WGU C702 CHFI AND OA
Which of the following is true regarding computer forensics? - Answer-Computer
forensics deals with the process of finding evidence related to a digital crime to find the
culprits and initiate legal action against them.
Which of the following is NOT a objective of computer forensics? - Answer-Document
vulnerabilities allowing further loss of intellectual property, finances, and reputation
during an attack.
Which of the following is true regarding Enterprise Theory of Investigation (ETI)? -
Answer-It adopts a holistic approach toward any criminal activity as a criminal operation
rather as a single criminal act.
Forensic readiness refers to: - Answer-An organization's ability to make optimal use of
digital evidence in a limited time period and with minimal investigation costs.
Which of the following is NOT a element of cybercrime? - Answer-Evidence smaller in
size.
Which of the following is true of cybercrimes? - Answer-Investigators, with a warrant,
have the authority to forcibly seize the computing devices.
Which of the following is true of cybercrimes? - Answer-The initial reporting of the
evidence is usually informal.
Which of the following is NOT a consideration during a cybercrime investigation? -
Answer-Value or cost to the victim.
Which of the following is a user-created source of potential evidence? - Answer-Address
book.
Which of the following is a computer-created source of potential evidence? - Answer-
Swap file.
Which of the following is NOT where potential evidence may be located? - Answer-
Processor.
Under which of the following conditions will duplicate evidence NOT suffice? - Answer-
When original evidence is in possession of the originator.
Which of the following Federal Rules of Evidence governs proceedings in the courts of
the United States? - Answer-Rule 101.
Which of the following Federal Rules of Evidence ensures that the truth may be
ascertained and the proceedings justly determined? - Answer-Rule 102.
,Which of the following Federal Rules of Evidence contains rulings on evidence? -
Answer-Rule 103
Which of the following Federal Rules of Evidence states that the court shall restrict the
evidence to its proper scope and instruct the jury accordingly? - Answer-Rule 105
Which of the following refers to a set of methodological procedures and techniques to
identify, gather, preserve, extract, interpret, document, and present evidence from
computing equipment in such a manner that the discovered evidence is acceptable
during a legal and/or administrative proceeding in a court of law? - Answer-Computer
Forensics.
Computer Forensics deals with the process of finding _____ related to a digital crime to
find the culprits and initiate legal action against them. - Answer-Evidence.
Minimizing the tangible and intangible losses to the organization or an individual is
considered an essential computer forensics use. - Answer-True.
Cybercrimes can be classified into the following two types of attacks, based on the line
of attack. - Answer-Internal and External.
Espionage, theft of intellectual property, manipulation of records, and trojan horse
attacks are examples of what? - Answer-Insider attack or primary attacks.
External attacks occur when there are inadequate information-security policies and
procedures. - Answer-True.
Which type of cases involve disputes between two parties? - Answer-Civil.
A computer forensic examiner can investigate any crime as long as he or she takes
detailed notes and follows the appropriate processes. - Answer-False.
________ is the standard investigative model used by the FBI when conducting
investigations against major criminal organizations. - Answer-Enterprise Theory of
Investigation (ETI).
Forensic readiness includes technical and nontechnical actions that maximize an
organization's competence to use digital evidence. - Answer-True.
Which of the following is the process of developing a strategy to address the occurrence
of any security breach in the system or network? - Answer-Incident Response.
Digital devices store data about session such as user and type of connection. - Answer-
True.
, Codes of ethics are the principles stated to describe the expected behavior of an
investigator while handling a case. Which of the following is NOT a principle that a
computer forensic investigator must follow? - Answer-Provide personal or prejudiced
opinions.
What must an investigator do in order to offer a good report to a court of law and ease
the prosecution? - Answer-Preserve the evidence.
What is the role of an expert witness? - Answer-To educate the public and court.
Which of the following is NOT a legitimate authorizer of a search warrant? - Answer-
First Responder.
Under which of the following circumstances has a court of law allowed investigators to
perform searches without a warrant? - Answer-Delay in obtaining a warrant may lead to
the destruction of evidence and hamper the investigation process.
Which of the following should be considered before planning and evaluating the budget
for the forensic investigation case? - Answer-Breakdown of costs into daily and annual
expenditure.
Which of the following should be physical location and structural design considerations
for forensics labs? - Answer-Lab exteriors should have no windows.
Which of the following should be work area considerations for forensics labs? - Answer-
Examiner station has an area of about 50-63 square feet.
Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - Answer-Testify as an expert defendant.
Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - Answer-Destroy the evidence.
Investigators can immediately take action after receiving a report of a security incident. -
Answer-False.
In forensics laws, "authenticating or identifying evidences" comes under which rule? -
Answer-Rule 901.
Courts call knowledgable persons to testify to the accuracy of the investigative process.
These people who tesify are known as the: - Answer-Expert witnesses.
A chain of custody is a critical document in the computer forensics investigation process
because the document provides legal validation of appropriate evidence handling. -
Answer-True.
Which of the following is true regarding computer forensics? - Answer-Computer
forensics deals with the process of finding evidence related to a digital crime to find the
culprits and initiate legal action against them.
Which of the following is NOT a objective of computer forensics? - Answer-Document
vulnerabilities allowing further loss of intellectual property, finances, and reputation
during an attack.
Which of the following is true regarding Enterprise Theory of Investigation (ETI)? -
Answer-It adopts a holistic approach toward any criminal activity as a criminal operation
rather as a single criminal act.
Forensic readiness refers to: - Answer-An organization's ability to make optimal use of
digital evidence in a limited time period and with minimal investigation costs.
Which of the following is NOT a element of cybercrime? - Answer-Evidence smaller in
size.
Which of the following is true of cybercrimes? - Answer-Investigators, with a warrant,
have the authority to forcibly seize the computing devices.
Which of the following is true of cybercrimes? - Answer-The initial reporting of the
evidence is usually informal.
Which of the following is NOT a consideration during a cybercrime investigation? -
Answer-Value or cost to the victim.
Which of the following is a user-created source of potential evidence? - Answer-Address
book.
Which of the following is a computer-created source of potential evidence? - Answer-
Swap file.
Which of the following is NOT where potential evidence may be located? - Answer-
Processor.
Under which of the following conditions will duplicate evidence NOT suffice? - Answer-
When original evidence is in possession of the originator.
Which of the following Federal Rules of Evidence governs proceedings in the courts of
the United States? - Answer-Rule 101.
Which of the following Federal Rules of Evidence ensures that the truth may be
ascertained and the proceedings justly determined? - Answer-Rule 102.
,Which of the following Federal Rules of Evidence contains rulings on evidence? -
Answer-Rule 103
Which of the following Federal Rules of Evidence states that the court shall restrict the
evidence to its proper scope and instruct the jury accordingly? - Answer-Rule 105
Which of the following refers to a set of methodological procedures and techniques to
identify, gather, preserve, extract, interpret, document, and present evidence from
computing equipment in such a manner that the discovered evidence is acceptable
during a legal and/or administrative proceeding in a court of law? - Answer-Computer
Forensics.
Computer Forensics deals with the process of finding _____ related to a digital crime to
find the culprits and initiate legal action against them. - Answer-Evidence.
Minimizing the tangible and intangible losses to the organization or an individual is
considered an essential computer forensics use. - Answer-True.
Cybercrimes can be classified into the following two types of attacks, based on the line
of attack. - Answer-Internal and External.
Espionage, theft of intellectual property, manipulation of records, and trojan horse
attacks are examples of what? - Answer-Insider attack or primary attacks.
External attacks occur when there are inadequate information-security policies and
procedures. - Answer-True.
Which type of cases involve disputes between two parties? - Answer-Civil.
A computer forensic examiner can investigate any crime as long as he or she takes
detailed notes and follows the appropriate processes. - Answer-False.
________ is the standard investigative model used by the FBI when conducting
investigations against major criminal organizations. - Answer-Enterprise Theory of
Investigation (ETI).
Forensic readiness includes technical and nontechnical actions that maximize an
organization's competence to use digital evidence. - Answer-True.
Which of the following is the process of developing a strategy to address the occurrence
of any security breach in the system or network? - Answer-Incident Response.
Digital devices store data about session such as user and type of connection. - Answer-
True.
, Codes of ethics are the principles stated to describe the expected behavior of an
investigator while handling a case. Which of the following is NOT a principle that a
computer forensic investigator must follow? - Answer-Provide personal or prejudiced
opinions.
What must an investigator do in order to offer a good report to a court of law and ease
the prosecution? - Answer-Preserve the evidence.
What is the role of an expert witness? - Answer-To educate the public and court.
Which of the following is NOT a legitimate authorizer of a search warrant? - Answer-
First Responder.
Under which of the following circumstances has a court of law allowed investigators to
perform searches without a warrant? - Answer-Delay in obtaining a warrant may lead to
the destruction of evidence and hamper the investigation process.
Which of the following should be considered before planning and evaluating the budget
for the forensic investigation case? - Answer-Breakdown of costs into daily and annual
expenditure.
Which of the following should be physical location and structural design considerations
for forensics labs? - Answer-Lab exteriors should have no windows.
Which of the following should be work area considerations for forensics labs? - Answer-
Examiner station has an area of about 50-63 square feet.
Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - Answer-Testify as an expert defendant.
Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - Answer-Destroy the evidence.
Investigators can immediately take action after receiving a report of a security incident. -
Answer-False.
In forensics laws, "authenticating or identifying evidences" comes under which rule? -
Answer-Rule 901.
Courts call knowledgable persons to testify to the accuracy of the investigative process.
These people who tesify are known as the: - Answer-Expert witnesses.
A chain of custody is a critical document in the computer forensics investigation process
because the document provides legal validation of appropriate evidence handling. -
Answer-True.
