WGU C840 Digital Forensics in Cybersecurity
Exam (2023/ 2024 Update) Questions and
Verified Answers| 100% Correct
1). Expert report
Ans: A formal document prepared by a forensics specialist to document an
investigation, including a list of all tests conducted as well as the specialist's own
curriculum vitae (CV). Anything the specialist plans to testify about at a trial must be
included in the expert report.
2). Testimonial evidence
Ans: Information that forensic specialists use to support or interpret real or
documentary evidence; for example, to demonstrate that the fingerprints found on a
keyboard are those of a specific individual.
3). Daubert standard
Ans: The standard holding that only methods and tools widely accepted in the
scientific community can be used in court.
4). If the computer is turned on when you arrive, what does the secret service recommend you
do?
Ans: Shut down according to the recommended Secret Service procedure.
5). Communications assistance to law enforcement act of 1994
Ans: The Communications Assistance to Law Enforcement Act of 1994 is a federal
wiretap law for traditional wired telephony. It was expanded to include wireless, voice
over packet, and other forms of electronic communications, including signaling traffic
and metadata.
PaperStoc.com Page 1 of 25
, 6). Digital evidence
Ans: Digital evidence is information processed and assembled so that it is relevant to
an investigation and supports a specific finding or determination.
7). Federal privacy act of 1974
Ans: The Federal Privacy Act of 1974, a United States federal law that establishes a
code of Fair Information Practice that governs the collection, maintenance, use, and
dissemination of information about individuals that is maintained in systems of records
by U.S. federal agencies.
8). Power spy, verity, icu, and worktime
Ans: Spyware
9). Good fictitious e-mail response rate
Ans: 1-3%
10). Which crime is most likely to leave e-mail evidence?
Ans: Cyberstalking
11). Where would you seek evidence that ophcrack had been used on a windows server 2008
machine?
Ans: In the logs of the server; look for the reboot of the system
12). A syn flood is an example of what?
Ans: DoS attack
13). Definition of a virus, in relation to a computer?
Ans: a type of malware that requires a host program or human help to propagate
14). What is the starting point for investigating the denial of service attacks?
Ans: Tracing the packets
PaperStoc.com Page 2 of 25
, 15). China eagle union
Ans: The cyberterrorism group, the China Eagle Union, consists of several thousand
Chinese hackers whose stated goal is to infiltrate Western computer systems. Members
and leaders of the group insist that not only does the Chinese government have no
involvement in their activities, but that they are breaking Chinese law and are in constant
danger of arrest and imprisonment. However, most analysts believe this group is
working with the full knowledge and support of the Chinese government.
16). Rules of evidence
Ans: Rules that govern whether, when, how, and why proof of a legal case can be
placed before a judge or jury.
17). File slack
Ans: The unused space between the logical end of the file and the physical end of the
file. It is also called slack space.
18). The analysis plan
Ans: Before forensic examination can begin, an analysis plan should be created. This
plan guides work in the analysis process. How will you gather evidence? Are there
concerns about evidence being changed or destroyed? What tools are most appropriate
for this specific investigation? A standard data analysis plan should be created and
customized for specific situations and circumstances.
19). What is the most important reason that you not touch the actual original evidence any
more than you have to?
Ans: Each time you touch digital data, there is some chance of altering it.
20). You should make at least two bitstream copies of a suspect drive.
Ans: TRUE
21). To preserve digital evidence, an investigator should
Ans: make two copies of each evidence item using different imaging tools
22). What would be the primary reason for you to recommend for or against making a dos copy
PaperStoc.com Page 3 of 25
Exam (2023/ 2024 Update) Questions and
Verified Answers| 100% Correct
1). Expert report
Ans: A formal document prepared by a forensics specialist to document an
investigation, including a list of all tests conducted as well as the specialist's own
curriculum vitae (CV). Anything the specialist plans to testify about at a trial must be
included in the expert report.
2). Testimonial evidence
Ans: Information that forensic specialists use to support or interpret real or
documentary evidence; for example, to demonstrate that the fingerprints found on a
keyboard are those of a specific individual.
3). Daubert standard
Ans: The standard holding that only methods and tools widely accepted in the
scientific community can be used in court.
4). If the computer is turned on when you arrive, what does the secret service recommend you
do?
Ans: Shut down according to the recommended Secret Service procedure.
5). Communications assistance to law enforcement act of 1994
Ans: The Communications Assistance to Law Enforcement Act of 1994 is a federal
wiretap law for traditional wired telephony. It was expanded to include wireless, voice
over packet, and other forms of electronic communications, including signaling traffic
and metadata.
PaperStoc.com Page 1 of 25
, 6). Digital evidence
Ans: Digital evidence is information processed and assembled so that it is relevant to
an investigation and supports a specific finding or determination.
7). Federal privacy act of 1974
Ans: The Federal Privacy Act of 1974, a United States federal law that establishes a
code of Fair Information Practice that governs the collection, maintenance, use, and
dissemination of information about individuals that is maintained in systems of records
by U.S. federal agencies.
8). Power spy, verity, icu, and worktime
Ans: Spyware
9). Good fictitious e-mail response rate
Ans: 1-3%
10). Which crime is most likely to leave e-mail evidence?
Ans: Cyberstalking
11). Where would you seek evidence that ophcrack had been used on a windows server 2008
machine?
Ans: In the logs of the server; look for the reboot of the system
12). A syn flood is an example of what?
Ans: DoS attack
13). Definition of a virus, in relation to a computer?
Ans: a type of malware that requires a host program or human help to propagate
14). What is the starting point for investigating the denial of service attacks?
Ans: Tracing the packets
PaperStoc.com Page 2 of 25
, 15). China eagle union
Ans: The cyberterrorism group, the China Eagle Union, consists of several thousand
Chinese hackers whose stated goal is to infiltrate Western computer systems. Members
and leaders of the group insist that not only does the Chinese government have no
involvement in their activities, but that they are breaking Chinese law and are in constant
danger of arrest and imprisonment. However, most analysts believe this group is
working with the full knowledge and support of the Chinese government.
16). Rules of evidence
Ans: Rules that govern whether, when, how, and why proof of a legal case can be
placed before a judge or jury.
17). File slack
Ans: The unused space between the logical end of the file and the physical end of the
file. It is also called slack space.
18). The analysis plan
Ans: Before forensic examination can begin, an analysis plan should be created. This
plan guides work in the analysis process. How will you gather evidence? Are there
concerns about evidence being changed or destroyed? What tools are most appropriate
for this specific investigation? A standard data analysis plan should be created and
customized for specific situations and circumstances.
19). What is the most important reason that you not touch the actual original evidence any
more than you have to?
Ans: Each time you touch digital data, there is some chance of altering it.
20). You should make at least two bitstream copies of a suspect drive.
Ans: TRUE
21). To preserve digital evidence, an investigator should
Ans: make two copies of each evidence item using different imaging tools
22). What would be the primary reason for you to recommend for or against making a dos copy
PaperStoc.com Page 3 of 25
