WGU C840 OA AND PRACTICE EXAM NEWEST 2026
TEST BANK| C840 DIGITAL FORENSICS IN
CYBERSECURITY EXAM WITH COMPLETE 500 REAL
EXAM QUESTIONS AND CORRECT VERIFIED ANSWERS/
GRADED A+| WGU C840 FINAL EXAM PREP 2026
(BRAND NEW!!)
1. The chief information officer of an accounting firm believes
sensitive data is being exposed on the local network. Which
tool should the IT staff use to gather digital evidence about
this security vulnerability?
A) Disk analyzer
B) Tracer
C) Sniffer
D) Virus scanner
Correct Answer: C
1
,Rationale: A network sniffer (packet analyzer) captures and
analyzes network traffic passing through the local network,
allowing investigators to identify data exposure, unauthorized
access, and suspicious communications . Disk analyzers examine
storage devices, tracers map network routes, and virus scanners
detect malware—none are optimal for live network evidence
gathering.
2. A forensic scientist arrives at a crime scene to begin
collecting evidence. What is the first thing the forensic scientist
should do?
A) Label all attachments and secure the computer
B) Photograph the scene
C) Unplug the computer's Ethernet cable
D) Copy files to external media
Correct Answer: B
2
,Rationale: Documenting the scene through photographs preserves
the original state of evidence before it is moved or altered,
supporting chain of custody and evidence integrity . According to
NIST SP 800-86, photographic documentation is the standard
initial action upon arrival at a forensic scene.
3. A computer involved in a crime is infected with malware.
The computer is on and connected to the company's network.
The forensic investigator arrives at the scene. Which action
should be the investigator's first step?
A) Unplug the computer's Ethernet cable
B) Turn off the computer
C) Copy files to external media
D) Run malware removal tools
Correct Answer: A
Rationale: Disconnecting the computer from the network prevents
further spread of malware and stops external communication
3
, that could lead to data exfiltration. According to NIST SP 800-
61, isolating affected systems from networks early in incident
response is critical . Maintaining system power preserves volatile
memory for later acquisition.
4. How should a forensic scientist obtain the network
configuration from a Windows PC before seizing it from a
crime scene?
A) By using the ipconfig command from a command prompt on
the computer
B) By using the tracert command from a command prompt on the
computer
C) By logging into the router to which the PC is connected
D) By installing a network packet sniffer on the computer
Correct Answer: A
Rationale: The ipconfig command displays current network
configuration including IP address, subnet mask, default
4
TEST BANK| C840 DIGITAL FORENSICS IN
CYBERSECURITY EXAM WITH COMPLETE 500 REAL
EXAM QUESTIONS AND CORRECT VERIFIED ANSWERS/
GRADED A+| WGU C840 FINAL EXAM PREP 2026
(BRAND NEW!!)
1. The chief information officer of an accounting firm believes
sensitive data is being exposed on the local network. Which
tool should the IT staff use to gather digital evidence about
this security vulnerability?
A) Disk analyzer
B) Tracer
C) Sniffer
D) Virus scanner
Correct Answer: C
1
,Rationale: A network sniffer (packet analyzer) captures and
analyzes network traffic passing through the local network,
allowing investigators to identify data exposure, unauthorized
access, and suspicious communications . Disk analyzers examine
storage devices, tracers map network routes, and virus scanners
detect malware—none are optimal for live network evidence
gathering.
2. A forensic scientist arrives at a crime scene to begin
collecting evidence. What is the first thing the forensic scientist
should do?
A) Label all attachments and secure the computer
B) Photograph the scene
C) Unplug the computer's Ethernet cable
D) Copy files to external media
Correct Answer: B
2
,Rationale: Documenting the scene through photographs preserves
the original state of evidence before it is moved or altered,
supporting chain of custody and evidence integrity . According to
NIST SP 800-86, photographic documentation is the standard
initial action upon arrival at a forensic scene.
3. A computer involved in a crime is infected with malware.
The computer is on and connected to the company's network.
The forensic investigator arrives at the scene. Which action
should be the investigator's first step?
A) Unplug the computer's Ethernet cable
B) Turn off the computer
C) Copy files to external media
D) Run malware removal tools
Correct Answer: A
Rationale: Disconnecting the computer from the network prevents
further spread of malware and stops external communication
3
, that could lead to data exfiltration. According to NIST SP 800-
61, isolating affected systems from networks early in incident
response is critical . Maintaining system power preserves volatile
memory for later acquisition.
4. How should a forensic scientist obtain the network
configuration from a Windows PC before seizing it from a
crime scene?
A) By using the ipconfig command from a command prompt on
the computer
B) By using the tracert command from a command prompt on the
computer
C) By logging into the router to which the PC is connected
D) By installing a network packet sniffer on the computer
Correct Answer: A
Rationale: The ipconfig command displays current network
configuration including IP address, subnet mask, default
4
