WGU C724: INFORMATION SYSTEMS MANAGEMENT
COMPREHENSIVE QUESTIONS AND VERIFIED ANSWERS
[ALL PASSED] 2024 UPDATE
Which of the following should be physical location and structural design considerations for
forensics labs?
A. Lightweight construction materials need to be used.
B. Computer systems should be visible from every angle.
C. Room size should be compact with standard HVAC equipment.
D. Sufficient space to place all equipment to include storage
D
Which of the following is not part of the Computer Forensics Investigation Methodology?
A. Testify as an expert witness
B. Testify as an expert defendant
C. Data analysis
D. Data acquisition
B
Investigators can immediately take action after receiving a report of a security incident.
A. False
B. True
A
Under which of the following circumstances has a court of law allowed investigators to
perform searches without a warrant?
A. Expediting the process of obtaining a warrant may lead to the timely prosecution of a
perpetrator.
B. Delay in obtaining a warrant may lead to the preservation of evidence and expedite the
investigation process.
C. Delay in obtaining a warrant may lead to the destruction of evidence and hamper the
investigation process.
D. Expediting the process of obtaining a warrant may lead to a delay in prosecution of a
perpetrator.
C
Identify the following project, which was launched by the National Institute of Standards
and Technology (NIST), that establishes a "methodology for testing computer forensics
software tools by development of general tool specifications, test procedures, test criteria,
test sets, and test hardware."
A. Computer Forensic Hardware Project (CFHP)
B. Computer Forensic Investigation Project (CFIP)
C. Computer Forensic Tool Testing Project (CFTTP)
D. Enterprise Theory of Investigation (ETI)
,C
First responders can collect or recover data from any computer system or device that holds
electronic information.
A. True
B. False
B
What is not one of the measures a system or network administrator should take when
responding to an incident.
A. Transfer copies of system logs onto a clean media.
B. Record what is on the screen if the computer is switched on.
C. Immediately power down the computer if an ongoing attack is detected.
D. Document every detail relevant to the incident.
C
Written consent from the authority is sufficient to commence search and seizure activity.
A. True
B. False
A
When obtaining evidence, what action should a forensic investigator take if a computer is
switched on and the screen is viewable?
A. Remove the battery.
B. Move the mouse slowly.
C. Unplug the cable from the wall.
D. Photograph the screen.
D
Data duplication includes bit-by-bit copying of original data using a software or hardware
tool.
A. False
B. True
B
Which of the following is NOT a digital data storage type?
A. Optical storage devices
B. Quantum storage devices
C. Flash memory devices
D. Magnetic storage devices
B.
Computer Hacking Forensics Investigator Module 3 page 358.
What is NOT a Windows file system?
A. EXT3
B. FAT
,C. NTFS
D. FAT32
A.
Computer Hacking Forensics Investigator Module 3 page 256.
Which field type refers to teh volume descriptor as a primary?
A. Number 3
B. Number 0
C. Number 1
D. Number 2
C.
Computer Hacking Forensics Investigator Module 3 page 316.
Which logical drive holds the information regarding the data and files that are stored in
the disk?
A. Secondary partition
B. Primary partition
C. Tertiary partition
D. Extended partition
D.
Computer Hacking Forensics Investigator Module 3 page 230.
How large is the partition table structure that stores information about the partitions
present on the hard disk?
A. 32-bit
B. 64-bit
C. 32-byte
D. 64-byte
D.
Computer Hacking Forensics Investigator Module 3 page 227.
, How many bytes are used for the disk signatures in the structure of a master boot record
(MBR)?
A. 2
B. 24
C. 8
D. 64
A.
Computer Hacking Forensics Investigator Module 3 page 229.
In the GUID Partition Table, which Logical Block Address contains the Partition Entry
Array?
A. LBA 1
B. LBA 3
C. LBA 2
D. LBA 0
C.
Computer Hacking Forensics Investigator Module 3 page 235.
Which of the following describes when the user restarts the system via the operating
system?
A. Cold booting
B. Hot booting
C. Hard booting
D. Warm booting
D.
Computer Hacking Forensics Investigator Module 3 page 238.
Which Windows operating system powers on and starts up using either the traditional
BIOS-MBR method or the newer UEFI-GPT method?
A. Windows XP
B. Windows 8
COMPREHENSIVE QUESTIONS AND VERIFIED ANSWERS
[ALL PASSED] 2024 UPDATE
Which of the following should be physical location and structural design considerations for
forensics labs?
A. Lightweight construction materials need to be used.
B. Computer systems should be visible from every angle.
C. Room size should be compact with standard HVAC equipment.
D. Sufficient space to place all equipment to include storage
D
Which of the following is not part of the Computer Forensics Investigation Methodology?
A. Testify as an expert witness
B. Testify as an expert defendant
C. Data analysis
D. Data acquisition
B
Investigators can immediately take action after receiving a report of a security incident.
A. False
B. True
A
Under which of the following circumstances has a court of law allowed investigators to
perform searches without a warrant?
A. Expediting the process of obtaining a warrant may lead to the timely prosecution of a
perpetrator.
B. Delay in obtaining a warrant may lead to the preservation of evidence and expedite the
investigation process.
C. Delay in obtaining a warrant may lead to the destruction of evidence and hamper the
investigation process.
D. Expediting the process of obtaining a warrant may lead to a delay in prosecution of a
perpetrator.
C
Identify the following project, which was launched by the National Institute of Standards
and Technology (NIST), that establishes a "methodology for testing computer forensics
software tools by development of general tool specifications, test procedures, test criteria,
test sets, and test hardware."
A. Computer Forensic Hardware Project (CFHP)
B. Computer Forensic Investigation Project (CFIP)
C. Computer Forensic Tool Testing Project (CFTTP)
D. Enterprise Theory of Investigation (ETI)
,C
First responders can collect or recover data from any computer system or device that holds
electronic information.
A. True
B. False
B
What is not one of the measures a system or network administrator should take when
responding to an incident.
A. Transfer copies of system logs onto a clean media.
B. Record what is on the screen if the computer is switched on.
C. Immediately power down the computer if an ongoing attack is detected.
D. Document every detail relevant to the incident.
C
Written consent from the authority is sufficient to commence search and seizure activity.
A. True
B. False
A
When obtaining evidence, what action should a forensic investigator take if a computer is
switched on and the screen is viewable?
A. Remove the battery.
B. Move the mouse slowly.
C. Unplug the cable from the wall.
D. Photograph the screen.
D
Data duplication includes bit-by-bit copying of original data using a software or hardware
tool.
A. False
B. True
B
Which of the following is NOT a digital data storage type?
A. Optical storage devices
B. Quantum storage devices
C. Flash memory devices
D. Magnetic storage devices
B.
Computer Hacking Forensics Investigator Module 3 page 358.
What is NOT a Windows file system?
A. EXT3
B. FAT
,C. NTFS
D. FAT32
A.
Computer Hacking Forensics Investigator Module 3 page 256.
Which field type refers to teh volume descriptor as a primary?
A. Number 3
B. Number 0
C. Number 1
D. Number 2
C.
Computer Hacking Forensics Investigator Module 3 page 316.
Which logical drive holds the information regarding the data and files that are stored in
the disk?
A. Secondary partition
B. Primary partition
C. Tertiary partition
D. Extended partition
D.
Computer Hacking Forensics Investigator Module 3 page 230.
How large is the partition table structure that stores information about the partitions
present on the hard disk?
A. 32-bit
B. 64-bit
C. 32-byte
D. 64-byte
D.
Computer Hacking Forensics Investigator Module 3 page 227.
, How many bytes are used for the disk signatures in the structure of a master boot record
(MBR)?
A. 2
B. 24
C. 8
D. 64
A.
Computer Hacking Forensics Investigator Module 3 page 229.
In the GUID Partition Table, which Logical Block Address contains the Partition Entry
Array?
A. LBA 1
B. LBA 3
C. LBA 2
D. LBA 0
C.
Computer Hacking Forensics Investigator Module 3 page 235.
Which of the following describes when the user restarts the system via the operating
system?
A. Cold booting
B. Hot booting
C. Hard booting
D. Warm booting
D.
Computer Hacking Forensics Investigator Module 3 page 238.
Which Windows operating system powers on and starts up using either the traditional
BIOS-MBR method or the newer UEFI-GPT method?
A. Windows XP
B. Windows 8
