1 /
WGU C702 – Forensics and Network Intrusion Exam 2022
(Verified Answers by Expert)
1.Which documentation should a forensic examiner prepare prior to a
dy- namic analysis ✔✔✔✔ The full path and location of the file being
investigated
2.What allows for a lawful search to be conducted without a warrant
or probable cause ✔✔✔✔ Consent of person with authority
3.A forensic investigator is tasked with retrieving evidence where the
prima- ry server has been erased. The investigator needs to rely on network
logs and backup tapes to base their conclusions on while testifying in
court. Which information found in rules of evidence, Rule 1001, helps
determine if this testimony is acceptable to the court ✔✔✔✔ Definition of
original evidence
4.When can a forensic investigator collect evidence without formal
con- sent ✔✔✔✔ When properly worded banners are displayed on
the computer screen
2 /
5.Who determines whether a forensic investigation should take place if a
situation is undocumented in the standard operating procedures ✔✔✔✔
Decision maker
6.Which situation leads to a civil investigation ✔✔✔✔ Disputes between
two parties that relate to a contract violation
7.Which rule does a forensic investigator need to follow ✔✔✔✔ Use
well-known standard procedures
8.What is the focus of Locard’s exchange principle ✔✔✔✔ Anyone
entering a crime scene takes something with them and leaves
something behind.
9.What is the focus of the enterprise theory of investigation (ETI) ✔✔✔✔
Solving one crime can tie it back to a criminal organization’s
activities.
3 /
10.A forensic investigator is searching a Windows XP computer image for
information about a deleted Word document. The investigator already
viewed the sixth file that was deleted from the computer. Two additional
files were deleted. What is the name of the last file the investigator opens
✔✔✔✔ $R7.doc
11.What is a benefit of a web application firewall (WAF) ✔✔✔✔ Acts as a
reverse proxy to inspect all HTTP traffic
12.How does a hacker bypass a web application firewall (WAF) with
the toggle case technique ✔✔✔✔ By randomly capitalizing some of
the characters
13.During a recent scan of a network, a network administrator sent ICMP
echo 8 packets to each IP address being used in the network. The ICMP
echo 8 packets contained an invalid media access control (MAC) address.
Logs showed that one device replied with ICMP echo 0 packets. What does
the reply from the single device indicate ✔✔✔✔ The machine is in
promiscuous mode.
1 / 10
WGU C702 Forensics and Network Intrusion Exam 2022
(Verified Answers by Expert)
1.How large is the partition table structure that stores information about
the partitions present on the hard disk✔✔✔✔ 64 bytes
2.On Macintosh computers, which architecture utilizes EFI to initialize the
hardware interfaces after the BootROM performs POST✔✔✔✔ Intel-based
Macin- tosh Computers
3.:What component of a typical FAT32 file system occupies the largest
part of a partition and stores the actual files and directories✔✔✔✔ Data
Area
4.What is a technology that uses multiple smaller disks simultaneously
that function as a single large volume✔✔✔✔ RAID
5.What is the maximum file system size in ext3✔✔✔✔ 32 TB
2 / 10
6.What is the maximum file system size in ext4✔✔✔✔ 1 EiB
7.:What layer of web application architecture is responsible for the core
functioning of the system and includes logic and applications, such as
.NET, used by developers to build websites according to client
requirements✔✔✔✔ – business layer
8.What stage of the Linux boot process includes the task of loading the
virtual root file system created by the initrd image and executes the
Linuxrc program✔✔✔✔ Kernel Stage
9.What UFS file system part comprises a collection, including a header
with statistics and free lists, a number of inodes containing file attributes,
and a number of data blocks✔✔✔✔ cylinder group
10.Which attribute ID does NTFS set as a flag after encrypting a file where
the Data Decryption Field (DDF) and Data Recovery Field (DRF) is
stored✔✔✔✔ 0x100
11.Which cmdlet can investigators use in Windows PowerShell to analyze
the GUID Partition Table data structure of the hard disk✔✔✔✔ Get-GPT
3 / 10
12.Which cmdlet can investigators use in Windows PowerShell to analyze
the GUID Partition Table to find the exact type of boot sector and display
the partition object✔✔✔✔ Get-PartitionTable
- Which field type refers to the volume descriptor as a
supplementary✔✔✔✔ –
Number 2 - Which HFS volume structure is the starting block of the volume
bitmap?-
: Logical Block 3
15.Which inode field determines what the inode describes and the
permis- sions that users have to it✔✔✔✔ Mode
WGU C702 Forensics and Network Intrusion Pre-Assessment
2022/2023(Verified Answers by Expert)
1.Which model or legislation applies a holistic approach toward any
criminal activity as a criminal operation ✔✔✔✔Enterprise Theory of Investigation (ETI)
2.Which characteristic describes an organization’s forensic readiness in
the context of cybercrimes ✔✔✔✔It includes cost considerations
3.Which computer crime forensics step requires an investigator to
duplicate and image the collected digital information ✔✔✔✔Acquiring data
4.What is the last step of a criminal investigation that requires the
involve- ment of a computer forensic investigator ✔✔✔✔Testifying in court
- A government agent is testifying in a case involving malware on a
system. What should this agent have complied with during search and
seizure ✔✔✔✔-
Fourth Amendment
6.Which tool should a forensic investigator use to view information
from Linux kernel ring buffers ✔✔✔✔dmesg - Which operating system is targeted by the DaveGrohl password
cracker?-
: OS X
1 / 15
WGU C702 – Forensics and Network Intrusion Practice Questions2022/2023(Verified Answers by Expert)
- A software company suspects that employees have set up automatic
cor- porate email forwarding to their personal inboxes against company
policy. The company hires forensic investigators to identify the employees
violating policy, with the intention of issuing warnings to them.
Which type of cybercrime investigation approach is this company
taking? Civil
Criminal
Administrative
Punitive ✔✔✔✔
Administrative - Which model or legislation applies a holistic approach toward any
criminal activity as a criminal operation?
Enterprise Theory of Investigation
Racketeer Influenced and Corrupt Organizations
Act Evidence Examination
Law Enforcement Cyber Incident Reporting ✔✔✔✔ Enterprise Theory of
Investigation
2 / 15
- What does a forensic investigator need to obtain before seizing a
comput- ing device in a criminal case?
Court warrant
Completed crime report
Chain of custody document
Plaintiff’s permission ✔✔✔✔
Court warrant - Which activity should be used to check whether an application has
ever been installed on a computer?
Penetration test
Risk analysis
Log review
Security review ✔✔✔✔ Log review - Which characteristic describes an organization’s forensic readiness in
the context of cybercrimes?
It includes moral
considerations. It includes cost
considerations.
3 / 15
It excludes nontechnical actions.
It excludes technical actions. ✔✔✔✔ It includes cost considerations.
- A cybercrime investigator identifies a Universal Serial Bus (USB)
memory stick containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in
evidence?
Those who obtain access to the
device Anyone who has ever used the
device Recipients of emails on the
device
Authors of emails on the device ✔✔✔✔ Those who obtain access to the
device - Which type of attack is a denial-of-service technique that sends a
large amount of data to overwhelm system resources?
Phishing
Spamming
Mail bombing
Bluejacking ✔✔✔✔ Mail bombing - Which computer crime forensics step requires an investigator to
1 / 16
WGU C702 CHFI and OA QUIZ QUESTIONS
2022/2023(Verified Answers by Expert)
1.Which of the following is true regarding computer forensics
✔✔✔✔Computer forensics deals with the process of finding evidence
related to a digital crime to find the culprits and initiate legal action
against them.
2.Which of the following is NOT a objective of computer forensics
✔✔✔✔Doc- ument vulnerabilities allowing further loss of intellectual
property, finances, and reputation during an attack.
3.Which of the following is true regarding Enterprise Theory of
Investigation (ETI) ✔✔✔✔It adopts a holistic approach toward any
criminal activity as a criminal operation rather as a single criminal act.
4.Forensic readiness refers to:: An organization’s ability to make
optimal use of digital evidence in a limited time period and with
minimal investigation costs.
2 / 16
5.Which of the following is NOT a element of cybercrime ✔✔✔✔Evidence
smaller in size.
6.Which of the following is true of cybercrimes ✔✔✔✔Investigators, with
a warrant, have the authority to forcibly seize the computing devices.
7.Which of the following is true of cybercrimes ✔✔✔✔The initial
reporting of the evidence is usually informal.
8.Which of the following is NOT a consideration during a cybercrime
inves- tigation ✔✔✔✔Value or cost to the victim.
- Which of the following is a user-created source of potential evidence
✔✔✔✔-
Address book.
10.Which of the following is a computer-created source of potential
evi- dence ✔✔✔✔Swap file. - Which of the following is NOT where potential evidence may be
3 / 16
located?-
: Processor.
12.Under which of the following conditions will duplicate evidence
NOT suffice ✔✔✔✔When original evidence is in possession of the
originator.
13.Which of the following Federal Rules of Evidence governs
proceedings in the courts of the United States ✔✔✔✔Rule 101.
14.Which of the following Federal Rules of Evidence ensures that the
truth may be ascertained and the proceedings justly determined
✔✔✔✔Rule 102.
15.Which of the following Federal Rules of Evidence contains rulings
on evidence ✔✔✔✔Rule 103
4 / 16
16.Which of the following Federal Rules of Evidence states that the court
shall restrict the evidence to its proper scope and instruct the jury
accord- ingly ✔✔✔✔Rule 105
17.Which of the following refers to a set of methodological procedures
and techniques to identify, gather, preserve, extract, interpret, document,
and present evidence from computing equipment in such a manner that
the discovered evidence is acceptable during a legal and/or
administrative proceeding in a court of law ✔✔✔✔Computer Forensics.
18.Computer Forensics deals with the process of finding related to a
digital crime to find the culprits and initiate legal action against them.: Evidence.
19.Minimizing the tangible and intangible losses to the organization or
an individual is considered an essential computer forensics use.: True.
20.Cybercrimes can be classified into the following two types of
attacks, based on the line of attack.: Internal and External.
21.Espionage, theft of intellectual property, manipulation of records, and