WGU C840 Digital Forensics in Cybersecurity Exam Review (2023/ 2024 New Update) Complete Guide with Questions and Verified Answers| 100% Correct
WGU C840 Digital Forensics in
Cybersecurity Exam Review (2023/ 2024 New
Update) Complete Guide with Questions and
Verified Answers| 100% Correct
QUESTION
A system administrator believes data are being leaked from the organization. The administrator
decides to use steganography to hide tracking information in the types of files he thinks are being
leaked.
Which steganographic term describes this tracking information?
Answer:
Payload
QUESTION
A criminal organization has compromised a third-party web server and is using it to control a
botnet. The botnet server hides command and control messages through the DNS protocol.
Which steganographic component are the command and control messages?
Answer:
Payload
QUESTION
Which tool should the forensic investigator use to search for the hidden data in the images?
Answer:
Forensic Toolkit (FTK)
QUESTION
A foreign government is communicating with its agents in the U.S. by hiding text messages in
popular American songs, which are uploaded to the web.
Which steganographic tool can be used to do this?
Answer:
MP3Stego
QUESTION
During a cyber-forensics investigation, a USB drive was found that contained multiple pictures
of the same flower.
How should an investigator use properties of a file to detect steganography?
Answer:
Review the hexadecimal code looking for anomalies in the file headers and endings using a tool
such as EnCase
QUESTION
Where are local passwords stored for the Windows operating system?
Answer:
SAM file in \Windows\System32\
QUESTION
Where on a Windows system is the config folder located that contains the SAM file?
Answer:
C:\Windows\System32
QUESTION
A forensic examiner wants to try to extract passwords for wireless networks to which a system
was connected.
Where should passwords for wireless networks be stored on a Windows XP system?
Answer:
Registry
QUESTION
Which Windows password cracking tool uses rainbow tables?
Answer:
Ophcrack
QUESTION
How does a rainbow table work to crack a password?
Answer:
It uses a table of all possible keyboard combinations and their hash values, then searches for a
match.
QUESTION
What should a forensic investigator use to gather the most reliable routing information for
tracking an email message?
Answer:
Email header
QUESTION
Which activity involves email tracing?
Answer:
Determining the ownership of the source email server
QUESTION
A forensic examiner reviews a laptop running OS X which has been compromised. The examiner
wants to know if there were any mounted volumes created from USB drives.
Which digital evidence should be reviewed?
Answer:
/Var/log
QUESTION
Which log or folder contains information about printed documents on a computer running Mac
OS X?
Answer:
/var/spool/cups
QUESTION
Which Windows event log should be checked for evidence of invalid logon attempts?
Answer:
Security
QUESTION
A cyber security organization has issued a warning about a cybercriminal who is using a known
vulnerability to attack unpatched corporate Macintosh systems. A network administrator decides
to examine the software updates logs on a Macintosh system to ensure the system has been
patched.
Which folder contains the software updates logs?
Answer:
/Library/Receipts
Powered by https://learnexams.com/search/study?query=