WGU MASTER'S COURSE C702 - FORENSICS AND NETWORK
INTRUSION 475 COMPLETE QUESTIONS AND 100% CORRECT
ANSWERS NEW UPDATE ASSURED PASS!!!!!!!!!!!!!!!
Which software-based tool is used to prevent writes to storage devices on a
computer?
A CRU WiebeTech
B ILook Investigator
C SAFE Block
D USB WriteBlocker - ANS... -C
Which tool should a forensic team use to research unauthorized changes in a
database?
A ApexSQL DBA
B Gargoyle Investigator Forensic Pro
C LSASecretsView
D RSA NetWitness Investigator - ANS... -A
Which graphical tool should investigators use to identify publicly available
information about a public IP address?
A AWStats
B GoAccess
C SmartWhois
D NsLookup - ANS... -C
Which tool is used to search and analyze PC messaging logs?
A Chat Stick
B File Viewer
C SnowBatch
D Zamzar - ANS... -A
,Which forensic tool allows an investigator to acquire database files for analysis
from a mobile device?
A Andriller
B Volatility
C WinDump
D Tripwire - ANS... -A
A first responder arrives at an active crime scene that has several mobile devices.
What should this first responder do while securing the crime scene?
A Leave the devices in the state they are in and put them in anti-static bags
B Turn on the devices and review recently accessed data
C Turn off the devices to preserve the volatile memory
D Leave the devices as found and fill out chain of custody paperwork - ANS... -D
What is a responsibility of the first responder at a crime scene?
A Package and transport the evidence
B Identify the presence of rootkits on the evidence
C Decrypt the evidence by cracking passwords
D Detect malware present on the evidence - ANS... -A
Which step preserves the forensic integrity of volatile evidence when a device is
discovered in the powered-on state?
A Documenting the procedures for shutting down the system
B Collecting information with a secure command shell
C Using the built-in backup utility to gather information
D Copying the file with the keyboard shortcut Ctrl+C - ANS... -B
Which action maintains the integrity of evidence when a forensic laptop is used to
acquire data from a compromised computer?
A Connecting the machines with a straight through cable
B Connecting the machines with a crossover cable
C Enabling a hardware write blocker
D Enabling administrative control - ANS... -C
,What should an investigator do while collecting evidence from a device?
A Turn off the computer to protect the data
B Install antivirus software to protect information
C Begin documenting the chain of custody
D Close any open documents and applications - ANS... -C
A software company suspects that employees have set up automatic corporate
email forwarding to their personal inboxes against company policy. The company
hires forensic investigators to identify the employees violating policy, with the
intention of issuing warnings to them.
Which type of cybercrime investigation approach is this company taking?
A Civil
B Criminal
C Administrative
D Punitive - ANS... -C
Which model or legislation applies a holistic approach toward any criminal activity
as a criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting - ANS... -A
What does a forensic investigator need to obtain before seizing a computing device
in a criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission - ANS... -A
Which activity should be used to check whether an application has ever been
installed on a computer?
A Penetration test
B Risk analysis
, C Log review
D Security review - ANS... -C
Which characteristic describes an organization's forensic readiness in the context
of cybercrimes?
A It includes moral considerations.
B It includes cost considerations.
C It excludes nontechnical actions.
D It excludes technical actions. - ANS... -B
A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick
containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in evidence?
A Those who obtain access to the device
B Anyone who has ever used the device
C Recipients of emails on the device
D Authors of emails on the device - ANS... -A
Which type of attack is a denial-of-service technique that sends a large amount of
data to overwhelm system resources?
A Phishing
B Spamming
C Mail bombing
D Bluejacking - ANS... -C
Which computer crime forensics step requires an investigator to duplicate and
image the collected digital information?
A Securing evidence
B Acquiring data
C Analyzing data
D Assessing evidence - ANS... -B
What is the last step of a criminal investigation that requires the involvement of a
computer forensic investigator?
INTRUSION 475 COMPLETE QUESTIONS AND 100% CORRECT
ANSWERS NEW UPDATE ASSURED PASS!!!!!!!!!!!!!!!
Which software-based tool is used to prevent writes to storage devices on a
computer?
A CRU WiebeTech
B ILook Investigator
C SAFE Block
D USB WriteBlocker - ANS... -C
Which tool should a forensic team use to research unauthorized changes in a
database?
A ApexSQL DBA
B Gargoyle Investigator Forensic Pro
C LSASecretsView
D RSA NetWitness Investigator - ANS... -A
Which graphical tool should investigators use to identify publicly available
information about a public IP address?
A AWStats
B GoAccess
C SmartWhois
D NsLookup - ANS... -C
Which tool is used to search and analyze PC messaging logs?
A Chat Stick
B File Viewer
C SnowBatch
D Zamzar - ANS... -A
,Which forensic tool allows an investigator to acquire database files for analysis
from a mobile device?
A Andriller
B Volatility
C WinDump
D Tripwire - ANS... -A
A first responder arrives at an active crime scene that has several mobile devices.
What should this first responder do while securing the crime scene?
A Leave the devices in the state they are in and put them in anti-static bags
B Turn on the devices and review recently accessed data
C Turn off the devices to preserve the volatile memory
D Leave the devices as found and fill out chain of custody paperwork - ANS... -D
What is a responsibility of the first responder at a crime scene?
A Package and transport the evidence
B Identify the presence of rootkits on the evidence
C Decrypt the evidence by cracking passwords
D Detect malware present on the evidence - ANS... -A
Which step preserves the forensic integrity of volatile evidence when a device is
discovered in the powered-on state?
A Documenting the procedures for shutting down the system
B Collecting information with a secure command shell
C Using the built-in backup utility to gather information
D Copying the file with the keyboard shortcut Ctrl+C - ANS... -B
Which action maintains the integrity of evidence when a forensic laptop is used to
acquire data from a compromised computer?
A Connecting the machines with a straight through cable
B Connecting the machines with a crossover cable
C Enabling a hardware write blocker
D Enabling administrative control - ANS... -C
,What should an investigator do while collecting evidence from a device?
A Turn off the computer to protect the data
B Install antivirus software to protect information
C Begin documenting the chain of custody
D Close any open documents and applications - ANS... -C
A software company suspects that employees have set up automatic corporate
email forwarding to their personal inboxes against company policy. The company
hires forensic investigators to identify the employees violating policy, with the
intention of issuing warnings to them.
Which type of cybercrime investigation approach is this company taking?
A Civil
B Criminal
C Administrative
D Punitive - ANS... -C
Which model or legislation applies a holistic approach toward any criminal activity
as a criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting - ANS... -A
What does a forensic investigator need to obtain before seizing a computing device
in a criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission - ANS... -A
Which activity should be used to check whether an application has ever been
installed on a computer?
A Penetration test
B Risk analysis
, C Log review
D Security review - ANS... -C
Which characteristic describes an organization's forensic readiness in the context
of cybercrimes?
A It includes moral considerations.
B It includes cost considerations.
C It excludes nontechnical actions.
D It excludes technical actions. - ANS... -B
A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick
containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in evidence?
A Those who obtain access to the device
B Anyone who has ever used the device
C Recipients of emails on the device
D Authors of emails on the device - ANS... -A
Which type of attack is a denial-of-service technique that sends a large amount of
data to overwhelm system resources?
A Phishing
B Spamming
C Mail bombing
D Bluejacking - ANS... -C
Which computer crime forensics step requires an investigator to duplicate and
image the collected digital information?
A Securing evidence
B Acquiring data
C Analyzing data
D Assessing evidence - ANS... -B
What is the last step of a criminal investigation that requires the involvement of a
computer forensic investigator?
