WGU C702 FINAL EXAM LATEST ACCURATE REAL EXAM
QUESTION AND ANSWERS | EXPERT VERIFIED FOR
GUARANTEED PASS | GRADED A
QUESTION 1
The Recycle Bin is located on the Windows desktop. When you delete an item
from the hard disk, Windows sends that deleted item to the Recycle Bin and the
icon changes to full or empty, but items deleted from removable media, such as a
floppy disk or network drive, are not stored in the Recycle Bin. What is the size
limit for Recycle Bin in Vista and later versions of the Windows?
A. No size limits
B. 10% of the drive
C. 5% of the drive
D. 1 GB
Correct Answer: A. No size limits
QUESTION 2
Which of the following is not an example of a cyber-crime?
A. Identity theft
B. Firing an employee for misconduct
C. Phishing
D. Ransomware attack
Correct Answer: B. Firing an employee for misconduct
QUESTION 3
Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext,
where, "X" represents the ______.
A. Drive name
B. Original file name
C. Deletion date
1|Page
,D. User ID
Correct Answer: A. Drive name
QUESTION 4
Which of the following statement is not correct when dealing with a powered-on
computer at the crime scene?
A. Photograph the screen
B. Document all running processes
C. Preserve volatile data first
D. If the computer is switched off, power on the computer to take screenshot of
the desktop
Correct Answer: D. If the computer is switched off, power on the computer to
take screenshot of the desktop
QUESTION 5
Tracks numbering on a hard disk begins at 0 from the outer edge and moves
towards the center, typically reaching a value of ______.
A. 1023
B. 255
C. 512
D. 2048
Correct Answer: A. 1023
QUESTION 6
Event correlation is a procedure that is assigned with a new meaning for a set of
events that occur in a predefined interval of time. Which type of correlation will
you use if your organization wants to use different OS and network hardware
platforms throughout the network?
A. Time-based correlation
B. Cross-platform correlation
2|Page
,C. Logical correlation
D. Statistical correlation
Correct Answer: B. Cross-platform correlation
QUESTION 7
What is the first step in any digital forensics investigation?
A. Data acquisition
B. Secure the scene and preserve evidence
C. Analyze the data
D. Report findings
Correct Answer: B. Secure the scene and preserve evidence
QUESTION 8
Which file system is commonly used by Windows 10 for its system partition?
A. FAT32
B. NTFS
C. exFAT
D. ext4
Correct Answer: B. NTFS
QUESTION 9
In the context of computer forensics, what does the acronym "MAC" stand for?
A. Media Access Control
B. Modify, Access, Create
C. Mandatory Access Control
D. Memory Allocation Control
Correct Answer: B. Modify, Access, Create (timestamps)
QUESTION 10
3|Page
, What is the purpose of a write-blocker in digital forensics?
A. To prevent accidental writes to the evidence drive
B. To encrypt the drive
C. To create a forensic image
D. To speed up data transfer
Correct Answer: A. To prevent accidental writes to the evidence drive
QUESTION 11
Which of the following is the correct order of volatility for digital evidence?
A. RAM, hard drive, CPU cache, network logs
B. CPU cache, RAM, network logs, hard drive
C. Hard drive, RAM, CPU cache, network logs
D. Network logs, RAM, CPU cache, hard drive
Correct Answer: B. CPU cache, RAM, network logs, hard drive (from most to least
volatile)
QUESTION 12
What is a hash value used for in digital forensics?
A. To encrypt evidence
B. To verify the integrity of evidence
C. To compress files
D. To hide data
Correct Answer: B. To verify the integrity of evidence
QUESTION 13
Which tool is commonly used to create a forensic image of a hard drive?
A. dd
B. ftk imager
C. encase
D. All of the above
4|Page
QUESTION AND ANSWERS | EXPERT VERIFIED FOR
GUARANTEED PASS | GRADED A
QUESTION 1
The Recycle Bin is located on the Windows desktop. When you delete an item
from the hard disk, Windows sends that deleted item to the Recycle Bin and the
icon changes to full or empty, but items deleted from removable media, such as a
floppy disk or network drive, are not stored in the Recycle Bin. What is the size
limit for Recycle Bin in Vista and later versions of the Windows?
A. No size limits
B. 10% of the drive
C. 5% of the drive
D. 1 GB
Correct Answer: A. No size limits
QUESTION 2
Which of the following is not an example of a cyber-crime?
A. Identity theft
B. Firing an employee for misconduct
C. Phishing
D. Ransomware attack
Correct Answer: B. Firing an employee for misconduct
QUESTION 3
Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext,
where, "X" represents the ______.
A. Drive name
B. Original file name
C. Deletion date
1|Page
,D. User ID
Correct Answer: A. Drive name
QUESTION 4
Which of the following statement is not correct when dealing with a powered-on
computer at the crime scene?
A. Photograph the screen
B. Document all running processes
C. Preserve volatile data first
D. If the computer is switched off, power on the computer to take screenshot of
the desktop
Correct Answer: D. If the computer is switched off, power on the computer to
take screenshot of the desktop
QUESTION 5
Tracks numbering on a hard disk begins at 0 from the outer edge and moves
towards the center, typically reaching a value of ______.
A. 1023
B. 255
C. 512
D. 2048
Correct Answer: A. 1023
QUESTION 6
Event correlation is a procedure that is assigned with a new meaning for a set of
events that occur in a predefined interval of time. Which type of correlation will
you use if your organization wants to use different OS and network hardware
platforms throughout the network?
A. Time-based correlation
B. Cross-platform correlation
2|Page
,C. Logical correlation
D. Statistical correlation
Correct Answer: B. Cross-platform correlation
QUESTION 7
What is the first step in any digital forensics investigation?
A. Data acquisition
B. Secure the scene and preserve evidence
C. Analyze the data
D. Report findings
Correct Answer: B. Secure the scene and preserve evidence
QUESTION 8
Which file system is commonly used by Windows 10 for its system partition?
A. FAT32
B. NTFS
C. exFAT
D. ext4
Correct Answer: B. NTFS
QUESTION 9
In the context of computer forensics, what does the acronym "MAC" stand for?
A. Media Access Control
B. Modify, Access, Create
C. Mandatory Access Control
D. Memory Allocation Control
Correct Answer: B. Modify, Access, Create (timestamps)
QUESTION 10
3|Page
, What is the purpose of a write-blocker in digital forensics?
A. To prevent accidental writes to the evidence drive
B. To encrypt the drive
C. To create a forensic image
D. To speed up data transfer
Correct Answer: A. To prevent accidental writes to the evidence drive
QUESTION 11
Which of the following is the correct order of volatility for digital evidence?
A. RAM, hard drive, CPU cache, network logs
B. CPU cache, RAM, network logs, hard drive
C. Hard drive, RAM, CPU cache, network logs
D. Network logs, RAM, CPU cache, hard drive
Correct Answer: B. CPU cache, RAM, network logs, hard drive (from most to least
volatile)
QUESTION 12
What is a hash value used for in digital forensics?
A. To encrypt evidence
B. To verify the integrity of evidence
C. To compress files
D. To hide data
Correct Answer: B. To verify the integrity of evidence
QUESTION 13
Which tool is commonly used to create a forensic image of a hard drive?
A. dd
B. ftk imager
C. encase
D. All of the above
4|Page
