WGU C702 CHFI and OA
Which of the following is true regarding computer forensics? Correct Answer: Computer forensics deals
with the process of finding evidence related to a digital crime to find the culprits and initiate legal action
against them.
Which of the following is NOT a objective of computer forensics? Correct Answer: Document
vulnerabilities allowing further loss of intellectual property, finances, and reputation during an attack.
Which of the following is true regarding Enterprise Theory of Investigation (ETI)? Correct Answer: It
adopts a holistic approach toward any criminal activity as a criminal operation rather as a single criminal
act.
Forensic readiness refers to: Correct Answer: An organization's ability to make optimal use of digital
evidence in a limited time period and with minimal investigation costs.
Which of the following is NOT a element of cybercrime? Correct Answer: Evidence smaller in size.
Which of the following is true of cybercrimes? Correct Answer: Investigators, with a warrant, have the
authority to forcibly seize the computing devices.
Which of the following is true of cybercrimes? Correct Answer: The initial reporting of the evidence is
usually informal.
Which of the following is NOT a consideration during a cybercrime investigation? Correct Answer: Value
or cost to the victim.
Which of the following is a user-created source of potential evidence? Correct Answer: Address book.
Which of the following is a computer-created source of potential evidence? Correct Answer: Swap file.
Which of the following is NOT where potential evidence may be located? Correct Answer: Processor.
Under which of the following conditions will duplicate evidence NOT suffice? Correct Answer: When
original evidence is in possession of the originator.
Which of the following Federal Rules of Evidence governs proceedings in the courts of the United
States? Correct Answer: Rule 101.
Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the
proceedings justly determined? Correct Answer: Rule 102.
Which of the following Federal Rules of Evidence contains rulings on evidence? Correct Answer: Rule
103
, Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its
proper scope and instruct the jury accordingly? Correct Answer: Rule 105
Which of the following refers to a set of methodological procedures and techniques to identify, gather,
preserve, extract, interpret, document, and present evidence from computing equipment in such a
manner that the discovered evidence is acceptable during a legal and/or administrative proceeding in a
court of law? Correct Answer: Computer Forensics.
Computer Forensics deals with the process of finding _____ related to a digital crime to find the culprits
and initiate legal action against them. Correct Answer: Evidence.
Minimizing the tangible and intangible losses to the organization or an individual is considered an
essential computer forensics use. Correct Answer: True.
Cybercrimes can be classified into the following two types of attacks, based on the line of attack. Correct
Answer: Internal and External.
Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are examples
of what? Correct Answer: Insider attack or primary attacks.
External attacks occur when there are inadequate information-security policies and procedures. Correct
Answer: True.
Which type of cases involve disputes between two parties? Correct Answer: Civil.
A computer forensic examiner can investigate any crime as long as he or she takes detailed notes and
follows the appropriate processes. Correct Answer: False.
________ is the standard investigative model used by the FBI when conducting investigations against
major criminal organizations. Correct Answer: Enterprise Theory of Investigation (ETI).
Forensic readiness includes technical and nontechnical actions that maximize an organization's
competence to use digital evidence. Correct Answer: True.
Which of the following is the process of developing a strategy to address the occurrence of any security
breach in the system or network? Correct Answer: Incident Response.
Digital devices store data about session such as user and type of connection. Correct Answer: True.
Codes of ethics are the principles stated to describe the expected behavior of an investigator while
handling a case. Which of the following is NOT a principle that a computer forensic investigator must
follow? Correct Answer: Provide personal or prejudiced opinions.
What must an investigator do in order to offer a good report to a court of law and ease the prosecution?
Correct Answer: Preserve the evidence.
What is the role of an expert witness? Correct Answer: To educate the public and court.
Which of the following is true regarding computer forensics? Correct Answer: Computer forensics deals
with the process of finding evidence related to a digital crime to find the culprits and initiate legal action
against them.
Which of the following is NOT a objective of computer forensics? Correct Answer: Document
vulnerabilities allowing further loss of intellectual property, finances, and reputation during an attack.
Which of the following is true regarding Enterprise Theory of Investigation (ETI)? Correct Answer: It
adopts a holistic approach toward any criminal activity as a criminal operation rather as a single criminal
act.
Forensic readiness refers to: Correct Answer: An organization's ability to make optimal use of digital
evidence in a limited time period and with minimal investigation costs.
Which of the following is NOT a element of cybercrime? Correct Answer: Evidence smaller in size.
Which of the following is true of cybercrimes? Correct Answer: Investigators, with a warrant, have the
authority to forcibly seize the computing devices.
Which of the following is true of cybercrimes? Correct Answer: The initial reporting of the evidence is
usually informal.
Which of the following is NOT a consideration during a cybercrime investigation? Correct Answer: Value
or cost to the victim.
Which of the following is a user-created source of potential evidence? Correct Answer: Address book.
Which of the following is a computer-created source of potential evidence? Correct Answer: Swap file.
Which of the following is NOT where potential evidence may be located? Correct Answer: Processor.
Under which of the following conditions will duplicate evidence NOT suffice? Correct Answer: When
original evidence is in possession of the originator.
Which of the following Federal Rules of Evidence governs proceedings in the courts of the United
States? Correct Answer: Rule 101.
Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the
proceedings justly determined? Correct Answer: Rule 102.
Which of the following Federal Rules of Evidence contains rulings on evidence? Correct Answer: Rule
103
, Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its
proper scope and instruct the jury accordingly? Correct Answer: Rule 105
Which of the following refers to a set of methodological procedures and techniques to identify, gather,
preserve, extract, interpret, document, and present evidence from computing equipment in such a
manner that the discovered evidence is acceptable during a legal and/or administrative proceeding in a
court of law? Correct Answer: Computer Forensics.
Computer Forensics deals with the process of finding _____ related to a digital crime to find the culprits
and initiate legal action against them. Correct Answer: Evidence.
Minimizing the tangible and intangible losses to the organization or an individual is considered an
essential computer forensics use. Correct Answer: True.
Cybercrimes can be classified into the following two types of attacks, based on the line of attack. Correct
Answer: Internal and External.
Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are examples
of what? Correct Answer: Insider attack or primary attacks.
External attacks occur when there are inadequate information-security policies and procedures. Correct
Answer: True.
Which type of cases involve disputes between two parties? Correct Answer: Civil.
A computer forensic examiner can investigate any crime as long as he or she takes detailed notes and
follows the appropriate processes. Correct Answer: False.
________ is the standard investigative model used by the FBI when conducting investigations against
major criminal organizations. Correct Answer: Enterprise Theory of Investigation (ETI).
Forensic readiness includes technical and nontechnical actions that maximize an organization's
competence to use digital evidence. Correct Answer: True.
Which of the following is the process of developing a strategy to address the occurrence of any security
breach in the system or network? Correct Answer: Incident Response.
Digital devices store data about session such as user and type of connection. Correct Answer: True.
Codes of ethics are the principles stated to describe the expected behavior of an investigator while
handling a case. Which of the following is NOT a principle that a computer forensic investigator must
follow? Correct Answer: Provide personal or prejudiced opinions.
What must an investigator do in order to offer a good report to a court of law and ease the prosecution?
Correct Answer: Preserve the evidence.
What is the role of an expert witness? Correct Answer: To educate the public and court.
