WGU C702 CHFI and OA Exam 2023- Questions and Answers

WGU C702 CHFI and OA Exam 2023 1. Which of the following is true regarding computer forensics?: Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them. 2. Which of the following is NOT a objective of computer forensics?: Doc- ument vulnerabilities allowing further loss of intellectual property, finances, and reputation during an attack. 3. Which of the following is true regarding Enterprise Theory of Investigation (ETI)?: It adopts a holistic approach toward any criminal activity as a criminal operation rather as a single criminal act. 4. Forensic readiness refers to:: An organization's ability to make optimal use of digital evidence in a limited time period and with minimal investigation costs. 5. Which of the following is NOT a element of cybercrime?: Evidence smaller in size. 6. Which of the following is true of cybercrimes?: Investigators, with a warrant, have the authority to forcibly seize the computing devices. 7. Which of the following is true of cybercrimes?: The initial reporting of the evidence is usually informal. 8. Which of the following is NOT a consideration during a cybercrime inves- tigation?: Value or cost to the victim. 9. Which of the following is a user-created source of potential evidence?: - Address book. 10. Which of the following is a computer-created source of potential evi- dence?: Swap file. 11. Which of the following is NOT where potential evidence may be located?- : Processor. 12. Under which of the following conditions will duplicate evidence NOT suffice?: When original evidence is in possession of the originator. 13. Which of the following Federal Rules of Evidence governs proceedings in the courts of the United States?: Rule 101. 14. Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the proceedings justly determined?: Rule 102. 15. Which of the following Federal Rules of Evidence contains rulings on evidence?: Rule 103 16. Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its proper scope and instruct the jury accord- ingly?: Rule 105 17. Which of the following refers to a set of methodological procedures and techniques to identify, gather, preserve, extract, interpret, document, and present evidence from computing equipment in such a manner that the discovered evidence is acceptable during a legal and/or administrative proceeding in a court of law?: Computer Forensics. 18. Computer Forensics deals with the process of finding related to a digital crime to find the culprits and initiate legal action against them.: Evi- dence. 19. Minimizing the tangible and intangible losses to the organization or an individual is considered an essential computer forensics use.: True. 20. Cybercrimes can be classified into the following two types of attacks, based on the line of attack.: Internal and External. 21. Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are examples of what?: Insider attack or primary attacks. 22. External attacks occur when there are inadequate information-security policies and procedures.: True. 23. Which type of cases involve disputes between two parties?: Civil. 24. A computer forensic examiner can investigate any crime as long as he or she takes detailed notes and follows the appropriate processes.: False. 25. is the standard investigative model used by the FBI when conducting investigations against major criminal organizations.: Enterprise Theory of Investigation (ETI). 26. Forensic readiness includes technical and nontechnical actions that maximize an organization's competence to use digital evidence.: True. 27. Which of the following is the process of developing a strategy to address the occurrence of any security breach in the system or network?: Incident Response. 28. Digital devices store data about session such as user and type of con- nection.: True. 29. Codes of ethics are the principles stated to describe the expected behav- ior of an investigator while handling a case. Which of the following is NOT a principle that a computer forensic investigator must follow?: Provide personal or prejudiced opinions. 30. What must an investigator do in order to offer a good report to a court of law and ease the prosecution?: Preserve the evidence. 31. What is the role of an expert witness?: To educate the public and court. 32. Which of the following is NOT a legitimate authorizer of a search war- rant?: First Responder. 33. Under which of the following circumstances has a court of law allowed investigators to perform searches without a warrant?: Delay in obtaining a warrant may lead to the destruction of evidence and hamper the investigation process. 34. Which of the following should be considered before planning and evalu- ating the budget for the forensic investigation case?: Breakdown of costs into daily and annual expenditure. 35. Which of the following should be physical location and structural design considerations for forensics labs?: Lab exteriors should have no windows. 36. Which of the following should be work area considerations for forensics labs?: Examiner station has an area of about 50-63 square feet. 37. Which of the following is NOT part of the Computer Forensics Investiga- tion Methodology?: Testify as an expert defendant. 38. Which of the following is NOT part of the Computer Forensics Investiga- tion Methodology?: Destroy the evidence. 39. Investigators can immediately take action after receiving a report of a security incident.: False. 40. In forensics laws, "authenticating or identifying evidences" comes under which rule?: Rule 901. 41. Courts call knowledgable persons to testify to the accuracy of the inves- tigative process. These people who tesify are known as the:: Expert witness- es. 42. A chain of custody is a critical document in the computer forensics investigation process because the document provides legal validation of appropriate evidence handling.: True. 43. Identify the following which was launched by the National Institute of Standards and Technology (NIST), that establishes a "methodology for test- ing computer forensics software tools by development of general tool spec- ifications, test procedures, test criteria, test sets, and test hardware.": Com- puter Forensic Tool Testing Project (CFTTP) 44. Which of the following is NOT a digital data storage type?: Quantum storage devices. 45. Which of the following is NOT a common computer file system?: EFX3 46. Which field type refers to the volume descriptor as a primary?: Number 1 47. Which logical drive holds the information regarding the data and files that are stored in the disk?: Extended partition. 48. How large is the partition table structure that stores information about the partitions present on the hard disk?: 64-byte. 49. How many bits are used by the MBR partition scheme for storing LBAs (Logical Block Addresses) and the size information on a 512-byte sector?: 32 bits 50. in the GUID Partition Table, which Logical Block Address contains the Partition Entry Array?: LBA 2 51. Which of the following describes when the user restarts the system via the operating system?: Warm booting. 52. Which Windows operating system power on and starts up using either the traditional BIOS-MBR method or the newer UEFI-GPT method?: Windows 8. 53. Which item describes the following UEFI boot process phase? The phase of EFI consisting of initializing the CPU, temporary memory, and boot firmware volume (BFV); locating and executing the chapters to initialize all the found hardware in the system; and creating a Hand-Off Block List with all found resources interface descriptors.: PEI (Pre-EFI Initialization) Phase. 54. Which of the following basic partitioning tools displays details about the GPT partition tables in Windows OS?: DiskPart. 55. What stage of the Linux boot process includes the task of loading the Linux kernel and optional initial RAM disk?: Bootloader Stage 56. What component of a typical FAT32 file system consists of data that the document framework uses to get to the volume and utilizes the framework parcel to stack the working portion documents?: Boot Sector. 57. Which component of the NTFS architecture is a computer system file driver for NTFS?: N 58. What is the name of the abstract layer that resides on top of a complete file system, allows client application to access various file systems, and consists of a dispatching layer and numerous caches?: Virtual File System (VFS) 59. Which information held by the superblock contains major and minor items that allow the mounting code to determine whether or not supported features are available to the file system?: Revision Level. 60. Which file system used in Linux was developed by Stephen Tweedie in 2001 as a journaling file system that improves reliability of the system?: Ext3 61. How many bit values does HFS use to address allocation blocks?: 16 62. What UFS file system part is composed of a few blocks in the partition reserved at the beginning?: Boot blocks. 63. What is a machine readable language used in major digital operations, such as sending and receiving emails?: ASCII 64. What is JPEG an acronym of?: Joint Photographic Experts Group 65. What is the proprietary Microsoft Office presentation file extension used in PowerPoint?: PPT 66. Which of the following is an example of optical media?: CD/DVD 67. In sector, addressing determines the address of the individual sector on the disk.: Cylinders, Heads, and Sectors (CHS) 68. is a 128 bit unique reference number used as an identifier in computer software?: Global Unique Identifier (GUID) 69. Mac OS uses a hierarchical file system.: True.