WGU C840 Digital Forensics in Cybersecurity Exam (2023/ 2024 Update) Questions and Verified Answers| 100% Correct
WGU C840 Digital Forensics in
Cybersecurity Exam (2023/ 2024 Update)
Questions and Verified Answers| 100%
Correct
Q: Which log or folder contains information about printed documents on a computer running
Mac OS X?
A. /var/log/lpr.log
B. /var/spool/cups
C. /var/vm
D. /var/log
Answer:
B.
Q: Which Windows event log should be checked for evidence of invalid logon attempts?
A. Application
B. Security
C. ForwardedEvents
D. System
Answer:
B.
Q: A cyber security organization has issued a warning about a cybercriminal who is using a
known vulnerability to attack unpatched corporate Macintosh systems. A network administrator
decides to examine the software updates logs on a Macintosh system to ensure the system has
been patched.
Which folder contains the software updates logs?
A. /var/spool/cups
B. /var/log
C. /proc
D. /Library/Receipts
Answer:
C.
Q: A forensic investigator wants to image an older BlackBerry smartphone running OS 7.0.
Which tool should the investigator use?
A. CopyQM Plus
B. BlackBerry Extractor
C. The Sleuth Kit
D. BlackBerry Desktop Manager
Answer:
C.
Q: An investigator wants to extract information from a mobile device by connecting it to a
computer.
What should the investigator take great care to ensure?
A. That proper step information is written to the mobile device
B. That the mobile device is updated with the latest operating system
C. That current time stamps of forensics activities are written to the device
D. That the mobile device does not synchronize with the computer
Answer:
C.
Q: Which state is a device in if it is powered on, performing tasks, and able to be manipulated
by the user?
A. Guest-mode
B. Nascent
C. Quiescent
D. Active
Answer:
C.
Q: Rules of evidence can be defined as _.
A. term that refers to how long evidence will last
B. formal document prepared by a forensics specialist to document an investigation, including a
list of all tests conducted as well as the specialist’s own curriculum vitae (CV)
C. rules that govern whether, when, how, and why proof of a legal case can be placed before a
judge or jury
D. information that has been processed and assembled so that it is relevant to an investigation
and supports a specific finding or determination
Answer:
C.
Q: The Windows Registry is organized into five sections. The _ section contains
those settings common to the entire machine, regardless of the individual user.
A. HKEY_CURRENT_USER (HKCU)
B. HKEY_CLASSES_ROOT (HKCR)
C. HKEY_LOCAL_MACHINE (HKLM)
D. HKEY_USERS (HKU)
Answer:
C.
Q: There are specific laws in the United States that are applicable to e-mail investigations.
__ is a U.S. law that prescribes procedures for the physical and electronic surveillance
and collection of “foreign intelligence information” between foreign powers and agents of
foreign powers, which may include American citizens and permanent residents suspected of
espionage or terrorism.
A. The Electronic Communications Privacy Act (ECPA)
B. The USA Patriot Act
C. Foreign Intelligence Surveillance Act (FISA)
D. 18 U.S.C. 2252B
Answer:
C.
Q: Identification, preservation, collection, examination, analysis, and presentation are six
classes in the matrix of _.
A. the Rules of Evidence
B. the DFRWS framework
C. the Forensic Toolkit
D. the Certified-Forensic-Analyst
Answer:
B.
Q: One of the first steps in any forensic examination should be to check the logs. If you need to
know what documents have been printed from the Macintosh, the _ folder can give
you that information.
A. /Library/Receipts
B. /Users//.bash_history log
C. var/vm
D. /var/spool/cups
Answer:
C.
Q: What name is given to the result of acquiring a file as it is being updated?
A. slurred image
B. master boot record (MBR)
C. hive
D. dump
Answer:
A.
Q: At which phase of the incident response does computer forensics begin?
A. follow-up
Powered by https://learnexams.com/search/study?query=