WGU C840 DIGITAL FORENSICS
IN CYBERSECURITY QUESTIONS
AND ANSWERS WITH
RATIONALES/GRADED A+/2026
UPDATE/100% CORRECT
/INSTANT DOWNLOAD
Comprehensive OA Test Bank (2026-2027 Update)
Domain 1: Forensic Fundamentals and Legal Requirements
Question 1: The chief information officer of an accounting firm believes sensitive
data is being exposed on the local network. Which tool should the IT staff use to
gather digital evidence about this security vulnerability?
• A) Disk analyzer
• B) Tracer
• C) Sniffer
• D) Virus scanner
Rationale: A sniffer (or packet analyzer) captures network traffic, allowing the IT staff
to view data packets moving across the network to identify if sensitive data is being
transmitted without authorization .
Question 2: A police detective investigating a threat traces the source to a house.
The couple shows the detective the only computer, which is in their son's bedroom.
How should the detective legally gain access to the computer?
• A) Obtain a search warrant from the police
• B) Seize the computer under the USA Patriot Act
• C) Obtain consent to search from the parents
• D) Seize the computer under the Computer Fraud and Abuse Act
,Rationale: The parents have common authority over the household and the
computer located in their home. Their voluntary consent provides a legal exception
to the warrant requirement, allowing the detective to search immediately .
Question 3: Which law requires a search warrant or one of the recognized
exceptions to the search warrant requirements for searching email messages stored
on a computer?
• A) The Fourth Amendment to the U.S. Constitution
• B) The CAN-SPAM Act
• C) U.S.C 2252B
• D) The Communication Assistance to Law Enforcement Act
Rationale: The Fourth Amendment protects against unreasonable searches and
seizures. Courts have generally required a warrant to search the contents of a
computer or email account, as users have a reasonable expectation of privacy in that
data .
Question 4: Which United States law requires telecommunications equipment
manufacturers to provide built-in surveillance capabilities for federal agencies?
• A) Communication Assistance to Law Enforcement Act (CALEA)
• B) Foreign Intelligence Surveillance Act (FISA)
• C) Electronic Communication Privacy Act (ECPA)
• D) USA Patriot Act
Rationale: CALEA mandates that telecom carriers and equipment manufacturers
must design their systems to allow law enforcement to conduct lawful wiretapping,
including for VoIP calls .
Question 5: How do forensic specialists show that digital evidence was handled in a
protected, secure manner during the process of collecting and analyzing the
evidence?
• A) Forensic lab logbooks
• B) Forensic software logs
• C) Chain of custody
• D) Chain of email messages
Rationale: The chain of custody is a documented paper trail that records the
sequence of custody, control, transfer, analysis, and disposition of evidence. It is
essential to prove the evidence has not been tampered with .
, Question 6: A forensic specialist is preparing to testify about the methods used to
extract data from a suspect's hard drive. Which standard requires the specialist to
demonstrate that the methodology is scientifically valid and widely accepted?
• A) Frye Standard
• B) Daubert Standard
• C) SILVA Standard
• D) CALEA Standard
Rationale: The Daubert Standard requires the trial judge to act as a gatekeeper,
ensuring that expert testimony is based on relevant, scientifically valid reasoning or
methodology that has been generally accepted by the relevant scientific community .
Question 7: An investigator finds a suspect's smartphone turned on at a crime scene.
To preserve evidence without violating the suspect's rights, what is the FIRST step the
investigator should take?
• A) Immediately turn off the phone to preserve battery.
• B) Pull the battery out to isolate the phone from the network.
• C) Place the phone in a Faraday bag.
• D) Swipe through the phone to see if there is evidence of a crime.
Rationale: A Faraday bag shields the phone from electromagnetic signals. This
prevents the phone from receiving remote wipe commands or connecting to a cell
tower, which could alter data, while preserving the current state of the device .
Question 8: According to NIST SP 800-72, which state describes a mobile device that
is powered on, communicating, and able to be manipulated by the user?
• A) Quiet
• B) Off
• C) Active
• D) Seized
Rationale: NIST SP 800-72 (Guidelines on Mobile Device Forensics) outlines four
states. The "Active" state is defined as the device being powered on, performing
tasks, and the user interface being available for interaction .
Question 9: What is the primary objective of computer forensics?
• A) To secure the network perimeter from external threats.
• B) To recover, analyze, and present computer-based material as evidence
in a court of law.
• C) To install antivirus software on compromised machines.
• D) To write secure code for new applications.
IN CYBERSECURITY QUESTIONS
AND ANSWERS WITH
RATIONALES/GRADED A+/2026
UPDATE/100% CORRECT
/INSTANT DOWNLOAD
Comprehensive OA Test Bank (2026-2027 Update)
Domain 1: Forensic Fundamentals and Legal Requirements
Question 1: The chief information officer of an accounting firm believes sensitive
data is being exposed on the local network. Which tool should the IT staff use to
gather digital evidence about this security vulnerability?
• A) Disk analyzer
• B) Tracer
• C) Sniffer
• D) Virus scanner
Rationale: A sniffer (or packet analyzer) captures network traffic, allowing the IT staff
to view data packets moving across the network to identify if sensitive data is being
transmitted without authorization .
Question 2: A police detective investigating a threat traces the source to a house.
The couple shows the detective the only computer, which is in their son's bedroom.
How should the detective legally gain access to the computer?
• A) Obtain a search warrant from the police
• B) Seize the computer under the USA Patriot Act
• C) Obtain consent to search from the parents
• D) Seize the computer under the Computer Fraud and Abuse Act
,Rationale: The parents have common authority over the household and the
computer located in their home. Their voluntary consent provides a legal exception
to the warrant requirement, allowing the detective to search immediately .
Question 3: Which law requires a search warrant or one of the recognized
exceptions to the search warrant requirements for searching email messages stored
on a computer?
• A) The Fourth Amendment to the U.S. Constitution
• B) The CAN-SPAM Act
• C) U.S.C 2252B
• D) The Communication Assistance to Law Enforcement Act
Rationale: The Fourth Amendment protects against unreasonable searches and
seizures. Courts have generally required a warrant to search the contents of a
computer or email account, as users have a reasonable expectation of privacy in that
data .
Question 4: Which United States law requires telecommunications equipment
manufacturers to provide built-in surveillance capabilities for federal agencies?
• A) Communication Assistance to Law Enforcement Act (CALEA)
• B) Foreign Intelligence Surveillance Act (FISA)
• C) Electronic Communication Privacy Act (ECPA)
• D) USA Patriot Act
Rationale: CALEA mandates that telecom carriers and equipment manufacturers
must design their systems to allow law enforcement to conduct lawful wiretapping,
including for VoIP calls .
Question 5: How do forensic specialists show that digital evidence was handled in a
protected, secure manner during the process of collecting and analyzing the
evidence?
• A) Forensic lab logbooks
• B) Forensic software logs
• C) Chain of custody
• D) Chain of email messages
Rationale: The chain of custody is a documented paper trail that records the
sequence of custody, control, transfer, analysis, and disposition of evidence. It is
essential to prove the evidence has not been tampered with .
, Question 6: A forensic specialist is preparing to testify about the methods used to
extract data from a suspect's hard drive. Which standard requires the specialist to
demonstrate that the methodology is scientifically valid and widely accepted?
• A) Frye Standard
• B) Daubert Standard
• C) SILVA Standard
• D) CALEA Standard
Rationale: The Daubert Standard requires the trial judge to act as a gatekeeper,
ensuring that expert testimony is based on relevant, scientifically valid reasoning or
methodology that has been generally accepted by the relevant scientific community .
Question 7: An investigator finds a suspect's smartphone turned on at a crime scene.
To preserve evidence without violating the suspect's rights, what is the FIRST step the
investigator should take?
• A) Immediately turn off the phone to preserve battery.
• B) Pull the battery out to isolate the phone from the network.
• C) Place the phone in a Faraday bag.
• D) Swipe through the phone to see if there is evidence of a crime.
Rationale: A Faraday bag shields the phone from electromagnetic signals. This
prevents the phone from receiving remote wipe commands or connecting to a cell
tower, which could alter data, while preserving the current state of the device .
Question 8: According to NIST SP 800-72, which state describes a mobile device that
is powered on, communicating, and able to be manipulated by the user?
• A) Quiet
• B) Off
• C) Active
• D) Seized
Rationale: NIST SP 800-72 (Guidelines on Mobile Device Forensics) outlines four
states. The "Active" state is defined as the device being powered on, performing
tasks, and the user interface being available for interaction .
Question 9: What is the primary objective of computer forensics?
• A) To secure the network perimeter from external threats.
• B) To recover, analyze, and present computer-based material as evidence
in a court of law.
• C) To install antivirus software on compromised machines.
• D) To write secure code for new applications.
