WGU C840: Digital Forensics in
Cybersecurity |PA | Pre-Assessment
Exam
A computer involved in a crime is infected with malware. The computer is on and
connected to the company's network. The forensic investigator arrives at the scene.
Which action should be the investigator's first step? - ANSWER-Unplug the computer's
Ethernet cable
A criminal organization has compromised a third-party web server and is using it to
control a botnet. The botnet server hides command and control messages through the
DNS protocol.
Which steganographic component are the command and control messages? -
ANSWER-Payload
A cyber security organization has issued a warning about a cybercriminal who is using a
known vulnerability to attack unpatched corporate Macintosh systems. A network
administrator decides to examine the software updates logs on a Macintosh system to
ensure the system has been patched.
Which folder contains the software updates logs? - ANSWER-/Library/Receipts
A foreign government is communicating with its agents in the U.S. by hiding text
messages in popular American songs, which are uploaded to the web.
Which steganographic tool can be used to do this? - ANSWER-MP3Stego
A forensic examiner reviews a laptop running OS X which has been compromised. The
examiner wants to know if there were any mounted volumes created from USB drives.
Which digital evidence should be reviewed? - ANSWER-/var/log
A forensic examiner wants to try to extract passwords for wireless networks to which a
system was connected.
Where should passwords for wireless networks be stored on a Windows XP system? -
ANSWER-Registry
A forensic investigator wants to image an older BlackBerry smartphone running OS 7.0.
, Which tool should the investigator use? - ANSWER-BlackBerry Desktop Manager
A forensic scientist arrives at a crime scene to begin collecting evidence.
What is the first thing the forensic scientist should do? - ANSWER-Photograph all
evidence in its original place
A police detective investigating a threat traces the source to a house. The couple at the
house shows the detective the only computer the family owns, which is in their son's
bedroom. The couple states that their son is presently in class at a local middle school.
How should the detective legally gain access to the computer? - ANSWER-Obtain
consent to search from the parents
A system administrator believes an employee is leaking information to a competitor by
hiding confidential data in images being attached to outgoing emails. The administrator
has captured the outgoing emails.
Which tool should the forensic investigator use to search for the hidden data in the
images? - ANSWER-Forensic Toolkit (FTK)
A system administrator believes data are being leaked from the organization. The
administrator decides to use steganography to hide tracking information in the types of
files he thinks are being leaked.
Which steganographic term describes this tracking information? - ANSWER-Payload
After a company's single-purpose, dedicated messaging server is hacked by a
cybercriminal, a forensics expert is hired to investigate the crime and collect evidence.
Which digital evidence should be collected? - ANSWER-Firewall logs
An investigator wants to extract information from a mobile device by connecting it to a
computer.
What should the investigator take great care to ensure? - ANSWER-That the mobile
device does not synchronize with the computer
During a cyber-forensics investigation, a USB drive was found that contained multiple
pictures of the same flower.
How should an investigator use properties of a file to detect steganography? -
ANSWER-Review the hexadecimal code looking for anomalies in the file headers and
endings using a tool such as EnCase
Cybersecurity |PA | Pre-Assessment
Exam
A computer involved in a crime is infected with malware. The computer is on and
connected to the company's network. The forensic investigator arrives at the scene.
Which action should be the investigator's first step? - ANSWER-Unplug the computer's
Ethernet cable
A criminal organization has compromised a third-party web server and is using it to
control a botnet. The botnet server hides command and control messages through the
DNS protocol.
Which steganographic component are the command and control messages? -
ANSWER-Payload
A cyber security organization has issued a warning about a cybercriminal who is using a
known vulnerability to attack unpatched corporate Macintosh systems. A network
administrator decides to examine the software updates logs on a Macintosh system to
ensure the system has been patched.
Which folder contains the software updates logs? - ANSWER-/Library/Receipts
A foreign government is communicating with its agents in the U.S. by hiding text
messages in popular American songs, which are uploaded to the web.
Which steganographic tool can be used to do this? - ANSWER-MP3Stego
A forensic examiner reviews a laptop running OS X which has been compromised. The
examiner wants to know if there were any mounted volumes created from USB drives.
Which digital evidence should be reviewed? - ANSWER-/var/log
A forensic examiner wants to try to extract passwords for wireless networks to which a
system was connected.
Where should passwords for wireless networks be stored on a Windows XP system? -
ANSWER-Registry
A forensic investigator wants to image an older BlackBerry smartphone running OS 7.0.
, Which tool should the investigator use? - ANSWER-BlackBerry Desktop Manager
A forensic scientist arrives at a crime scene to begin collecting evidence.
What is the first thing the forensic scientist should do? - ANSWER-Photograph all
evidence in its original place
A police detective investigating a threat traces the source to a house. The couple at the
house shows the detective the only computer the family owns, which is in their son's
bedroom. The couple states that their son is presently in class at a local middle school.
How should the detective legally gain access to the computer? - ANSWER-Obtain
consent to search from the parents
A system administrator believes an employee is leaking information to a competitor by
hiding confidential data in images being attached to outgoing emails. The administrator
has captured the outgoing emails.
Which tool should the forensic investigator use to search for the hidden data in the
images? - ANSWER-Forensic Toolkit (FTK)
A system administrator believes data are being leaked from the organization. The
administrator decides to use steganography to hide tracking information in the types of
files he thinks are being leaked.
Which steganographic term describes this tracking information? - ANSWER-Payload
After a company's single-purpose, dedicated messaging server is hacked by a
cybercriminal, a forensics expert is hired to investigate the crime and collect evidence.
Which digital evidence should be collected? - ANSWER-Firewall logs
An investigator wants to extract information from a mobile device by connecting it to a
computer.
What should the investigator take great care to ensure? - ANSWER-That the mobile
device does not synchronize with the computer
During a cyber-forensics investigation, a USB drive was found that contained multiple
pictures of the same flower.
How should an investigator use properties of a file to detect steganography? -
ANSWER-Review the hexadecimal code looking for anomalies in the file headers and
endings using a tool such as EnCase
