WGU C840 Practice Assessment Questions & Answers2022/2023
1.Which tool should the IT staff use to gather digital evidence about
this security vulnerability>>>Sniffer
2.A police detective investigating a threat traces the source to a house.
The couple at the house shows the detective the only computer the family
owns, which is in their son’s bedroom. The couple states that their son is
presently in class at a local middle school. How should the detective
legally gain access to the computer>>>Obtain consent to search from
the parents
3.How should a forensic scientist obtain the network configuration from
a Windows PC before seizing it from a crime scene>>>By using the
ipconfig command from a command prompt on the computer
4.The human resources manager of a small accounting firm believes he
may have been a victim of a phishing scam. The manager clicked on a link
in an email message that asked him to verify the logon credentials for the
firm’s online bank account>>>Browser cache
5.After a company’s single-purpose, dedicated messaging server is
hacked by a cybercriminal, a forensics expert is hired to investigate the
crime and collect evidence. Which digital evidence should be
collected>>>Firewall logs
6.Thomas received an email stating that he needed to follow a link and
verify his bank account information to ensure it was secure. Shortly
after following the instructions, Thomas noticed money was missing
from his account.Which digital evidence should be considered to
determine how Thomas’ account information was
compromised>>>Email messages
7.The chief executive officer (CEO) of a small computer company has
iden- tified a potential hacking attack from an outside competitor. Which
type of evidence should a forensics investigator use to identify the source
of the hack>>>Network transaction logs
8.A forensic scientist arrives at a crime scene to begin collecting
evidence. What is the first thing the forensic scientist should
do>>>Photograph all evi- dence in its original place
9.Which method of copying digital evidence ensures proper evidence
col- lection>>>Make the copy at the bit-level
10.A computer involved in a crime is infected with malware. The computer
is on and connected to the company’s network. The forensic investigator
arrives at the scene. Which action should be the investigator’s first
step>>>- Unplug the computer’s Ethernet cable.
WGU Course C840 – Digital Forensics in Cybersecurity
Questions & Answers 2022/2023
- Malware forensics is also known as internet forensics.
A True
B False>>>B - The Privacy Protection Act (PPA) of 1980 protects journalists from
being required to turn over to law enforcement any work product or
documentary material, including sources, before it is disseminated to the
public.
A True
B False>>>A - The term testimonial evidence refers to the process of examining
mali- cious computer code.
A True
B False>>>B - Evidence need not be locked if it is at a police station.
A True
B False>>>B
- Real evidence means physical objects that can be touched, held, or
di- rectly observed, such as a laptop with a suspect’s fingerprints on it,
or a handwritten note.
A True
B False>>>A - The FBI is the premier federal agency tasked with combating
cybercrime.
A True
B False>>>B - When cataloging digital evidence, the primary goal is to do what?
A Make bitstream images of all hard drives.
B Keep the computer from being turned
off.
C Keep evidence from being removed from the
scene. D Preserve evidence integrity.>>>D - Your roommate can give consent to search your computer.
A True
B False>>>B - The Windows Registry is essentially a repository of all settings,
software, and parameters for Windows.
A True
B False>>>A - The term internet forensics refers to information that forensic
specialists use to support or interpret real or documentary evidence; for
example, to demonstrate that the fingerprints found on a keyboard are
those of a specific individual.
A True
B False>>>B - PROM can be programmed only once. Data is not lost when power
is removed.
A True
B False>>>A - In a computer forensics
investigation, describes the route
that evidence takes from the time you find it until the case is closed or
goes to court.
A Policy of
separation B Rules of
evidence C Law of
probability D Chain of
custody>>>D
- The objective in computer forensics is to recover, analyze, and
present computer-based material in such a way that it can be used as
evidence in a court of law.
A True
B False>>>A - Demonstrative evidence means information that helps explain other
ev- idence. An example of demonstrative evidence is a chart that explains
a
WGU C840 OA Digital Forensics 2022/2023
1.expert report>> A formal document prepared by a forensics specialist
to doc- ument an investigation, including a list of all tests conducted
as well as the specialist’s own curriculum vitae (CV). Anything the
specialist plans to testify about at a trial must be included in the
expert report.
2.Testimonial evidence>> Information that forensic specialists use to
support or interpret real or documentary evidence; for example, to
demonstrate that the fingerprints found on a keyboard are those of a
specific individual.
3.Daubert standard>> The standard holding that only methods and
tools widely accepted in the scientific community can be used in
court.
4.If the computer is turned on when you arrive, what does the Secret
Service recommend you do>>> Shut down according to the
recommended Secret Service procedure.
5.Communications Assistance to Law Enforcement Act of 1994>> The
Com- munications Assistance to Law Enforcement Act of 1994 is a
federal wiretap law for traditional wired telephony. It was expanded to
include wireless, voice over packet, and other forms of electronic
communications, including signaling traffic and metadata.
6.Digital evidence>> Digital evidence is information processed and
assembled so that it is relevant to an investigation and supports a
specific finding or determina- tion.
7.Federal Privacy Act of 1974>> The Federal Privacy Act of 1974, a
United States federal law that establishes a code of Fair Information
Practice that governs the collection, maintenance, use, and
dissemination of information about individuals that is maintained in
systems of records by U.S. federal agencies.
8.Power Spy, Verity, ICU, and WorkTime>> Spyware
9.good fictitious e-mail response rate>> 1-3%
10.Which crime is most likely to leave e-mail evidence>>> Cyberstalking
11.Where would you seek evidence that ophcrack had been used on a
Windows Server 2008 machine>>> In the logs of the server; look for
the reboot of the system
12.A SYN flood is an example of what>>> DoS attack
13.definition of a virus, in relation to a computer>>> a type of
malware that requires a host program or human help to propagate
- What is the starting point for investigating the denial of service
attacks?-
Tracing the packets
15.China Eagle Union>> The cyberterrorism group, the China Eagle
Union, con- sists of several thousand Chinese hackers whose stated
goal is to infiltrate Western computer systems. Members and leaders
of the group insist that not only does the Chinese government have no
involvement in their activities, but that they are breaking Chinese law
and are in constant danger of arrest and imprisonment. However,
most analysts believe this group is working with the full knowledge
and support of the Chinese government.
16.Rules of evidence>> Rules that govern whether, when, how, and
why proof of a legal case can be placed before a judge or jury.
17.file slack>> The unused space between the logical end of the
file and the physical end of the file. It is also called slack space.
18.The Analysis Plan>> Before forensic examination can begin, an
analysis plan should be created. This plan guides work in the analysis
process. How will you gather evidence? Are there concerns about
evidence being changed or destroyed? What tools are most
appropriate for this specific investigation? A standard data analysis
plan should be created and customized for specific situations and
circum- stances.
19.What is the most important reason that you not touch the actual
original evidence any more than you have to>>> Each time you touch
digital data, there is some chance of altering it.
20.You should make at least two bitstream copies of a suspect drive.>>
TRUE
21.To preserve digital evidence, an investigator should>> make two
copies of each evidence item using different imaging tools
22.What would be the primary reason for you to recommend for or against
making a DOS Copy>> A simple DOS copy will not include deleted files,
file slack, and other information.
- Which starting-point forensic certification covers the general
principles and techniques of forensics, but not specific tools such as
EnCase or FTK?-
(CHFI) EC Council Certified Hacking Forensic Investigator
24.This forensic certification is open to both the public and private sectors
and is specific to the use and mastery of FTK. Requirements for taking the
exam include completing the boot camp and Windows forensic courses.>>
Ac- cessData Certified Examiner. AccessData is the creator of Forensic
Toolkit (FTK) software.
WGU C840 Digital Forensics in Cybersecurity Pre-Assessment
Questions & Answers 2022/2023
- The chief information officer of an accounting firm believes sensitive
data is being exposed on the local network.
Which tool should the IT staff use to gather digital evidence about
this security vulnerability>>>Sniffer - A police detective investigating a threat traces the source to a house.
The couple at the house shows the detective the only computer the family
owns, which is in their son’s bedroom. The couple states that their son is
presently in class at a local middle school.
How should the detective legally gain access to the computer>>>Obtain
con- sent to search from the parents
3.How should a forensic scientist obtain the network configuration from
a Windows PC before seizing it from a crime scene>>>By using the
ipconfig command from a command prompt on the computer - The human resources manager of a small accounting firm believes he
may have been a victim of a phishing scam. The manager clicked on a link
in an email message that asked him to verify the logon credentials for the
firm’s online bank account.
Which digital evidence should a forensic investigator collect to
investigate this incident>>>Browser cache
- After a company’s single-purpose, dedicated messaging server is
hacked by a cybercriminal, a forensics expert is hired to investigate the
crime and collect evidence.
Which digital evidence should be collected>>>Firewall logs - Thomas received an email stating that he needed to follow a link and
verify his bank account information to ensure it was secure. Shortly after
following the instructions, Thomas noticed money was missing from his
account.
Which digital evidence should be considered to determine how Thomas’
account information was compromised>>>Email messages - The chief executive officer (CEO) of a small computer company has
iden- tified a potential hacking attack from an outside competitor.