Leads4pass > AccessData > AccessData Certifications > A30-327 > A30-327 Online Practice Questions and Answers

A30-327 Online Practice Questions and Answers

Questions 4

When previewing a physical drive on a local machine with FTK Imager, which statement is true?

A. FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.

B. FTK Imager can operate from a USB drive, thus preventing writes to suspect media.

C. FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.

D. FTK Imager should always be used in conjunction with a hardware write protect device to prevent writes to suspect media.

Buy Now
Questions 5

You create two evidence images from the suspect's drive: suspect.E01 and suspect.001.

You want to be able to verify that the image hash values are the same for suspect.E01 and suspect.001 image files. Which file has the hash value for the Raw (dd) image?

A. suspect.001.txt

B. suspect.E01.txt

C. suspect.001.csv

D. suspect.E01.csv

Buy Now
Questions 6

In FTK, you navigate to the Graphics tab at the Case level and you do not see any graphics. What should you do to see all graphics in the case?

A. list all descendants

B. run the graphic files filter

C. check all items in the current list

D. select the Graphics container button

Buy Now
Questions 7

You examine evidence and flag several graphic images found in different folders. You now want to bookmark these items into a single bookmark. Which tab in FTK do you use to view only the flagged thumbnails?

A. Explore tab

B. Graphics tab

C. Overview tab

D. Bookmark tab

Buy Now
Questions 8

FTK uses Data Carving to find which three file types? (Choose three.)

A. JPEG files

B. Yahoo! Chat Archives

C. WPD (Word Perfect Documents)

D. Enhanced WindowsMeta Files (EMF)

E. OLE Archive Files (Office Documents)

Buy Now
Questions 9

Using the FTK Report Wizard, which two options are available in the Bookmarks - A window? (Choose two.)

A. Apply a filter to the list

B. Group all filenames at end of report

C. Yes, include all graphics in the case

D. No, do not include a bookmark section

E. Export full-size graphics and link them to the thumbnails

Buy Now
Questions 10

When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?

A. Report

B. Special Reports

C. Summary Report

D. Add to ReportWith Children

Buy Now
Questions 11

You view a registry file in Registry Viewer. You want to create a report, which includes items that you have marked "Add to Report." Which Registry Viewer option accomplishes this task?

A. Common Areas

B. Generate Report

C. Define Summary Report

D. Manage Summary Reports

Buy Now
Questions 12

After creating a case, the Encrypted Files container lists EFS files. However, no decrypted sub- items are present. All other necessary components for EFS decryption are present in the case. Which two files must be used to recover the EFS password for use in FTK? (Choose two.)

A. SAM

B. system

C. SECURITY

D. Master Key

E. FEK Certificate

Buy Now
Questions 13

Which two Registry Viewer operations can be conducted from FTK? (Choose two.)

A. list SAM file account names in FTK

B. view all registry files from within FTK

C. createsubitems of individual keys for FTK

D. export a registry report to the FTK case report

Buy Now
Exam Code: A30-327
Exam Name: AccessData Certified Examiner
Last Update: Jan 02, 2025
Questions: 60
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99