Professional Documents
Culture Documents
A30-327
AccessData Certified Examiner
Features:
90 Days Free Updates
30 Days Money Back Guarantee
Instant Download Once Purchased
24/7 Online Chat Support
Its Latest Version
Visit us athttps://www.certswarrior.com/exam/a30-327/
Question: 1
Which statement is true about using FTK Imager to export a folder and its subfolders?
Answer: A
Question: 2
What are three types of evidence that can be added to a case in FTK? (Choose three.)
A. local drive
B. registry MRU list
C. contents of a folder
D. acquired image of a drive
E. compressed volume files (CVFs)
Answer: A,C,D
Question: 3
When adding data to FTK, which statement about DriveFreeSpace is true?
Answer: D
Question: 4
What is the most effective method to facilitate successful password recovery?
A. Art of War
B. Entropy Test
Visit us athttps://www.certswarrior.com/exam/a30-327/
C. Advanced EFS Attack
D. Primary Dictionary Attack
Answer: A
Question: 5
In FTK, you navigate to the Graphics tab at the Case level and you do not see any
graphics. What should you do to see all graphics in the case?
Answer: A
Question: 6
You successfully export and create a file hash list while using FTK Imager. Which three
pieces of information are included in this file? (Choose three.)
A. MD5
B. SHA1
C. filename
D. record date
E. date modified
Answer: A,B,C
Question: 7
When previewing a physical drive on a local machine with FTK Imager, which statement is
true?
A. FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.
B. FTK Imager can operate from a USB drive, thus preventing writes to suspect media.
C. FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.
D. FTK Imager should always be used in conjunction with a hardware write protect device
To prevent writes to suspect media.
Visit us athttps://www.certswarrior.com/exam/a30-327/
Answer: D
Question: 8
Which file should be selected to open an existing case in FTK?
A. ftk.exe
B. case.ini
C. case.dat
D. isobuster.dll
Answer: C
Question: 9
Using the FTK Report Wizard, which two options are available in the List by File Path
window? (Choose two.)
Answer: B,C
Question: 10
During the execution of a search warrant, you image a suspect drive using FTK Imager and
store the Raw(dd) image files on a portable drive. Later, these files are transferred to a
server for storage. How do you verify that the information stored on the server is unaltered?
Answer: D
Visit us athttps://www.certswarrior.com/exam/a30-327/
http://www.certswarrior.com/ Questions and Answers (PDF)
Page | 1
Visit us athttps://www.certswarrior.com/exam/a30-327/
http://www.certswarrior.com/exam/M2180-651/
Powered by TCPDF (www.tcpdf.org)