WGU C702 Forensics and Network Intrusion Final Exam
Practice Questions with Verified Answers
1: What is the primary purpose of digital forensics in a network intrusion
investigation? --- correct answer ---
The primary purpose of digital forensics in a network intrusion
investigation is to identify, preserve, analyze, and present digital evidence
in a manner that is legally admissible.
2: What are the four phases of the digital forensics process? --- correct
answer ---
The four phases of the digital forensics process are Identification,
Preservation, Analysis, and Presentation.
3: Which tool is commonly used for capturing network traffic for forensic
analysis? --- correct answer ---
Wireshark is a commonly used tool for capturing network traffic for
forensic analysis.
,4: What is a hash function, and why is it important in digital forensics? ---
correct answer ---
A hash function is a cryptographic algorithm that converts data into a
fixed-size string of characters, which is important in digital forensics to
verify the integrity of evidence by ensuring it has not been altered.
5: What does the term chain of custody refer to in digital forensics? ---
correct answer ---
The term chain of custody refers to the documented process that records the
handling, transfer, and storage of evidence to ensure its integrity and
admissibility in court.
6: What is the difference between a static and a dynamic analysis in
malware forensics? --- correct answer ---
Static analysis involves examining the code of malware without executing
it, while dynamic analysis involves running the malware in a controlled
environment to observe its behavior.
7: What is the role of an incident response team in a network intrusion? ---
correct answer ---
, The role of an incident response team in a network intrusion is to quickly
identify, contain, and mitigate the effects of the intrusion, as well as to
collect and preserve evidence for further investigation.
8: What is the significance of timestamps in digital evidence? --- correct
answer ---
Timestamps are significant in digital evidence as they provide a
chronological context for events, helping to establish timelines and verify
the sequence of actions.
9: What is the purpose of using a write blocker during forensic imaging? ---
correct answer ---
The purpose of using a write blocker during forensic imaging is to prevent
any data from being written to the source drive, ensuring the integrity of
the evidence.
10: What is the difference between a hot site and a cold site in disaster
recovery planning? --- correct answer ---
A hot site is a fully operational backup facility equipped with hardware and
software, ready for immediate use, while a cold site is a location without
equipment, requiring setup before it can be used.
Practice Questions with Verified Answers
1: What is the primary purpose of digital forensics in a network intrusion
investigation? --- correct answer ---
The primary purpose of digital forensics in a network intrusion
investigation is to identify, preserve, analyze, and present digital evidence
in a manner that is legally admissible.
2: What are the four phases of the digital forensics process? --- correct
answer ---
The four phases of the digital forensics process are Identification,
Preservation, Analysis, and Presentation.
3: Which tool is commonly used for capturing network traffic for forensic
analysis? --- correct answer ---
Wireshark is a commonly used tool for capturing network traffic for
forensic analysis.
,4: What is a hash function, and why is it important in digital forensics? ---
correct answer ---
A hash function is a cryptographic algorithm that converts data into a
fixed-size string of characters, which is important in digital forensics to
verify the integrity of evidence by ensuring it has not been altered.
5: What does the term chain of custody refer to in digital forensics? ---
correct answer ---
The term chain of custody refers to the documented process that records the
handling, transfer, and storage of evidence to ensure its integrity and
admissibility in court.
6: What is the difference between a static and a dynamic analysis in
malware forensics? --- correct answer ---
Static analysis involves examining the code of malware without executing
it, while dynamic analysis involves running the malware in a controlled
environment to observe its behavior.
7: What is the role of an incident response team in a network intrusion? ---
correct answer ---
, The role of an incident response team in a network intrusion is to quickly
identify, contain, and mitigate the effects of the intrusion, as well as to
collect and preserve evidence for further investigation.
8: What is the significance of timestamps in digital evidence? --- correct
answer ---
Timestamps are significant in digital evidence as they provide a
chronological context for events, helping to establish timelines and verify
the sequence of actions.
9: What is the purpose of using a write blocker during forensic imaging? ---
correct answer ---
The purpose of using a write blocker during forensic imaging is to prevent
any data from being written to the source drive, ensuring the integrity of
the evidence.
10: What is the difference between a hot site and a cold site in disaster
recovery planning? --- correct answer ---
A hot site is a fully operational backup facility equipped with hardware and
software, ready for immediate use, while a cold site is a location without
equipment, requiring setup before it can be used.
