WGU C702 CYBERLAW FINAL EXAM ACTUAL 2026 |
Regulations and Compliance OA | 200 Questions with
Verified Detailed Answers | Pass Guaranteed - A+
Graded
SECTION 1: LEGAL FRAMEWORK & U.S. LEGAL SYSTEM (25 Questions)
Q1: A system administrator at a mid-sized technology company discovers that an
employee has been accessing confidential salary databases without authorization. The
company wants to pursue legal action. Which federal statute most directly applies to
this unauthorized access?
A. Electronic Communications Privacy Act (ECPA)
B. Computer Fraud and Abuse Act (CFAA) [CORRECT]
C. Stored Communications Act (SCA)
D. Digital Millennium Copyright Act (DMCA)
Rationale: For the C702 OA final, remember that the CFAA (18 U.S.C. § 1030) is the
primary federal statute criminalizing unauthorized access to protected computers.
ECPA deals with interception of communications, SCA governs access to stored
electronic communications held by service providers, and DMCA addresses copyright
protection. The key distinction is that this involves exceeding authorized access to a
computer system.
,Correct Answer: B
Q2: A government agency employee is suspected of selling classified information to a
foreign power. Investigators want to monitor the employee's real-time keystrokes and
screen captures. Which legal standard must be met to obtain authorization for this type
of surveillance?
A. Reasonable suspicion that criminal activity is occurring
B. Probable cause and a warrant based on particularity [CORRECT]
C. Preponderance of the evidence that a crime has occurred
D. Beyond a reasonable doubt that the target is a foreign agent
Rationale: Real-time monitoring of keystrokes and screen captures constitutes
interception of electronic communications under the Wiretap Act (Title I of ECPA). For
this type of surveillance, investigators need probable cause and a warrant that
particularly describes the place to be searched and the things to be seized. Reasonable
suspicion supports pen registers (metadata only), preponderance is the civil standard,
and beyond a reasonable doubt is the criminal trial standard.
Correct Answer: B
Q3: A police officer conducting a lawful traffic stop notices a laptop bag on the
passenger seat in plain view. The officer sees what appears to be a sticker related to a
known hacking group. The officer opens the bag and finds stolen credit card numbers.
,Which 4th Amendment warrant exception most likely applies to the officer's initial
observation?
A. Consent
B. Plain view [CORRECT]
C. Exigent circumstances
D. Search incident to arrest
Rationale: The plain view doctrine allows officers to seize evidence without a warrant
when they are lawfully present in a location and immediately recognize items as
contraband or evidence of a crime. The officer was lawfully at the window during the
traffic stop, the laptop bag was in plain view, and the hacking sticker provided
immediate probable cause to believe it contained evidence of crime. Consent wasn't
given, exigency wasn't present yet, and the search incident to arrest applies after an
arrest has occurred.
Correct Answer: B
Q4: A cybersecurity analyst at a financial institution suspects that a former employee
installed a keylogger before leaving the company. The analyst wants to examine the
former employee's work computer for evidence of the keylogger. Under which legal
framework can the employer access this computer without the former employee's
consent?
A. Electronic Communications Privacy Act (ECPA) because it is an employer-provided
system
, B. Computer Fraud and Abuse Act (CFAA) because the employee exceeded authorized
access
C. Stored Communications Act (SCA) because the computer is a facility providing
electronic communication service
B. Stored Communications Act (SCA) because the computer is a facility providing
electronic communication service [CORRECT]
Rationale: For the C702 OA final, remember that employer-provided systems generally
fall under the Stored Communications Act (18 U.S.C. §§ 2701-2712), not the ECPA. The
SCA allows employers to access stored communications on their own systems without
user consent, provided they are the operator of the facility and and the system is used in
the ordinary course of business. The CFAA applies to the former employee's conduct,
not the employer's access rights. ECPA requires consent or a warrant for interception.
Correct Answer: D
Q5: A digital forensics examiner is called to a crime scene where a suspect was
arrested for cyberstalking. The suspect's smartphone is locked with a passcode. Which
legal authority is most appropriate for compelling the suspect to provide the passcode?
A. A subpoena requiring the suspect to produce the passcode
B. A warrant based on probable cause for the phone and search of its contents
C. A court order under the All Writs Act compelling decryption assistance [CORRECT]
D. A National Security Letter to the device manufacturer
Regulations and Compliance OA | 200 Questions with
Verified Detailed Answers | Pass Guaranteed - A+
Graded
SECTION 1: LEGAL FRAMEWORK & U.S. LEGAL SYSTEM (25 Questions)
Q1: A system administrator at a mid-sized technology company discovers that an
employee has been accessing confidential salary databases without authorization. The
company wants to pursue legal action. Which federal statute most directly applies to
this unauthorized access?
A. Electronic Communications Privacy Act (ECPA)
B. Computer Fraud and Abuse Act (CFAA) [CORRECT]
C. Stored Communications Act (SCA)
D. Digital Millennium Copyright Act (DMCA)
Rationale: For the C702 OA final, remember that the CFAA (18 U.S.C. § 1030) is the
primary federal statute criminalizing unauthorized access to protected computers.
ECPA deals with interception of communications, SCA governs access to stored
electronic communications held by service providers, and DMCA addresses copyright
protection. The key distinction is that this involves exceeding authorized access to a
computer system.
,Correct Answer: B
Q2: A government agency employee is suspected of selling classified information to a
foreign power. Investigators want to monitor the employee's real-time keystrokes and
screen captures. Which legal standard must be met to obtain authorization for this type
of surveillance?
A. Reasonable suspicion that criminal activity is occurring
B. Probable cause and a warrant based on particularity [CORRECT]
C. Preponderance of the evidence that a crime has occurred
D. Beyond a reasonable doubt that the target is a foreign agent
Rationale: Real-time monitoring of keystrokes and screen captures constitutes
interception of electronic communications under the Wiretap Act (Title I of ECPA). For
this type of surveillance, investigators need probable cause and a warrant that
particularly describes the place to be searched and the things to be seized. Reasonable
suspicion supports pen registers (metadata only), preponderance is the civil standard,
and beyond a reasonable doubt is the criminal trial standard.
Correct Answer: B
Q3: A police officer conducting a lawful traffic stop notices a laptop bag on the
passenger seat in plain view. The officer sees what appears to be a sticker related to a
known hacking group. The officer opens the bag and finds stolen credit card numbers.
,Which 4th Amendment warrant exception most likely applies to the officer's initial
observation?
A. Consent
B. Plain view [CORRECT]
C. Exigent circumstances
D. Search incident to arrest
Rationale: The plain view doctrine allows officers to seize evidence without a warrant
when they are lawfully present in a location and immediately recognize items as
contraband or evidence of a crime. The officer was lawfully at the window during the
traffic stop, the laptop bag was in plain view, and the hacking sticker provided
immediate probable cause to believe it contained evidence of crime. Consent wasn't
given, exigency wasn't present yet, and the search incident to arrest applies after an
arrest has occurred.
Correct Answer: B
Q4: A cybersecurity analyst at a financial institution suspects that a former employee
installed a keylogger before leaving the company. The analyst wants to examine the
former employee's work computer for evidence of the keylogger. Under which legal
framework can the employer access this computer without the former employee's
consent?
A. Electronic Communications Privacy Act (ECPA) because it is an employer-provided
system
, B. Computer Fraud and Abuse Act (CFAA) because the employee exceeded authorized
access
C. Stored Communications Act (SCA) because the computer is a facility providing
electronic communication service
B. Stored Communications Act (SCA) because the computer is a facility providing
electronic communication service [CORRECT]
Rationale: For the C702 OA final, remember that employer-provided systems generally
fall under the Stored Communications Act (18 U.S.C. §§ 2701-2712), not the ECPA. The
SCA allows employers to access stored communications on their own systems without
user consent, provided they are the operator of the facility and and the system is used in
the ordinary course of business. The CFAA applies to the former employee's conduct,
not the employer's access rights. ECPA requires consent or a warrant for interception.
Correct Answer: D
Q5: A digital forensics examiner is called to a crime scene where a suspect was
arrested for cyberstalking. The suspect's smartphone is locked with a passcode. Which
legal authority is most appropriate for compelling the suspect to provide the passcode?
A. A subpoena requiring the suspect to produce the passcode
B. A warrant based on probable cause for the phone and search of its contents
C. A court order under the All Writs Act compelling decryption assistance [CORRECT]
D. A National Security Letter to the device manufacturer
