WGU C702 - Forensics and Network
Intrusion-Exam 2023 Questions and
Answers
Civil Case - ANSWER-A case involving a noncriminal matter such as a contract dispute
or a claim of patent infringement between two parties.
Criminal Case - ANSWER-A type of case that involve actions that go against the
interests of society, the burden of proving that the accused is guilty lies entirely with the
prosecution.
Administrative Investigation - ANSWER-An internal investigation by an organization to
discover if its employees, clients, and partners are complying with the rules or policies.
Linux Boot Process - ANSWER-1. BIOS Stage: First stage. It initializes the system
hardware during the booting process. The BIOS retrieves the information stored in the
complementary metal-oxide semiconductor (CMOS) chip, which is a battery-operated
memory chip on the motherboard that contains information about the system's hardware
configuration. During the boot process, the BIOS performs a POST to ensure that all the
hardware components of the system are operational.
2. Bootloader Stage: Second stage. The bootloader stage includes the task of loading
the Linux kernel and optional initial RAM disk. The kernel enables the CPU to access
RAM and the disk.
3. Kernel Stage: Third stage. Once the control shifts from the bootloader stage to the
kernel stage, the virtual root file system created by the initrd image executes the Linuxrc
program. This program generates the real file system for the kernel and later removes
the initrd image.
42 4D - ANSWER-BMP
FF D8 FF - ANSWER-JPEG (Joint Photographic Experts Group)
47 49 46 - ANSWER-GIF
49 49
4D4D - ANSWER-TIF
TIFF
, Virtual File System (VFS) - ANSWER-a common software interface that sits between
the kernel and real file systems.
We can mount multiple different types of file systems on the same Linux installation, and
they will appear uniform to the user and to all other applications; examples include
/proc/, /sys/,/boot/initramfs, devtmpfs, and debugfs
Superblock - Magic number - ANSWER-Allows the mounting software to verify the
Superblock for the ext2 file system. For the present ext2 version, it is 0xEF53.
Superblock - Revision Level - ANSWER-The major and minor revision levels allow the
mounting code to determine whether a file system supports features that are only
available in particular revisions of the file system.
Superblock - Mount count - ANSWER-These allow the system to determine if it needs to
fully check the file system. The mount count is incremented each time the system
mounts the file system.
Sector - ANSWER-Section of the platter holding data. Shaped like a slice of pizza.
Tracks - ANSWER-The tracks are the thin concentric circular strips of sectors. At least
one head is required to read a single track.
Cylinders - ANSWER-A cylinder is a division of data in a disk drive, as used in the CHS
addressing mode of a Fixed Block Architecture disk or the cylinder-head-record
(CCHHR) addressing mode of a CKD disk.
Head - ANSWER-Reads and writes data in a hard drive by manipulating the magnetic
medium that composes the surface of an associated disk platter.
Clusters - ANSWER-These are the smallest accessible storage units on a hard disk.
File systems divide the volume of data stored on the disk into discreet chunks of data
for optimal performance and efficient disk usage. Clusters are formed by combining
sectors to ease the process of handling files. Also called allocation units, clusters are
sets of tracks and sectors ranging from cluster number 2 to 32 or higher, depending on
the formatting scheme. File allocation systems must be flexible to allocate the required
sectors to files. The allocation can be of the size of one sector per cluster. Any read or
write process consumes a minimum space of one cluster.
Program Packers - ANSWER-Used by attackers to hide their data. In this regard, the
technique is similar to cryptography. The packers compress the files using various
algorithms. Hence, unless the investigators know the tool that has been used to pack
the file and have a tool to unpack it, they will not be able to access it.
Windows Logged-On Commands - ANSWER-Net Sessions
Intrusion-Exam 2023 Questions and
Answers
Civil Case - ANSWER-A case involving a noncriminal matter such as a contract dispute
or a claim of patent infringement between two parties.
Criminal Case - ANSWER-A type of case that involve actions that go against the
interests of society, the burden of proving that the accused is guilty lies entirely with the
prosecution.
Administrative Investigation - ANSWER-An internal investigation by an organization to
discover if its employees, clients, and partners are complying with the rules or policies.
Linux Boot Process - ANSWER-1. BIOS Stage: First stage. It initializes the system
hardware during the booting process. The BIOS retrieves the information stored in the
complementary metal-oxide semiconductor (CMOS) chip, which is a battery-operated
memory chip on the motherboard that contains information about the system's hardware
configuration. During the boot process, the BIOS performs a POST to ensure that all the
hardware components of the system are operational.
2. Bootloader Stage: Second stage. The bootloader stage includes the task of loading
the Linux kernel and optional initial RAM disk. The kernel enables the CPU to access
RAM and the disk.
3. Kernel Stage: Third stage. Once the control shifts from the bootloader stage to the
kernel stage, the virtual root file system created by the initrd image executes the Linuxrc
program. This program generates the real file system for the kernel and later removes
the initrd image.
42 4D - ANSWER-BMP
FF D8 FF - ANSWER-JPEG (Joint Photographic Experts Group)
47 49 46 - ANSWER-GIF
49 49
4D4D - ANSWER-TIF
TIFF
, Virtual File System (VFS) - ANSWER-a common software interface that sits between
the kernel and real file systems.
We can mount multiple different types of file systems on the same Linux installation, and
they will appear uniform to the user and to all other applications; examples include
/proc/, /sys/,/boot/initramfs, devtmpfs, and debugfs
Superblock - Magic number - ANSWER-Allows the mounting software to verify the
Superblock for the ext2 file system. For the present ext2 version, it is 0xEF53.
Superblock - Revision Level - ANSWER-The major and minor revision levels allow the
mounting code to determine whether a file system supports features that are only
available in particular revisions of the file system.
Superblock - Mount count - ANSWER-These allow the system to determine if it needs to
fully check the file system. The mount count is incremented each time the system
mounts the file system.
Sector - ANSWER-Section of the platter holding data. Shaped like a slice of pizza.
Tracks - ANSWER-The tracks are the thin concentric circular strips of sectors. At least
one head is required to read a single track.
Cylinders - ANSWER-A cylinder is a division of data in a disk drive, as used in the CHS
addressing mode of a Fixed Block Architecture disk or the cylinder-head-record
(CCHHR) addressing mode of a CKD disk.
Head - ANSWER-Reads and writes data in a hard drive by manipulating the magnetic
medium that composes the surface of an associated disk platter.
Clusters - ANSWER-These are the smallest accessible storage units on a hard disk.
File systems divide the volume of data stored on the disk into discreet chunks of data
for optimal performance and efficient disk usage. Clusters are formed by combining
sectors to ease the process of handling files. Also called allocation units, clusters are
sets of tracks and sectors ranging from cluster number 2 to 32 or higher, depending on
the formatting scheme. File allocation systems must be flexible to allocate the required
sectors to files. The allocation can be of the size of one sector per cluster. Any read or
write process consumes a minimum space of one cluster.
Program Packers - ANSWER-Used by attackers to hide their data. In this regard, the
technique is similar to cryptography. The packers compress the files using various
algorithms. Hence, unless the investigators know the tool that has been used to pack
the file and have a tool to unpack it, they will not be able to access it.
Windows Logged-On Commands - ANSWER-Net Sessions
