1 \/
WGU C702 – Forensics and Network Intrusion Exam 2022
(Verified Answers by Expert)
1.Which documentation should a forensic examiner prepare prior to a
dy- namic analysis \u2714\u2714\u2714\u2714 The full path and location of the file being
investigated
2.What allows for a lawful search to be conducted without a warrant
or probable cause \u2714\u2714\u2714\u2714 Consent of person with authority
3.A forensic investigator is tasked with retrieving evidence where the
prima- ry server has been erased. The investigator needs to rely on network
logs and backup tapes to base their conclusions on while testifying in
court. Which information found in rules of evidence, Rule 1001, helps
determine if this testimony is acceptable to the court \u2714\u2714\u2714\u2714 Definition of
original evidence
4.When can a forensic investigator collect evidence without formal
con- sent \u2714\u2714\u2714\u2714 When properly worded banners are displayed on
the computer screen<\/p>\n\n\n\n
2 \/
5.Who determines whether a forensic investigation should take place if a
situation is undocumented in the standard operating procedures \u2714\u2714\u2714\u2714
Decision maker
6.Which situation leads to a civil investigation \u2714\u2714\u2714\u2714 Disputes between
two parties that relate to a contract violation
7.Which rule does a forensic investigator need to follow \u2714\u2714\u2714\u2714 Use
well-known standard procedures
8.What is the focus of Locard’s exchange principle \u2714\u2714\u2714\u2714 Anyone
entering a crime scene takes something with them and leaves
something behind.
9.What is the focus of the enterprise theory of investigation (ETI) \u2714\u2714\u2714\u2714
Solving one crime can tie it back to a criminal organization’s
activities.<\/p>\n\n\n\n
3 \/
10.A forensic investigator is searching a Windows XP computer image for
information about a deleted Word document. The investigator already
viewed the sixth file that was deleted from the computer. Two additional
files were deleted. What is the name of the last file the investigator opens
\u2714\u2714\u2714\u2714 $R7.doc
11.What is a benefit of a web application firewall (WAF) \u2714\u2714\u2714\u2714 Acts as a
reverse proxy to inspect all HTTP traffic
12.How does a hacker bypass a web application firewall (WAF) with
the toggle case technique \u2714\u2714\u2714\u2714 By randomly capitalizing some of
the characters
13.During a recent scan of a network, a network administrator sent ICMP
echo 8 packets to each IP address being used in the network. The ICMP
echo 8 packets contained an invalid media access control (MAC) address.
Logs showed that one device replied with ICMP echo 0 packets. What does
the reply from the single device indicate \u2714\u2714\u2714\u2714 The machine is in
promiscuous mode.<\/p>\n\n\n\n
1 \/ 10
WGU C702 Forensics and Network Intrusion Exam 2022
(Verified Answers by Expert)
1.How large is the partition table structure that stores information about
the partitions present on the hard disk\u2714\u2714\u2714\u2714 64 bytes
2.On Macintosh computers, which architecture utilizes EFI to initialize the
hardware interfaces after the BootROM performs POST\u2714\u2714\u2714\u2714 Intel-based
Macin- tosh Computers
3.:What component of a typical FAT32 file system occupies the largest
part of a partition and stores the actual files and directories\u2714\u2714\u2714\u2714 Data
Area
4.What is a technology that uses multiple smaller disks simultaneously
that function as a single large volume\u2714\u2714\u2714\u2714 RAID
5.What is the maximum file system size in ext3\u2714\u2714\u2714\u2714 32 TB<\/p>\n\n\n\n
2 \/ 10
6.What is the maximum file system size in ext4\u2714\u2714\u2714\u2714 1 EiB
7.:What layer of web application architecture is responsible for the core
functioning of the system and includes logic and applications, such as
.NET, used by developers to build websites according to client
requirements\u2714\u2714\u2714\u2714 – business layer
8.What stage of the Linux boot process includes the task of loading the
virtual root file system created by the initrd image and executes the
Linuxrc program\u2714\u2714\u2714\u2714 Kernel Stage
9.What UFS file system part comprises a collection, including a header
with statistics and free lists, a number of inodes containing file attributes,
and a number of data blocks\u2714\u2714\u2714\u2714 cylinder group
10.Which attribute ID does NTFS set as a flag after encrypting a file where
the Data Decryption Field (DDF) and Data Recovery Field (DRF) is
stored\u2714\u2714\u2714\u2714 0x100
11.Which cmdlet can investigators use in Windows PowerShell to analyze
the GUID Partition Table data structure of the hard disk\u2714\u2714\u2714\u2714 Get-GPT<\/p>\n\n\n\n
3 \/ 10
12.Which cmdlet can investigators use in Windows PowerShell to analyze
the GUID Partition Table to find the exact type of boot sector and display
the partition object\u2714\u2714\u2714\u2714 Get-PartitionTable<\/p>\n\n\n\n
WGU C702 Forensics and Network Intrusion Pre-Assessment 1 \/ 15 2 \/ 15<\/p>\n\n\n\n 3 \/ 15 1 \/ 16 2 \/ 16 3 \/ 16 4 \/ 16 1 \/WGU C702 – Forensics and Network Intrusion Exam 2022(Verified Answers by Expert)1.Which documentation should a forensic examiner prepare prior to ady- namic analysis \u2714\u2714\u2714\u2714 The full path and location of the file beinginvestigated2.What allows for a lawful search to be conducted without a warrantor probable cause \u2714\u2714\u2714\u2714 Consent of person with authority3.A forensic investigator […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[25],"tags":[],"class_list":["post-117593","post","type-post","status-publish","format-standard","hentry","category-exams-certification"],"_links":{"self":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/117593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/comments?post=117593"}],"version-history":[{"count":0,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/117593\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/media?parent=117593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/categories?post=117593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/tags?post=117593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
2022\/2023(Verified Answers by Expert)
1.Which model or legislation applies a holistic approach toward any
criminal activity as a criminal operation \u2714\u2714\u2714\u2714Enterprise Theory of Investigation (ETI)<\/em>
2.Which characteristic describes an organization’s forensic readiness in
the context of cybercrimes \u2714\u2714\u2714\u2714It includes cost considerations<\/em>
3.Which computer crime forensics step requires an investigator to
duplicate and image the collected digital information \u2714\u2714\u2714\u2714Acquiring data<\/em>
4.What is the last step of a criminal investigation that requires the
involve- ment of a computer forensic investigator \u2714\u2714\u2714\u2714Testifying in court<\/em><\/p>\n\n\n\n\n
system. What should this agent have complied with during search and
seizure \u2714\u2714\u2714\u2714-
Fourth Amendment<\/em>
6.Which tool should a forensic investigator use to view information
from Linux kernel ring buffers \u2714\u2714\u2714\u2714dmesg<\/em><\/li>\n\n\n\n
cracker?-
: OS X<\/em><\/li>\n<\/ol>\n\n\n\n
WGU C702 – Forensics and Network Intrusion Practice Questions2022\/2023(Verified Answers by Expert)<\/p>\n\n\n\n\n
cor- porate email forwarding to their personal inboxes against company
policy. The company hires forensic investigators to identify the employees
violating policy, with the intention of issuing warnings to them.
Which type of cybercrime investigation approach is this company
taking? Civil
Criminal
Administrative
Punitive \u2714\u2714\u2714\u2714
Administrative<\/li>\n\n\n\n
criminal activity as a criminal operation?
Enterprise Theory of Investigation
Racketeer Influenced and Corrupt Organizations
Act Evidence Examination
Law Enforcement Cyber Incident Reporting \u2714\u2714\u2714\u2714 Enterprise Theory of
Investigation<\/li>\n<\/ol>\n\n\n\n\n
comput- ing device in a criminal case?
Court warrant
Completed crime report
Chain of custody document
Plaintiff’s permission \u2714\u2714\u2714\u2714
Court warrant<\/li>\n\n\n\n
ever been installed on a computer?
Penetration test
Risk analysis
Log review
Security review \u2714\u2714\u2714\u2714 Log review<\/li>\n\n\n\n
the context of cybercrimes?
It includes moral
considerations. It includes cost
considerations.<\/li>\n<\/ol>\n\n\n\n
It excludes nontechnical actions.
It excludes technical actions. \u2714\u2714\u2714\u2714 It includes cost considerations.<\/p>\n\n\n\n\n
memory stick containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in
evidence?
Those who obtain access to the
device Anyone who has ever used the
device Recipients of emails on the
device
Authors of emails on the device \u2714\u2714\u2714\u2714 Those who obtain access to the
device<\/li>\n\n\n\n
large amount of data to overwhelm system resources?
Phishing
Spamming
Mail bombing
Bluejacking \u2714\u2714\u2714\u2714 Mail bombing<\/li>\n\n\n\n
WGU C702 CHFI and OA QUIZ QUESTIONS
2022\/2023(Verified Answers by Expert)
1.Which of the following is true regarding computer forensics
\u2714\u2714\u2714\u2714Computer forensics deals with the process of finding evidence
related to a digital crime to find the culprits and initiate legal action
against them.
2.Which of the following is NOT a objective of computer forensics
\u2714\u2714\u2714\u2714Doc- ument vulnerabilities allowing further loss of intellectual
property, finances, and reputation during an attack.
3.Which of the following is true regarding Enterprise Theory of
Investigation (ETI) \u2714\u2714\u2714\u2714It adopts a holistic approach toward any
criminal activity as a criminal operation rather as a single criminal act.
4.Forensic readiness refers to:: An organization’s ability to make
optimal use of digital evidence in a limited time period and with
minimal investigation costs.<\/p>\n\n\n\n
5.Which of the following is NOT a element of cybercrime \u2714\u2714\u2714\u2714Evidence
smaller in size.
6.Which of the following is true of cybercrimes \u2714\u2714\u2714\u2714Investigators, with
a warrant, have the authority to forcibly seize the computing devices.
7.Which of the following is true of cybercrimes \u2714\u2714\u2714\u2714The initial
reporting of the evidence is usually informal.
8.Which of the following is NOT a consideration during a cybercrime
inves- tigation \u2714\u2714\u2714\u2714Value or cost to the victim.<\/p>\n\n\n\n\n
\u2714\u2714\u2714\u2714-
Address book.
10.Which of the following is a computer-created source of potential
evi- dence \u2714\u2714\u2714\u2714Swap file.<\/li>\n\n\n\n
located?-
: Processor.
12.Under which of the following conditions will duplicate evidence
NOT suffice \u2714\u2714\u2714\u2714When original evidence is in possession of the
originator.
13.Which of the following Federal Rules of Evidence governs
proceedings in the courts of the United States \u2714\u2714\u2714\u2714Rule 101.
14.Which of the following Federal Rules of Evidence ensures that the
truth may be ascertained and the proceedings justly determined
\u2714\u2714\u2714\u2714Rule 102.
15.Which of the following Federal Rules of Evidence contains rulings
on evidence \u2714\u2714\u2714\u2714Rule 103<\/p>\n\n\n\n
16.Which of the following Federal Rules of Evidence states that the court
shall restrict the evidence to its proper scope and instruct the jury
accord- ingly \u2714\u2714\u2714\u2714Rule 105
17.Which of the following refers to a set of methodological procedures
and techniques to identify, gather, preserve, extract, interpret, document,
and present evidence from computing equipment in such a manner that
the discovered evidence is acceptable during a legal and\/or
administrative proceeding in a court of law \u2714\u2714\u2714\u2714Computer Forensics.
18.Computer Forensics deals with the process of finding related to a
digital crime to find the culprits and initiate legal action against them.: Evidence.
19.Minimizing the tangible and intangible losses to the organization or
an individual is considered an essential computer forensics use.: True.
20.Cybercrimes can be classified into the following two types of
attacks, based on the line of attack.: Internal and External.
21.Espionage, theft of intellectual property, manipulation of records, and<\/p>\n","protected":false},"excerpt":{"rendered":"