WGU C702 FORENSICS AND NETWORK
INTRUSION EXAM SCRIPT 2026 TEST PAPER
QUESTIONS AND SOLUTIONS GRADED A+
◉ Which model or legislation applies a holistic approach toward any
criminal activity as a criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting. Answer: A
◉ What does a forensic investigator need to obtain before seizing a
computing device in a criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission. Answer: A
◉ Which activity should be used to check whether an application
has ever been installed on a computer?
,A Penetration test
B Risk analysis
C Log review
D Security review. Answer: C
◉ Which characteristic describes an organization's forensic
readiness in the context of cybercrimes?
A It includes moral considerations.
B It includes cost considerations.
C It excludes nontechnical actions.
D It excludes technical actions.. Answer: B
◉ A cybercrime investigator identifies a Universal Serial Bus (USB)
memory stick containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is
in evidence?
A Those who obtain access to the device
B Anyone who has ever used the device
,C Recipients of emails on the device
D Authors of emails on the device. Answer: A
◉ Which type of attack is a denial-of-service technique that sends a
large amount of data to overwhelm system resources?
A Phishing
B Spamming
C Mail bombing
D Bluejacking. Answer: C
◉ Which computer crime forensics step requires an investigator to
duplicate and image the collected digital information?
A Securing evidence
B Acquiring data
C Analyzing data
D Assessing evidence. Answer: B
◉ What is the last step of a criminal investigation that requires the
involvement of a computer forensic investigator?
, A Analyzing the data collected
B Testifying in court
C Assessing the evidence
D Performing search and seizure. Answer: B
◉ How can a forensic investigator verify an Android mobile device is
on, without potentially changing the original evidence or interacting
with the operating system?
A Check to see if it is plugged into a computer
B Tap the screen multiple times
C Look for flashing lights
D Hold down the power button. Answer: C
◉ What should a forensic investigator use to protect a mobile device
if a Faraday bag is not available?
A Aluminum foil
B Sturdy container
C Cardboard box
D Bubble wrap. Answer: A
INTRUSION EXAM SCRIPT 2026 TEST PAPER
QUESTIONS AND SOLUTIONS GRADED A+
◉ Which model or legislation applies a holistic approach toward any
criminal activity as a criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting. Answer: A
◉ What does a forensic investigator need to obtain before seizing a
computing device in a criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission. Answer: A
◉ Which activity should be used to check whether an application
has ever been installed on a computer?
,A Penetration test
B Risk analysis
C Log review
D Security review. Answer: C
◉ Which characteristic describes an organization's forensic
readiness in the context of cybercrimes?
A It includes moral considerations.
B It includes cost considerations.
C It excludes nontechnical actions.
D It excludes technical actions.. Answer: B
◉ A cybercrime investigator identifies a Universal Serial Bus (USB)
memory stick containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is
in evidence?
A Those who obtain access to the device
B Anyone who has ever used the device
,C Recipients of emails on the device
D Authors of emails on the device. Answer: A
◉ Which type of attack is a denial-of-service technique that sends a
large amount of data to overwhelm system resources?
A Phishing
B Spamming
C Mail bombing
D Bluejacking. Answer: C
◉ Which computer crime forensics step requires an investigator to
duplicate and image the collected digital information?
A Securing evidence
B Acquiring data
C Analyzing data
D Assessing evidence. Answer: B
◉ What is the last step of a criminal investigation that requires the
involvement of a computer forensic investigator?
, A Analyzing the data collected
B Testifying in court
C Assessing the evidence
D Performing search and seizure. Answer: B
◉ How can a forensic investigator verify an Android mobile device is
on, without potentially changing the original evidence or interacting
with the operating system?
A Check to see if it is plugged into a computer
B Tap the screen multiple times
C Look for flashing lights
D Hold down the power button. Answer: C
◉ What should a forensic investigator use to protect a mobile device
if a Faraday bag is not available?
A Aluminum foil
B Sturdy container
C Cardboard box
D Bubble wrap. Answer: A
