2
C840 Digital Forensics in Cybersecurity Pre- || || || || ||
Assessment, D431 Digital Forensics, WGU D431 - || || || || || || ||
LAWS, WGU D431 - Digital Forensics in || || || || || || ||
Cybersecurity, D431 - Laws + Regs || || || || ||
The chief information officer of an accounting firm believes sensitive data is being exposed on
|| || || || || || || || || || || || || || ||
the local network.
|| ||
Which tool should the IT staff use to gather digital evidence about this security vulnerability?
|| || || || || || || || || || || || || ||
Sniffer
A police detective investigating a threat traces the source to a house. The couple at the house
|| || || || || || || || || || || || || || || || ||
shows the detective the only computer the family owns, which is in their son's bedroom. The
|| || || || || || || || || || || || || || || ||
couple states that their son is presently in class at a local middle school.
|| || || || || || || || || || || || ||
How should the detective legally gain access to the computer?
|| || || || || || || || ||
Obtain consent to search from the parents || || || || || ||
How should a forensic scientist obtain the network configuration from a Windows PC before
|| || || || || || || || || || || || || ||
seizing it from a crime scene? || || || || ||
By using the ipconfig command from a command prompt on the computer
|| || || || || || || || || || ||
The human resources manager of a small accounting firm believes he may have been a victim of a
|| || || || || || || || || || || || || || || || ||
phishing scam. The manager clicked on a link in an email message that asked him to verify the
|| || || || || || || || || || || || || || || || || || ||
logon credentials for the firm's online bank account.
|| || || || || || ||
Which digital evidence should a forensic investigator collect to investigate this incident?
|| || || || || || || || || || ||
Browser cache ||
After a company's single-purpose, dedicated messaging server is hacked by a cybercriminal, a
|| || || || || || || || || || || || ||
forensics expert is hired to investigate the crime and collect evidence.
|| || || || || || || || || ||
Which digital evidence should be collected?
|| || || || ||
Firewall logs ||
Thomas received an email stating that he needed to follow a link and verify his bank account
|| || || || || || || || || || || || || || || || ||
information to ensure it was secure. Shortly after following the instructions, Thomas noticed
|| || || || || || || || || || || || ||
money was missing from his account. || || || || ||
,2
Which digital evidence should be considered to determine how Thomas' account information was
|| || || || || || || || || || || || ||
compromised?
Email messages ||
The chief executive officer (CEO) of a small computer company has identified a potential
|| || || || || || || || || || || || || ||
hacking attack from an outside competitor. || || || || ||
Which type of evidence should a forensics investigator use to identify the source of the hack?
|| || || || || || || || || || || || || || ||
Network transaction logs || ||
A forensic scientist arrives at a crime scene to begin collecting evidence.
|| || || || || || || || || || ||
What is the first thing the forensic scientist should do?
|| || || || || || || || ||
Photograph all evidence in its original place || || || || || ||
Which method of copying digital evidence ensures proper evidence collection?
|| || || || || || || || ||
Make the copy at the bit-level || || || || ||
A computer involved in a crime is infected with malware. The computer is on and connected to
|| || || || || || || || || || || || || || || || ||
the company's network. The forensic investigator arrives at the scene.
|| || || || || || || || ||
Which action should be the investigator's first step?
|| || || || || || ||
Unplug the computer's Ethernet cable || || || ||
What are the three basic tasks that a systems forensic specialist must keep in mind when handling
|| || || || || || || || || || || || || || || || ||
evidence during a cybercrime investigation? || || || ||
Find evidence, Preserve evidence, and Prepare evidence
|| || || || || ||
How do forensic specialists show that digital evidence was handled in a protected, secure manner
|| || || || || || || || || || || || || || ||
during the process of collecting and analyzing the evidence?
|| || || || || || || ||
Chain of custody || ||
Which characteristic applies to magnetic drives compared to solid-state drives (SSDs)?
|| || || || || || || || || ||
Lower cost ||
Which characteristic applies to solid-state drives (SSDs) compared to magnetic drives?
|| || || || || || || || || ||
They are less susceptible to damage.
|| || || || ||
,2
Which type of storage format should be transported in a special bag to reduce electrostatic
|| || || || || || || || || || || || || || ||
interference?
Magnetic media ||
Which Windows component is responsible for reading the boot.ini file and displaying the boot
|| || || || || || || || || || || || || ||
loader menu on Windows XP during the boot process?
|| || || || || || || ||
NTLDR
The following line of code is an example of how to make a forensic copy of a suspect drive:
|| || || || || || || || || || || || || || || || || ||
dd if=/dev/mem of=/evidence/image.memory1
|| ||
Which operating system should be used to run this command?
|| || || || || || || || ||
Linux
Which file system is supported by Mac?
|| || || || || ||
Hierarchical File System Plus (HFS+) || || || ||
Which law requires both parties to consent to the recording of a conversation?
|| || || || || || || || || || || ||
Electronic Communications Privacy Act (ECPA) || || || ||
Which law is related to the disclosure of personally identifiable protected health information
|| || || || || || || || || || || || ||
(PHI)?
Health Insurance Portability and Accountability Act (HIPAA)
|| || || || || ||
Which U.S. law criminalizes the act of knowingly using a misleading domain name with the
|| || || || || || || || || || || || || || ||
intent to deceive a minor into viewing harmful material?
|| || || || || || || ||
18 U.S.C. 2252B
|| ||
Which U.S. law protects journalists from turning over their work or sources to law enforcement
|| || || || || || || || || || || || || || ||
before the information is shared with the public?
|| || || || || || ||
The Privacy Protection Act (PPA)
|| || || ||
Which law or guideline lists the four states a mobile device can be in when data is extracted from
|| || || || || || || || || || || || || || || || || || ||
it?
NIST SP 800-72 Guidelines
|| || ||
Which law includes a provision permitting the wiretapping of VoIP calls?
|| || || || || || || || || ||
Communications Assistance to Law Enforcement Act (CALEA) || || || || || ||
, 2
Which policy is included in the CAN-SPAM Act?
|| || || || || || ||
The email sender must provide some mechanism whereby the receiver can opt out of future
|| || || || || || || || || || || || || || ||
emails and that method cannot require the receiver to pay in order to opt out.
|| || || || || || || || || || || || || ||
Which United States law requires telecommunications equipment manufacturers to provide built-
|| || || || || || || || || ||
in surveillance capabilities for federal agencies?
|| || || || ||
Communication Assistance to Law Enforcement Act (CALEA) || || || || || ||
Which law requires a search warrant or one of the recognized expectations to the search warrant
|| || || || || || || || || || || || || || || ||
requirements for searching email messages on a computer? || || || || || || ||
The Fourth Amendment to the U.S. Constitution
|| || || || || ||
What is one purpose of steganography?
|| || || || ||
To deliver information secretly
|| || ||
Which method is used to implement steganography through pictures?
|| || || || || || || ||
LSB
The chief information security officer of a company believes that an attacker has infiltrated the
|| || || || || || || || || || || || || || ||
company's network and is using steganography to communicate with external sources. A security
|| || || || || || || || || || || || ||
team is investigating the incident. They are told to start by focusing on the core elements of
|| || || || || || || || || || || || || || || || ||
steganography.
What are the core elements of steganography?
|| || || || || ||
Payload, carrier, channel || ||
A system administrator believes data are being leaked from the organization. The administrator
|| || || || || || || || || || || || ||
decides to use steganography to hide tracking information in the types of files he thinks are being
|| || || || || || || || || || || || || || || || ||
leaked.
Which steganographic term describes this tracking information?
|| || || || || ||
Payload
A criminal organization has compromised a third-party web server and is using it to control a
|| || || || || || || || || || || || || || || ||
botnet. The botnet server hides command and control messages through the DNS protocol.
|| || || || || || || || || || || ||
Which steganographic component are the command and control messages?
|| || || || || || || ||
Payload
Which method is commonly used to hide data via steganography?
|| || || || || || || || ||
C840 Digital Forensics in Cybersecurity Pre- || || || || ||
Assessment, D431 Digital Forensics, WGU D431 - || || || || || || ||
LAWS, WGU D431 - Digital Forensics in || || || || || || ||
Cybersecurity, D431 - Laws + Regs || || || || ||
The chief information officer of an accounting firm believes sensitive data is being exposed on
|| || || || || || || || || || || || || || ||
the local network.
|| ||
Which tool should the IT staff use to gather digital evidence about this security vulnerability?
|| || || || || || || || || || || || || ||
Sniffer
A police detective investigating a threat traces the source to a house. The couple at the house
|| || || || || || || || || || || || || || || || ||
shows the detective the only computer the family owns, which is in their son's bedroom. The
|| || || || || || || || || || || || || || || ||
couple states that their son is presently in class at a local middle school.
|| || || || || || || || || || || || ||
How should the detective legally gain access to the computer?
|| || || || || || || || ||
Obtain consent to search from the parents || || || || || ||
How should a forensic scientist obtain the network configuration from a Windows PC before
|| || || || || || || || || || || || || ||
seizing it from a crime scene? || || || || ||
By using the ipconfig command from a command prompt on the computer
|| || || || || || || || || || ||
The human resources manager of a small accounting firm believes he may have been a victim of a
|| || || || || || || || || || || || || || || || ||
phishing scam. The manager clicked on a link in an email message that asked him to verify the
|| || || || || || || || || || || || || || || || || || ||
logon credentials for the firm's online bank account.
|| || || || || || ||
Which digital evidence should a forensic investigator collect to investigate this incident?
|| || || || || || || || || || ||
Browser cache ||
After a company's single-purpose, dedicated messaging server is hacked by a cybercriminal, a
|| || || || || || || || || || || || ||
forensics expert is hired to investigate the crime and collect evidence.
|| || || || || || || || || ||
Which digital evidence should be collected?
|| || || || ||
Firewall logs ||
Thomas received an email stating that he needed to follow a link and verify his bank account
|| || || || || || || || || || || || || || || || ||
information to ensure it was secure. Shortly after following the instructions, Thomas noticed
|| || || || || || || || || || || || ||
money was missing from his account. || || || || ||
,2
Which digital evidence should be considered to determine how Thomas' account information was
|| || || || || || || || || || || || ||
compromised?
Email messages ||
The chief executive officer (CEO) of a small computer company has identified a potential
|| || || || || || || || || || || || || ||
hacking attack from an outside competitor. || || || || ||
Which type of evidence should a forensics investigator use to identify the source of the hack?
|| || || || || || || || || || || || || || ||
Network transaction logs || ||
A forensic scientist arrives at a crime scene to begin collecting evidence.
|| || || || || || || || || || ||
What is the first thing the forensic scientist should do?
|| || || || || || || || ||
Photograph all evidence in its original place || || || || || ||
Which method of copying digital evidence ensures proper evidence collection?
|| || || || || || || || ||
Make the copy at the bit-level || || || || ||
A computer involved in a crime is infected with malware. The computer is on and connected to
|| || || || || || || || || || || || || || || || ||
the company's network. The forensic investigator arrives at the scene.
|| || || || || || || || ||
Which action should be the investigator's first step?
|| || || || || || ||
Unplug the computer's Ethernet cable || || || ||
What are the three basic tasks that a systems forensic specialist must keep in mind when handling
|| || || || || || || || || || || || || || || || ||
evidence during a cybercrime investigation? || || || ||
Find evidence, Preserve evidence, and Prepare evidence
|| || || || || ||
How do forensic specialists show that digital evidence was handled in a protected, secure manner
|| || || || || || || || || || || || || || ||
during the process of collecting and analyzing the evidence?
|| || || || || || || ||
Chain of custody || ||
Which characteristic applies to magnetic drives compared to solid-state drives (SSDs)?
|| || || || || || || || || ||
Lower cost ||
Which characteristic applies to solid-state drives (SSDs) compared to magnetic drives?
|| || || || || || || || || ||
They are less susceptible to damage.
|| || || || ||
,2
Which type of storage format should be transported in a special bag to reduce electrostatic
|| || || || || || || || || || || || || || ||
interference?
Magnetic media ||
Which Windows component is responsible for reading the boot.ini file and displaying the boot
|| || || || || || || || || || || || || ||
loader menu on Windows XP during the boot process?
|| || || || || || || ||
NTLDR
The following line of code is an example of how to make a forensic copy of a suspect drive:
|| || || || || || || || || || || || || || || || || ||
dd if=/dev/mem of=/evidence/image.memory1
|| ||
Which operating system should be used to run this command?
|| || || || || || || || ||
Linux
Which file system is supported by Mac?
|| || || || || ||
Hierarchical File System Plus (HFS+) || || || ||
Which law requires both parties to consent to the recording of a conversation?
|| || || || || || || || || || || ||
Electronic Communications Privacy Act (ECPA) || || || ||
Which law is related to the disclosure of personally identifiable protected health information
|| || || || || || || || || || || || ||
(PHI)?
Health Insurance Portability and Accountability Act (HIPAA)
|| || || || || ||
Which U.S. law criminalizes the act of knowingly using a misleading domain name with the
|| || || || || || || || || || || || || || ||
intent to deceive a minor into viewing harmful material?
|| || || || || || || ||
18 U.S.C. 2252B
|| ||
Which U.S. law protects journalists from turning over their work or sources to law enforcement
|| || || || || || || || || || || || || || ||
before the information is shared with the public?
|| || || || || || ||
The Privacy Protection Act (PPA)
|| || || ||
Which law or guideline lists the four states a mobile device can be in when data is extracted from
|| || || || || || || || || || || || || || || || || || ||
it?
NIST SP 800-72 Guidelines
|| || ||
Which law includes a provision permitting the wiretapping of VoIP calls?
|| || || || || || || || || ||
Communications Assistance to Law Enforcement Act (CALEA) || || || || || ||
, 2
Which policy is included in the CAN-SPAM Act?
|| || || || || || ||
The email sender must provide some mechanism whereby the receiver can opt out of future
|| || || || || || || || || || || || || || ||
emails and that method cannot require the receiver to pay in order to opt out.
|| || || || || || || || || || || || || ||
Which United States law requires telecommunications equipment manufacturers to provide built-
|| || || || || || || || || ||
in surveillance capabilities for federal agencies?
|| || || || ||
Communication Assistance to Law Enforcement Act (CALEA) || || || || || ||
Which law requires a search warrant or one of the recognized expectations to the search warrant
|| || || || || || || || || || || || || || || ||
requirements for searching email messages on a computer? || || || || || || ||
The Fourth Amendment to the U.S. Constitution
|| || || || || ||
What is one purpose of steganography?
|| || || || ||
To deliver information secretly
|| || ||
Which method is used to implement steganography through pictures?
|| || || || || || || ||
LSB
The chief information security officer of a company believes that an attacker has infiltrated the
|| || || || || || || || || || || || || || ||
company's network and is using steganography to communicate with external sources. A security
|| || || || || || || || || || || || ||
team is investigating the incident. They are told to start by focusing on the core elements of
|| || || || || || || || || || || || || || || || ||
steganography.
What are the core elements of steganography?
|| || || || || ||
Payload, carrier, channel || ||
A system administrator believes data are being leaked from the organization. The administrator
|| || || || || || || || || || || || ||
decides to use steganography to hide tracking information in the types of files he thinks are being
|| || || || || || || || || || || || || || || || ||
leaked.
Which steganographic term describes this tracking information?
|| || || || || ||
Payload
A criminal organization has compromised a third-party web server and is using it to control a
|| || || || || || || || || || || || || || || ||
botnet. The botnet server hides command and control messages through the DNS protocol.
|| || || || || || || || || || || ||
Which steganographic component are the command and control messages?
|| || || || || || || ||
Payload
Which method is commonly used to hide data via steganography?
|| || || || || || || || ||
