Weekend Sale Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. AccessData
  3. AccessData Certification
  4. A30-327 - AccessData Certified Examiner

AccessData A30-327 AccessData Certified Examiner Exam Practice Test

Page: 1 / 6
Total 60 questions
Get A30-327 Full Access Download A30-327 PDF

AccessData Certified Examiner Questions and Answers

Question 1

You are attempting to access data from the Protected Storage System Provider (PSSP) area of a registry. How do you accomplish this using PRTK?

Options:

A.

You drop the SAM file onto the PRTK interface.

B.

You drop the NTUSER.dat file onto the PRTK interface.

C.

You use the PSSP Attack Marshal from Registry Viewer.

D.

This area can not be accessed with PRTK as it is a registry file.

Question 2

To obtain protected files on a live machine with FTK Imager, which evidence item should be added?

Options:

A.

image file

B.

currently booted drive

C.

server object settings

D.

profile access control list

Question 3

You used FTK Imager to create several hash list files. You view the location where the files

were exported. What is the file extension type for these files?

Options:

A.

.txt = ASCII Text File

B.

.dif = Data Interchange Format

C.

.prn = Formatted Text Delimited

D.

.csv = Comma Separated Values

Question 4

Which pattern does the following regular expression recover?

(\d{4}[\- ]){3}\d{4}

Options:

A.

000-000-0000

B.

ddd-4-3-dddd-4-3

C.

000-00000-000-ABC

D.

0000-0000-0000-0000

Question 5

You are converting one image file format to another using FTK Imager. Why are the hash

values of the original image and the resulting new image the same?

Options:

A.

because FTK Imager's progress bar tracks the conversion

B.

because FTK Imager verifies the amount of data converted

C.

because FTK Imager compares the elapsed time of conversion

D.

because FTK Imager hashes only the data during the conversion

Question 6

After creating a case, the Encrypted Files container lists EFS files. However, no decrypted

sub- items are present. All other necessary components for EFS decryption are present in the case. Which two files must be used to recover the EFS password for use in FTK? (Choose two.)

Options:

A.

SAM

B.

system

C.

SECURITY

D.

Master Key

E.

FEK Certificate

Question 7

What are three types of evidence that can be added to a case in FTK? (Choose three.)

Options:

A.

local drive

B.

registry MRU list

C.

contents of a folder

D.

acquired image of a drive

E.

compressed volume files (CVFs)

Question 8

FTK uses Data Carving to find which three file types? (Choose three.)

Options:

A.

JPEG files

B.

Yahoo! Chat Archives

C.

WPD (Word Perfect Documents)

D.

Enhanced Windows Meta Files (EMF)

E.

OLE Archive Files (Office Documents)

Question 9

FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)

Options:

A.

E01

B.

Ghost

C.

SMART

D.

SafeBack

Load More A30-327 Questions 
Page: 1 / 6
Total 60 questions
Get A30-327 Full Access Download A30-327 PDF