WGU D431 DIGITAL FORENSICS IN
CYBERSECURITY EXAM 2026 CYBER
INVESTIGATION STUDY GUIDE COMPLETE
QUESTIONS AND ANSWERS
◉ Don't Touch the Suspect Drive. Answer: One very important
principle is to touch the system as little as possible.
◉ Document Trail. Answer: The rule is that you document
everything.
◉ Secure the Evidence. Answer: It is absolutely critical to the
integrity of your investigation as well as to maintaining the chain of
custody that you secure the evidence
◉ volatile memory. Answer: stores the programs and data you
currently have open, but only for as long as the computer has power
supplied to it.
◉ Extended data out dynamic random access memory (EDO DRAM).
Answer: Single cycle EDO has the ability to carry out a complete
memory transaction in one clock cycle
,◉ Burst EDO (BEDO) DRAM. Answer: An evolution of the EDO, burst
EDO DRAM can process four memory addresses in one burst.
◉ Asynchronous dynamic random access memory (ADRAM).
Answer: is not synchronized to the CPU clock
◉ Synchronous dynamic random access memory (SDRAM). Answer:
is a replacement for EDO.
◉ Double data rate (DDR) SDRAM. Answer: a later development of
SDRAM
DDR2, DDR3, and DDR4, DDR 5 are now available.
◉ Programmable read-only memory (PROM). Answer: PROM can be
programmed only once. Data is not lost when power is removed.
◉ Erasable programmable read-only memory (EPROM). Answer:
Data is not lost when power is removed, is a technique for storing
instructions on chips
◉ Electronically erasable programmable read-only memory
(EEPROM). Answer: This form is how the instructions in your
computer's basic input/output system (BIOS) are stored
,◉ Small Computer System Interface (SCSI). Answer: has been
around for many years, and it is particularly popular in high-end
servers.
◉ Integrated Drive Electronics (IDE). Answer: an older standard, but
it is one that was commonly used on PCs for many years. 40-pin
connector on the drive.
◉ Enhanced Integrated Drive Electronics (EIDE). Answer: This is an
extension/enhancement of IDE.
◉ Parallel Advanced Technology Attachment (PATA). Answer: is an
enhancement of IDE. It uses either a 40-pin (like IDE) or 80-pin
connector.
◉ Serial Advanced Technology Attachment (SATA). Answer: is what
you are most likely to find today. These devices are commonly found
in workstations and many servers
◉ Serial SCSI. Answer: This is an enhancement of SCSI. It supports
up to 65,537 devices and does not require termination.
◉ Solid-state drives. Answer: These drives have an entirely different
construction and method of storing data.use microchips that retain
data in non-volatile memory chips and contain no moving parts
, ◉ Drive geometry. Answer: refers to the functional dimensions of a
drive in terms of the number of heads, cylinders, and sectors per
track.
◉ Slack Space. Answer: is the space between the end of a file and the
end of the cluster, assuming the file does not occupy the entire
cluster.
◉ low level format. Answer: creates a structure of sectors, tracks,
and clusters.
◉ high level format. Answer: is the process of setting up an empty
file system on the disk and installing a boot sector. This is sometimes
referred to as a quick format
◉ File headers. Answer: start at the first byte of a file
◉ Executable and Linkable Format. Answer: is a common standard
file format for executables, object code, and shared libraries for
UNIX-based systems.
◉ Portable Executable. Answer: used in Windows for executables
and dynamic-link libraries (DLLs)
CYBERSECURITY EXAM 2026 CYBER
INVESTIGATION STUDY GUIDE COMPLETE
QUESTIONS AND ANSWERS
◉ Don't Touch the Suspect Drive. Answer: One very important
principle is to touch the system as little as possible.
◉ Document Trail. Answer: The rule is that you document
everything.
◉ Secure the Evidence. Answer: It is absolutely critical to the
integrity of your investigation as well as to maintaining the chain of
custody that you secure the evidence
◉ volatile memory. Answer: stores the programs and data you
currently have open, but only for as long as the computer has power
supplied to it.
◉ Extended data out dynamic random access memory (EDO DRAM).
Answer: Single cycle EDO has the ability to carry out a complete
memory transaction in one clock cycle
,◉ Burst EDO (BEDO) DRAM. Answer: An evolution of the EDO, burst
EDO DRAM can process four memory addresses in one burst.
◉ Asynchronous dynamic random access memory (ADRAM).
Answer: is not synchronized to the CPU clock
◉ Synchronous dynamic random access memory (SDRAM). Answer:
is a replacement for EDO.
◉ Double data rate (DDR) SDRAM. Answer: a later development of
SDRAM
DDR2, DDR3, and DDR4, DDR 5 are now available.
◉ Programmable read-only memory (PROM). Answer: PROM can be
programmed only once. Data is not lost when power is removed.
◉ Erasable programmable read-only memory (EPROM). Answer:
Data is not lost when power is removed, is a technique for storing
instructions on chips
◉ Electronically erasable programmable read-only memory
(EEPROM). Answer: This form is how the instructions in your
computer's basic input/output system (BIOS) are stored
,◉ Small Computer System Interface (SCSI). Answer: has been
around for many years, and it is particularly popular in high-end
servers.
◉ Integrated Drive Electronics (IDE). Answer: an older standard, but
it is one that was commonly used on PCs for many years. 40-pin
connector on the drive.
◉ Enhanced Integrated Drive Electronics (EIDE). Answer: This is an
extension/enhancement of IDE.
◉ Parallel Advanced Technology Attachment (PATA). Answer: is an
enhancement of IDE. It uses either a 40-pin (like IDE) or 80-pin
connector.
◉ Serial Advanced Technology Attachment (SATA). Answer: is what
you are most likely to find today. These devices are commonly found
in workstations and many servers
◉ Serial SCSI. Answer: This is an enhancement of SCSI. It supports
up to 65,537 devices and does not require termination.
◉ Solid-state drives. Answer: These drives have an entirely different
construction and method of storing data.use microchips that retain
data in non-volatile memory chips and contain no moving parts
, ◉ Drive geometry. Answer: refers to the functional dimensions of a
drive in terms of the number of heads, cylinders, and sectors per
track.
◉ Slack Space. Answer: is the space between the end of a file and the
end of the cluster, assuming the file does not occupy the entire
cluster.
◉ low level format. Answer: creates a structure of sectors, tracks,
and clusters.
◉ high level format. Answer: is the process of setting up an empty
file system on the disk and installing a boot sector. This is sometimes
referred to as a quick format
◉ File headers. Answer: start at the first byte of a file
◉ Executable and Linkable Format. Answer: is a common standard
file format for executables, object code, and shared libraries for
UNIX-based systems.
◉ Portable Executable. Answer: used in Windows for executables
and dynamic-link libraries (DLLs)
