https://www.surepassexam.com/A30-327-exam-dumps.html (New 60 Q&As)