Questions and Answers:60 Q&As
Updated: 2009-09-29
Exam Number/Code: A30-327
Exam Name: AccessData Certified Examiner
Certinside professional IT Q&A vendors, we provide well after-sale service. To all the customers buy the Q&As, we provide track service. when you buy the Q&As with in 3 months. you can enjoy the upgrade Q&As service for free. If in this period, the certified test center change the AccessData AccessData A30-327 Q&As, we will update the Q&A in the first time, and provide you the download update for free
A30-327 Free Demo Download
Certinside offers free demo for A30-327 60 Q & As with Expert Explanations). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.
Download A30-327 Exam Pdf Demo
Download A30-327 Exam iEngine Demo
Exam : AccessData A30-327
Title : AccessData Certified Examiner
1. FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)
A.E01
B.Ghost
C.SMART
D.SafeBack
Answer: AC
2. You are converting one image file format to another using FTK Imager.
Why are the hash values of the original image and the resulting new image the same?
A.because FTK Imager’s progress bar tracks the conversion
B.because FTK Imager verifies the amount of data converted
C.because FTK Imager compares the elapsed time of conversion
D.because FTK Imager hashes only the data during the conversion
Answer: D
3. Which three items are displayed in FTK Imager for an individual file in the Properties window? (Choose three.)
A.flags
B.filename
C.hash set
D.timestamps
E.item number
Answer: ABD
4. Which statement is true about using FTK Imager to export a folder and its subfolders?
A.Exporting a folder will copy all its subfolders.
B.Each subfolder must be exported individually.
C.Exporting a folder copies only the folder without any files.
D.Exporting a folder will copy all subfolders without the system attribute.
Answer: A
5. Which type of evidence can be added to FTK Imager?
A.individual files
B.all checked items
C.contents of a folder
D.all currently listed items
Answer: C
6. When using FTK Imager to preview a physical drive, which number is assigned to the first logical volume of an extended partition?
A.2
B.3
C.4
D.5
Answer: D
7. What are three image file formats that can be read by FTK Imager? (Choose three.)
A.E01 files
B.raw (dd) image files
C.SafeBack version 2.2 image files
D.SafeBack version 3.0 image files
E.Symantec Ghost compressed image files
Answer: ABC
8. When previewing a physical drive on a local machine with FTK Imager, which statement is true?
A.FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.
B.FTK Imager can operate from a USB drive, thus preventing writes to suspect media.
C.FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.
D.FTK Imager should always be used in conjunction with a hardware write protect device to prevent writes to suspect media.
Answer: D
9. How can you use FTK Imager to obtain registry files from a live system?
A.You use the Export Files option.
B.You use the Advanced Recovery option.
C.Registry files cannot be exported from a live system.
D.You use the Protected Storage System Provider option.
Answer: A
10. You used FTK Imager to create several hash list files. You view the location where the files were exported.
What is the file extension type for these files?
A..txt = ASCII Text File
B..dif = Data Interchange Format
C..prn = Formatted Text Delimited
D..csv = Comma Separated Values
Answer: D
11. You create two evidence images from the suspect’s drive: suspect.E01 and suspect.001. You want to be able to verify that the image hash values are the same for suspect.E01 and suspect.001 image files.
Which file has the hash value for the Raw (dd) image?
A.suspect.001.txt
B.suspect.E01.txt
C.suspect.001.csv
D.suspect.E01.csv
Answer: A
12. In FTK, which search broadening option allows you to find grammatical variations of the word "kill" such as "killer," "killed," and "killing"?
A.Phonic
B.Synonym
C.Stemming
D.Fuzzy Logic
Answer: C
13. To obtain protected files on a live machine with FTK Imager, which evidence item should be added?
A.image file
B.currently booted drive
C.server object settings
D.profile access control list
Answer: B
14. Which statement is true about using FTK Imager to simultaneously create multiple images of a single source?
A.In the Image Creation Wizard, you should select the Add Additional Drives option.
B.You should use the Create Multiple Images option to create server image objects.
C.You should note the evidence item source signature and add it to the Image View pane.
D.In the Image Creation Wizard, you should add multiple destination jobs from the same source prior to beginning image creation.
Answer: D
15. You successfully export and create a file hash list while using FTK Imager.
Which three pieces of information are included in this file? (Choose three.)
A.MD5
B.SHA1
C.filename
D.record date
E.date modified
Answer: ABC
