WGU C702 CHFI and OA Question and Answers,100% CORRECT

WGU C702 CHFI and OA Question and Answers Terms in this set (214) Which of the following is true Computer forensics deals with the process of regarding computer forensics? finding evidence related to a digital crime to find the culprits and initiate legal action against them. Which of the following is NOT a Document vulnerabilities allowing further loss of objective of computer intellectual property, finances, and reputation forensics? during an attack. WGU C702 CHFI and OA An organization's ability to make optimal use of Forensic readiness refers to: digital evidence in a limited time period and with minimal investigation costs. Which of the following is NOT a Evidence smaller in size. element of cybercrime? Which of the following is true Investigators, with a warrant, have the authority to of cybercrimes? forcibly seize the computing devices. Which of the following is true The initial reporting of the evidence is usually of cybercrimes? informal. Which of the following is NOT a Value or cost to the victim. consideration during a cybercrime investigation? Which of the following is a Address book. user-created source of potential evidence? Which of the following is a Swap file. computer-created source of potential evidence? Which of the following is NOT Processor. where potential evidence may be located? Under which of the following When original evidence is in possession of the conditions will duplicate originator. WGU C702 CHFI and OA Upgrade to remove ads Only $3.99/month Which of the following Federal Rules of Evidence governs proceedings in the courts of the United States? Rule 101. Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the proceedings justly determined? Rule 102. Which of the following Federal Rules of Evidence contains rulings on evidence? Rule 103 WGU C702 CHFI and OA Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its proper scope and instruct the jury accordingly? Rule 105 Which of the following refers to a set of methodological procedures and techniques to identify, gather, preserve, extract, interpret, document, and present evidence from computing equipment in such a manner that the discovered evidence is acceptable during a legal and/or administrative proceeding in a court of law? Computer Forensics. Computer Forensics deals with the process of finding _____ related to a digital crime to find the culprits and initiate legal action against them. Evidence. Minimizing the tangible and intangible losses to the organization or an individual is considered an essential computer forensics use. True. Cybercrimes can be classified into the following two types of WGU C702 CHFI and OA Internal and External. Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are examples of what? Insider attack or primary attacks. External attacks occur when True. there are inadequate information-security policies and procedures. Upgrade to remove ads Only $3.99/month Which type of cases involve disputes between two parties? Civil. A computer forensic examiner can investigate any crime as long as he or she takes detailed notes and follows the appropriate processes. False. ________ is the standard investigative model used by the FBI when conducting investigations against major criminal organizations. Enterprise Theory of Investigation (ETI). WGU C702 CHFI and OA Forensic readiness includes technical and nontechnical actions that maximize an organization's competence to use digital evidence. True. Which of the following is the Incident Response. process of developing a strategy to address the occurrence of any security breach in the system or network? Digital devices store data about session such as user and type of connection. True. Codes of ethics are the principles stated to describe the expected behavior of an investigator while handling a case. Which of the following is NOT a principle that a computer forensic investigator must follow? Provide personal or prejudiced opinions. What must an investigator do in order to offer a good report to a court of law and ease the prosecution? Preserve the evidence. What is the role of an expert witness? To educate the public and court. WGU C702 CHFI and OA Which of the following is NOT a First Responder. legitimate authorizer of a search warrant? Upgrade to remove ads Only $3.99/month Under which of the following Delay in obtaining a warrant may lead to the circumstances has a court of destruction of evidence and hamper the law allowed investigators to investigation process. perform searches without a warrant? Which of the following should be considered before planning and evaluating the budget for the forensic investigation case? Breakdown of costs into daily and annual expenditure. Which of the following should be physical location and structural design considerations for forensics labs? Lab exteriors should have no windows. Which of the following should be work area considerations for forensics labs? Examiner station has an area of about 50-63 square feet. WGU C702 CHFI and OA Which of the following is NOT part of the Computer Forensics Investigation Methodology? Testify as an expert defendant. Which of the following is NOT part of the Computer Forensics Investigation Methodology? Destroy the evidence. Investigators can immediately take action after receiving a report of a security incident. False. In forensics laws, "authenticating or identifying evidences" comes under which rule? Rule 901. Courts call knowledgable persons to testify to the accuracy of the investigative process. These people who tesify are known as the: Expert witnesses. A chain of custody is a critical document in the computer forensics investigation process because the document provides legal validation of appropriate evidence handling. True. WGU C702 CHFI and OA Identify the following which Computer Forensic Tool Testing Project (CFTTP) was launched by the National Institute of Standards and Technology (NIST), that establishes a "methodology for testing computer forensics software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware." Which of the following is NOT a Quantum storage devices. digital data storage type? Which of the following is NOT a EFX3 common computer file system? Which field type refers to the Number 1 volume descriptor as a primary? Which logical drive holds the Extended partition. information regarding the data and files that are stored in the disk? How large is the partition table 64-byte. structure that stores information about the partitions present on the hard disk? WGU C702 CHFI and OA How many bits are used by the 32 bits MBR partition scheme for storing LBAs (Logical Block Addresses) and the size information on a 512-byte sector? in the GUID Partition Table, LBA 2 which Logical Block Address contains the Partition Entry Array? Which of the following Warm booting. describes when the user restarts the system via the operating system? Which Windows operating Windows 8. system power on and starts up using either the traditional BIOS-MBR method or the newer UEFI-GPT method? Upgrade to remove ads Only $3.99/month WGU C702 CHFI and OA Which item describes the PEI (Pre-EFI Initialization) Phase. following UEFI boot process phase? The phase of EFI consisting of initializing the CPU, temporary memory, and boot firmware volume (BFV); locating and executing the chapters to initialize all the found hardware in the system; and creating a Hand-Off Block List with all found resources interface descriptors. Which of the following basic DiskPart. partitioning tools displays details about the GPT partition tables in Windows OS? What stage of the Linux boot Bootloader Stage process includes the task of loading the Linux kernel and optional initial RAM disk? What component of a typical Boot Sector. FAT32 file system consists of data that the document framework uses to get to the volume and utilizes the framework parcel to stack the working portion documents? WGU C702 CHFI and OA Which component of the NTFS N architecture is a computer system file driver for NTFS? What is the name of the Virtual File System (VFS) abstract layer that resides on top of a complete file system, allows client application to access various file systems, and consists of a dispatching layer and numerous caches? Which information held by the Revision Level. superblock contains major and minor items that allow the mounting code to determine whether or not supported features are available to the file system? Which file system used in Linux Ext3 was developed by Stephen Tweedie in 2001 as a journaling file system that improves reliability of the system? How many bit values does HFS 16 use to address allocation blocks? What UFS file system part is Boot blocks. composed of a few blocks in the partition reserved at the WGU C702 CHFI and OA What is a machine readable ASCII language used in major digital operations, such as sending and receiving emails? What is JPEG an acronym of? Joint Photographic Experts Group What is the proprietary PPT Microsoft Office presentation file extension used in PowerPoint? Which of the following is an CD/DVD example of optical media? In sector, addressing _______ Cylinders, Heads, and Sectors (CHS) determines the address of the individual sector on the disk. ______ is a 128 bit unique Global Unique Identifier (GUID) reference number used as an identifier in computer software? Mac OS uses a hierarchical file True. system. The main advantage of RAID is The system will continue to function without loss of that if a single physical disk data. fails: WGU C702 CHFI and OA The command "fsstat" displays False. the details associated with an image file. What is the simplest RAID level RAID 0 that does not involve redundancy, and fragments the file into the user-defined stripe size of the array? An investigator may commit Use of correct cables and cabling techniques. some common mistakes while collecting data from the system that result in the loss of critical evidence. Which of the following is NOT a mistake that investigators commonly make? In Linux Standard Tools, dd and dcfldd forensic investigators use the following build-in Linux Commands to copy data from a disk drive: Because they are always True. changing, the information in the registers or the processor cache are the most volatile data. WGU C702 CHFI and OA Forensic data duplication True. involves the creation of a file that has every bit of information from the source in a raw bit-stream format. What document is used as a Chain of custody document. written record consisting of all processes involved in seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence? What is the process of Media sanitization. permanently deleting or destroying data from storage media? The process of acquiring Live data acquisition. volatile data from working computers )locked or in sleep condition) that are already powered on is: Which of the following refers Volatile information. to the data stored in the registries, cache, and RAM of digital devices? Where are deleted items Drive;$Recycle.Bin stored on Windows Vista and later versions of Windows? WGU C702 CHFI and OA Where are deleted items Drive:RECYCLED stored on Windows 98 and earlier versions of Windows? Where are deleted items Drive:RECYCLER stored on the Windows 2000, XP, and NT versions of Windows? What is the maximum size limit 3.99GB for the Recycle Bin in Windows prior to Windows Vista? Which of the following is NOT a recovering files from a network drive. feature of the Recover My Files tool? What tool is used for format EaseUS recovery, unformatting and recovering deleted files emptied from the Recycle Bin, or data lost due to partition loss or damage, software crash, virus infection, or unexpected shutdown and supports hardware RAID Which tool undeletes and Disk Digger recovers lost files from hard drives, memory cards, and USB flash drives? WGU C702 CHFI and OA Which tool recovers files that Quick Recovery have been lost, deleted, corrupted, and even deteriorated? Which tool recovers lost data Total Recall from hard drives, RAID, photographs, deleted files, iPods, and removable disks connected via FireWire or USB? Which tool scans the entire Advanced Disk Recovery system for deleted files and folders and recovers them? Which tool for MAC recovers Data Rescue 4 files from a crashed or virus- corrupted hard drive? Which of the following are Fingerprints frequently left by criminals, assisting investigators in understanding the process of crime and the motive behind it, and allowing them to attempt to identify the person(s) who committed it? WGU C702 CHFI and OA WGU C702 CHFI and OA Which of the following Netstat commands is NOT a command used to determine running processes in Windows? Which is a completely open Volatility Framework collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples? The information about the SAM database file system users is stored in which file? The value 0 associated with the Prefetching is disabled. registry entry Enable Prefetcher tells the system to use which prefetch? What prefetch does value 1 Application prefetching is enabled. from the registry entry EnablePrefetcher tell the system to use? What prefetch does value 2 Boot prefetching is enabled. from the registry entry EnablePrefetcher tell the system to use? WGU C702 CHFI and OA What prefetch does the value 3 Both application and boot prefetching are enabled. from the registry entry EnablePrefetcher tell the system to use? What tool enables you to Wevtutil. retrieve information about event logs and publishers in Windows 10? Intruders attempting to gain True. remote access to a system try to find the other systems connected to the network and visible to the compromised system. ________ command is used to ipconfig /all display the network configuration of the NICs on the system. Investigators can use Linux dmesg commands to gather necessary information from the system. Identify the following shell command that is used to display the kernel ring buffer or information about device drivers loaded into the kernel. WGU C702 CHFI and OA What are the unique Microsoft security ID. identification numbers assigned to Windows user account for granting user access to particular resources? In the Windows Event Log File S internals, the following file is used to store the Databases related to the system: Thumbnails of images remain True on computers even after files are deleted. What is NOT one of the three Log rotation tiers a log management infrastructure typically comprises? Which is NOT a log Log generation. management system function? What is NOT one of the three Log viewing major concerns regarding log management? Which is a type of network- Eavesdropping based attack? Which attack does NOT Denial of service directly lead to unauthorized WGU C702 CHFI and OA How can an attacker exploit a Through wired or wireless connections. network? What is the primary reason for To gain an insight into events that occurred in the forensic investigators to affected devices/network. examine logs? Which is true about the It is the backbone for data flow between two transport layer in the TCP/IP devices in a network. model? What is an ongoing process Real time analysis that returns results simultaneously so that the system or operators can respond to attacks immediately? Which of the following is an bottleneck internal network vulnerability? Which attack is specific to Jamming signal attack. wireless networks? Where can congressional FISMA security standards and guidelines be found, along with an emphasis for federal agencies to develop, document, and implement organization-wide programs for information security? WGU C702 CHFI and OA What requires companies that GLBA offer financial products or services to protect customer information against security threats? Which of the following HIPAA includes security standards for health information? What is the act passed by the SOX U.S. Congress to protect investors from the possibility of fraudulent accounting activities by corporations? What is a proprietary PCI DSS information security standard for organizations that handle cardholder information for major debit, credit, prepaid, e- purse, ATM, and POS cards? In what type of forensic Postmortem examination do investigators perform an examination of logs to detect something that has already occurred in a network/device and determine what it is? What are the most common AP MAC spoofing network attacks launched WGU C702 CHFI and OA WGU C702 CHFI and OA What layer of web application Business layer architecture is responsible for the core functioning of the system and includes logic and application, such as .NET, used by developers to build websites according to client requirements? What layer of web application Database layer architecture is composed of cloud services that hold all commercial transactions and a server that supplies an organization's production data in a structured form? Which web application threat Buffer overflow occurs when the application fails to guard memory properly and allows writing beyond maximum size? Which web application threat Cookie poisoning refers to the modification of a website's remnant data for bypassing security measures or gaining unauthorized information? WGU C702 CHFI and OA Which web application threat Insecure storage. occurs when an attacker is allowed to gain access as a legitimate user to a web application or dad such as account records, credit card numbers, passwords, or other authenticated information? Which web application threat Information leakage. refers to a drawback in a web application where it unintentionally reveals sensitive data to an unauthorized user? Which web application threat Improper error handling arises when a web application is unable to handle technical issues properly and the website returns information, such as database dumps, stack traces, and codes? Which web application threat Broken account management refers to vulnerable management functions, including user updates, recovery of passwords, or resetting passwords? WGU C702 CHFI and OA Which web application threat Directory traversal occurs when attackers exploit HTTP, gain access to unauthorized directories, and execute commands outside the web server's root directory? Which web application threat SQL injection occurs when attackers insert commands via input data and are able to tamper with the data? Which web application threat parameter tampering occurs when attackers intend to manipulate the communication exchanged between the client and server to make changes in application data? Which web application threat is Denial of service a method intended to terminate website or server operations by making resources unavailable to clients? Which web application threat Unvalidated input. occurs when attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, or query strings?