WGU C840 OA DIGITAL FORENSICS FINAL
PAPER TESTED QUESTIONS WITH GRADED
A+ ANSWERS
●● A __________ is used to send a test packet, or echo packet, to a
machine to determine if the machine is reachable and how long the
packet takes to reach the machine.
Answer: ping
●● Suspects often overwhelm forensic analysts with false positives and
false leads. This is referred to as__________.
Answer: data fabrication
●● Which of the following is the definition of the Daubert Standard?
Answer: The Daubert Standard dictates that only methods and tools
widely accepted in the scientific community can be used in court.
●● The __________ protects journalists from being required to turn over
to law enforcement any work product and documentary material,
including sources, before it is disseminated to the public.
Answer: Privacy Protection Act of 1980
,●● It has been claimed that __________ of all computers connected to
the Internet have spyware.
Answer: 80%
●● __________ is/are the cyber-equivalent of vandalism.
Answer: DoS attacks
●● Which of the following is the definition of logic bomb?
Answer: malware that executes damage when a specific condition is met
●● Rules of evidence can be defined as __________.
Answer: rules that govern whether, when, how, and why proof of a legal
case can be placed before a judge or jury
●● Use of __________ tools enables an investigator to reconstruct file
fragments if files have been deleted or overwritten.
Answer: bit-level
●● Identification, preservation, collection, examination, analysis, and
presentation are six classes in the matrix of __________.
Answer: the DFRWS framework
●● What is meant by file slack?
, Answer: the unused space between the logical end of file and the
physical end of file
●● Information that has been processed and assembled so that it is
relevant to an investigation and supports a specific finding or
determination is the definition of __________.
Answer: digital evidence
●● __________ is a Linux Live CD that you use to boot a system and
then use the tools. It is a free Linux distribution, making it extremely
attractive to schools teaching forensics or laboratories on a strict budget.
Answer: BackTrack
●● What name is given to data that an operating system creates and
overwrites without the computer user taking a direct action to save this
data?
Answer: temporary data
●● __________ is offline analysis conducted on an evidence disk or
forensic duplicate after booting from a CD or another system.
Answer: Physical analysis
●● What was designed as an area where computer vendors could store
data that is shielded from user activities and operating system utilities,
such as delete and format?
PAPER TESTED QUESTIONS WITH GRADED
A+ ANSWERS
●● A __________ is used to send a test packet, or echo packet, to a
machine to determine if the machine is reachable and how long the
packet takes to reach the machine.
Answer: ping
●● Suspects often overwhelm forensic analysts with false positives and
false leads. This is referred to as__________.
Answer: data fabrication
●● Which of the following is the definition of the Daubert Standard?
Answer: The Daubert Standard dictates that only methods and tools
widely accepted in the scientific community can be used in court.
●● The __________ protects journalists from being required to turn over
to law enforcement any work product and documentary material,
including sources, before it is disseminated to the public.
Answer: Privacy Protection Act of 1980
,●● It has been claimed that __________ of all computers connected to
the Internet have spyware.
Answer: 80%
●● __________ is/are the cyber-equivalent of vandalism.
Answer: DoS attacks
●● Which of the following is the definition of logic bomb?
Answer: malware that executes damage when a specific condition is met
●● Rules of evidence can be defined as __________.
Answer: rules that govern whether, when, how, and why proof of a legal
case can be placed before a judge or jury
●● Use of __________ tools enables an investigator to reconstruct file
fragments if files have been deleted or overwritten.
Answer: bit-level
●● Identification, preservation, collection, examination, analysis, and
presentation are six classes in the matrix of __________.
Answer: the DFRWS framework
●● What is meant by file slack?
, Answer: the unused space between the logical end of file and the
physical end of file
●● Information that has been processed and assembled so that it is
relevant to an investigation and supports a specific finding or
determination is the definition of __________.
Answer: digital evidence
●● __________ is a Linux Live CD that you use to boot a system and
then use the tools. It is a free Linux distribution, making it extremely
attractive to schools teaching forensics or laboratories on a strict budget.
Answer: BackTrack
●● What name is given to data that an operating system creates and
overwrites without the computer user taking a direct action to save this
data?
Answer: temporary data
●● __________ is offline analysis conducted on an evidence disk or
forensic duplicate after booting from a CD or another system.
Answer: Physical analysis
●● What was designed as an area where computer vendors could store
data that is shielded from user activities and operating system utilities,
such as delete and format?
