WGU C840 Digital Forensics in Cybersecurity, Final Exam Questions and Answers Latest 2024/2025 (100% VERIFIED)

The chief information officer of an accounting firm believes sensitive data is being exposed on the local network. Which tool should the IT staff use to gather digital evidence about this security vulnerability? A Sniffer B Disk analyzer C Tracer D Virus scanner - A A police detective investigating a threat traces the source to a house. The couple at the house shows the detective the only computer the family owns, which is in their son's bedroom. The couple states that their son is presently in class at a local middle school. How should the detective legally gain access to the computer? A Obtain a search warrant from the police B Seize the computer under the USA Patriot Act C Obtain consent to search from the parents D Seize the computer under the Computer Security Act - C How should a forensic scientist obtain the network configuration from a Windows PC before seizing it from a crime scene? A By using the ipconfig command from a command prompt on the computer B By using the tracert command from a command prompt on the computer C By logging into the router to which the PC is connected D By installing a network packet sniffer on the computer - A The human resources manager of a small accounting firm believes he may have been a victim of a phishing scam. The manager clicked on a link in an email message that asked him to verify the logon credentials for the firm's online bank account. Which digital evidence should a forensic investigator collect to investigate this incident? A System log B Security log C Disk cache D Browser cache - D After a company's single-purpose, dedicated messaging server is hacked by a cybercriminal, a forensics expert is hired to investigate the crime and collect evidence. Which digital evidence should be collected? WGU C840 Digital Forensics in Cybersecurity, Final Exam Questions and Answers Latest 2024/2025 (100% Solved) A Web server logs B Firewall logs C Phishing emails D Spam messages - B Thomas received an email stating that he needed to follow a link and verify his bank account information to ensure it was secure. Shortly after following the instructions, Thomas noticed money was missing from his account. Which digital evidence should be considered to determine how Thomas' account information was compromised? A Social media accounts B Router logs C Flash drive contents D Email messages - D The chief executive officer (CEO) of a small computer company has identified a potential hacking attack from an outside competitor. Which type of evidence should a forensics investigator use to identify the source of the hack? A Disk drive backups B Network transaction logs C Browser history D Email headers - B A forensic scientist arrives at a crime scene to begin collecting evidence. What is the first thing the forensic scientist should do? A Turn off the power to the entire area being examined B Unplug all network connections so data cannot be deleted remotely C Gather up all physical evidence and move it out as quickly as possible D Photograph all evidence in its original place - D Which method of copying digital evidence ensures proper evidence collection? A Make the copy using file transfer B Copy files using drag and drop C Make the copy at the bit-level D Copy the logical partitions - C A computer involved in a crime is infected with malware. The computer is on and connected to the company's network. The forensic investigator arrives at the scene. Which action should be the investigator's first step? A Remove the malware and secure the computer. B Unplug the computer's power cord. C Unplug the computer's Ethernet cable. D Label all the attachments and secure the computer. - C What are the three basic tasks that a systems forensic specialist must keep in mind when handling evidence during a cybercrime investigation? Answer options may be used more than once or not at all. Select your answers from the pull-down list. 1 Preserve evidence 2 Catalog evidence 3 Prepare evidence 4 Make multiple copies of evidence 5 Disseminate evidence 6 Prepare evidence report 7 Find evidence A 1,3,7 B 2,3,7 - A How do forensic specialists show that digital evidence was handled in a protected, secure manner during the process of collecting and analyzing the evidence? A Forensic lab logbooks B Forensic software logs C Chain of custody D Chain of email messages - C Which characteristic applies to magnetic drives compared to solid-state drives (SSDs)? A Lower capacity B Better durability C Lower power consumption D Lower cost - D Which characteristic applies to solid-state drives (SSDs) compared to magnetic drives? A They have slower start-up times. B They cost less. C They are less susceptible to damage. D They use more power. - C Which type of storage format should be transported in a special bag to reduce electrostatic interference? A Solid-state drives B Magnetic media C Digital audio tapes D Optical media - B Which Windows component is responsible for reading the file and displaying the boot loader menu on Windows XP during the boot process? A Win32 subsystem B NTLDR C NTOSKRNL D Windows Registry - B The following line of code is an example of how to make a forensic copy of a suspect drive:dd if=/dev/mem of=/evidence/y1 Which operating system should be used to run this command? A Chrome B BlackBerry C Windows D Linux - D Which file system is supported by Mac? A Hierarchical File System Plus (HFS+) B Extended File System (Ext) C Berkeley Fast File System (FFS) D Reiser File System (ReiserFS) - A Which law requires both parties to consent to the recording of a conversation? A Health Insurance Portability and Accountability Act (HIPAA) B USA Patriot Act C Communications Assistance to Law Enforcement Act (CALEA) D Electronic Communications Privacy Act (ECPA) - D Which law is related to the disclosure of personally identifiable protected health information (PHI)? A Electronic Communications Privacy Act B Health Insurance Portability and Accountability Act (HIPAA) C CAN-SPAM Act D Federal Privacy Act of 1974 - B Which U.S. law criminalizes the act of knowingly using a misleading domain name with the intent to deceive a minor into viewing harmful material? A 18 U.S.C. 2252B B CAN-SPAM Act C Communications Decency Act D Children's Online Privacy Protection Act (COPPA) - A Which U.S. law protects journalists from turning over their work or sources to law enforcement before the information is shared with the public? A The Privacy Protection Act (PPA) B The Federal Privacy Act C The Electronic Communications Privacy Act (ECPA) D The Communications Assistance to Law Enforcement Act (CALEA) - A Which law or guideline lists the four states a mobile device can be in when data is extracted from it? A NIST SP 101r1 Guidelines B NIST SP 800-72 Guidelines C The USA Patriot Act D The Electronic Communications Privacy Act (ECPA) - B Which law includes a provision permitting the wiretapping of VoIP calls? A Communications Assistance to Law Enforcement Act (CALEA) B USA Patriot Act C Sarbanes-Oxley Act (SOX) D Electronic Communications Privacy Act (ECPA) - A Which policy is included in the CAN-SPAM Act? A The email sender must provide some mechanism whereby the receiver can opt out of future emails and that method cannot require the receiver to pay in order to opt out. B A business can claim the business extension exemption only for monitoring by certain types of equipment; the recording must occur in the ordinary course of business. C Whoever knowingly uses a misleading domain name on the Internet with the intent to deceive a person into viewing material constituting obscenity shall be fined or imprisoned not more than 2 years, or both. D Law enforcement officers may now intercept communications to and from the computer trespasser if they have reasonable grounds to believe that the trespasser's communications will be relevant to the investigation. - A Which United States law requires telecommunications equipment manufacturers to provide built-in surveillance capabilities for federal agencies? A Communication Assistance to Law Enforcement Act (CALEA) B Foreign Intelligence Surveillance Act (FISA) C Electronic Communication Privacy Act (ECPA) D USA Patriot Act - A Which law requires a search warrant or one of the recognized expectations to the search warrant requirements for searching email messages on a computer? A The Fourth Amendment to the U.S. Constitution B The CAN-SPAM Act C U.S.C 2252B D The Communication Assistance to Law Enforcement Act - A What is one purpose of steganography? A To decipher encrypted messages B To prevent images from being edited C To alter the color of a photo D To deliver information secretly - D Which method is used to implement steganography through pictures? A ROT13 B LSB C MD5 D 3DES - B The chief information security officer of a company believes that an attacker has infiltrated the company's network and is using steganography to communicate with external sources. A security team is investigating the incident. They are told to start by focusing on the core elements of steganography. What are the core elements of steganography? A Payload, carrier, channel B Process, intelligence, mobility C Transport, network, data link D Telemetry, cryptography, multiplexing - A A system administrator believes data are being leaked from the organization. The administrator decides to use steganography to hide tracking information in the types of files he thinks are being leaked. Which steganographic term describes this tracking information? A Carrier B Payload C Channel D Audit - B A criminal organization has compromised a third-party web server and is using it to control a botnet. The botnet server hides command and control messages through the DNS protocol. Which steganographic component are the command and control messages? A Carrier B Dead drop C Payload D Channel - C Which method is commonly used to hide data via steganography? A RSA B DES C LSB D AES - C A system administrator believes an employee is leaking information to a competitor by hiding confidential data in images being attached to outgoing emails. The administrator has captured the outgoing emails. Which tool should the forensic investigator use to search for the hidden data in the images? A Data Doctor B Forensic Toolkit (FTK) C Snow D Wolf - B A foreign government is communicating with its agents in the U.S. by hiding text messages in popular American songs, which are uploaded to the web. Which steganographic tool can be used to do this? A Snow B MP3Stego C Steganophony D QuickStego - B During a cyber-forensics investigation, a USB drive was found that contained multiple pictures of the same flower. How should an investigator use properties of a file to detect steganography? A Review the properties log looking for changes compared to the original file using a tool such as EnCase B Review the hexadecimal code looking for anomalies in the file headers and endings using a tool such as EnCase C Compare the file extensions using a tool such as Windows Explorer D Process the file using SHA-1 to generate a new hash value to compare using a tool such as FTK - B Where are local passwords stored for the Windows operating system? A SAM file in WindowsSecurity B In the registry key HKEY_LOCAL_MAHCINESECURITY C SAM file in WindowsSystem32 D In the registry key HKEY_LOCAL_MACHINESYSTEM - C Where on a Windows system is the config folder located that contains the SAM file? A C:WindowsSystem32 B C:WindowsSystemResources C C:Users D C:Program Files - A A forensic examiner wants to try to extract passwords for wireless networks to which a system was connected. Where should passwords for wireless networks be stored on a Windows XP system? A Program Files B BIOS C Bash D Registry - D Which Windows password cracking tool uses rainbow tables? A Sleuth Kit B Ophcrack C Digital Intelligence D ComputerCOP - B How does a rainbow table work to crack a password? A It starts with a hashed password and then decrypts each individual character. B It searches for passwords stored in RAM and startup files and then matches them to the predefined table. C It uses a table to store hash value for every character in the alphabet, then assembles them to create a match. D It uses a table of all possible keyboard combinations and their hash values, then searches for a match. - D What should a forensic investigator use to gather the most reliable routing information for tracking an email message? A Tracert B Netstat C Email header D Email address - C Which activity involves email tracing? A Performing nslookup on the recipient of the message B Determining the ownership of the source email server C Removing email header information D Making bit-by-bit copies of each of the email servers involved - B A forensic examiner reviews a laptop running OS X which has been compromised. The examiner wants to know if there were any mounted volumes created from USB drives