WGU D431 DIGITAL FORENSICS IN CYBERSECURITY
EXAM 2024 ACTUAL EXAM COMPLETE 200 QUESTIONS
WITH DETAILED VERIFIED ANSWERS (100% CORRECT
ANSWERS) /ALREADY GRADED A+
Criminal Law - ANSWER: The victim is "society" or the state
Civil Law - ANSWER: Penalties consist of financial restitution to the victim
Salami fraud - ANSWER: "slicing technique"; An attack consisting of a series of small
thefts spread over a large number of victims
Misdemeanor - ANSWER: a criminal charge where the maximum penalty is less than
one year incarceration
when creating your forensic toolkit, which two of the following items are essential to
your kit? - ANSWER: High-end processor; Forensic write blocker
Any digital evidence that is obtained without a search warrant is inadmissible in
court - ANSWER: False
if the chain of custody is broken the digital evidence will not stand up to scrutiny -
ANSWER: True
what is the most logical order for these events in regards to securing evidence? -
ANSWER: photograph, label, transport, present in court, return to owner
Subsequent to a search warrant where evidence is seized, what items should be left
behind? - ANSWER: Copy of the search warrant; list of items seized.
When the MFT or FAT is deleted or damaged, the files on partition are unrecoverable
- ANSWER: False
the unused space in a disk cluster is referred to as - ANSWER: slack space
which operating systems support the FAT32 file system - ANSWER: Windows XP/ME
you cannot format a 3.5 floppy disk with the NTFS file system - ANSWER: TRUE
courts have ruled that under any circumstances, a copy (or duplicate) of digital
evidence is admissible as an original as long as someone can - ANSWER: Authenticate
it
the goal of digital evidence acquisition process is to duplicate the original evidence in
a manner that - ANSWER: Protects; Preserves
,what are the three most widely used hashing authentication methods - ANSWER:
MD5;SHA1;CRC32
the MD5 hash algorithm produces a ______value - ANSWER: 128 bit
why is it preferred that the acquisition be conducted in the forensic laboratory -
ANSWER: the lab is a "controlled" environment, usually to avoid contamination; the
lab maintains additional resources not usually available "on scene"; there is less risk
of "cross-contamination" in a controlled laboratory setting
a computer forensic examination is any specific principle or technique that can be
applied to ____,______,_____ or ______ evidence during a criminal or civil
investigation - ANSWER: Identifying, recovering, reconstruction, analyzing
what is the main reason digital forensics diverges from the more traditional areas of
forensic investigations - ANSWER: the rate of technological change
which of the following is NOT one of the Alpha 5 protocols - ANSWER: Attack
creating "digital fingerprints" or cryptographic (hashing) checksums is part of which
phase of he Alpha 5 - ANSWER: Authentication
which of the following is not one of the four "Cardinal Rules" of computer forensics -
ANSWER: never document until all evidence is evaluated
A "target" describes - ANSWER: the object of a crime (victim)
what is the process of effectively finding digitalo based evidence - ANSWER: Digital
Forensic Analysis
to gather digital evidence based upon "levels of proof", Criminal proof is defined as
_____ and civil is _______ - ANSWER: Beyond a reasonable doubt; confirmation of a
fact by evidence
what is information readily available and accessible to the end-user? - ANSWER:
Backup datea
Data file of information that are no longer in active use, but stored separately to free
space on a hard drive are reffered to as - ANSWER: Archival data
"anyone or anything entering a crime/incident scene takes something with them and
leaves something of themselves behind when they depart - ANSWER: Locard's
Principle
what two processes carry out classification - ANSWER: Individualization;Comparison
, Inculpatory evidence - ANSWER: evidence that supports a given theory
exculpatory evidence - ANSWER: Evidence that contradicts a given theory
Weight of evidence - ANSWER: the strength, value and believability of evidence
presented on a factual issue by one side as compared to evidence introduced by the
other side is referred to:
Quality Assurance (QA) - ANSWER: what refers to the the measure that are taken by
the laboratory to monitor, verify, and document its performance
Quality Control (QC) - ANSWER: Quality Assurance serves as a functional check on
_____ in a laboratory
An efficient quality assurance program for a computer forensic laboratory involves
smooth integration of: - ANSWER: People, equipment, and protocols
Standard Operating Procedures (SOPs) - ANSWER: What baseline document may
allow your computer forensic laboratory operations to run smoothly?
What documents should be submitted at the completion of each computer forensic
examination? - ANSWER: Report of Investigation; Report of examination
What type of technology should be used to preview digital media in a GUI
environment without making changed to the media? - ANSWER: read only
Tools that may be used to try to conduct a preview of digital media - ANSWER:
Access data FTK; Guidance Software's Encase; Mount Image Pro
the goal of digital evidence processing is to ______ and examine the data - ANSWER:
gain access to the data
why is recording the time/date information from the CMOS crucial to the
investigation? - ANSWER: it is helpful in correlating temporal data during the analysis
phase
Destruction; Damage; Alteration - ANSWER: As a computer forensic examiner, you
want to disconnect storage devices to protect data from:
Digital Artifact - ANSWER: A digital file produced or shaped by human craft, which
retains investigative or historical interest is called:
all persons involved in conducting examination of digital evidence should be: -
ANSWER: trained for this purpose
EXAM 2024 ACTUAL EXAM COMPLETE 200 QUESTIONS
WITH DETAILED VERIFIED ANSWERS (100% CORRECT
ANSWERS) /ALREADY GRADED A+
Criminal Law - ANSWER: The victim is "society" or the state
Civil Law - ANSWER: Penalties consist of financial restitution to the victim
Salami fraud - ANSWER: "slicing technique"; An attack consisting of a series of small
thefts spread over a large number of victims
Misdemeanor - ANSWER: a criminal charge where the maximum penalty is less than
one year incarceration
when creating your forensic toolkit, which two of the following items are essential to
your kit? - ANSWER: High-end processor; Forensic write blocker
Any digital evidence that is obtained without a search warrant is inadmissible in
court - ANSWER: False
if the chain of custody is broken the digital evidence will not stand up to scrutiny -
ANSWER: True
what is the most logical order for these events in regards to securing evidence? -
ANSWER: photograph, label, transport, present in court, return to owner
Subsequent to a search warrant where evidence is seized, what items should be left
behind? - ANSWER: Copy of the search warrant; list of items seized.
When the MFT or FAT is deleted or damaged, the files on partition are unrecoverable
- ANSWER: False
the unused space in a disk cluster is referred to as - ANSWER: slack space
which operating systems support the FAT32 file system - ANSWER: Windows XP/ME
you cannot format a 3.5 floppy disk with the NTFS file system - ANSWER: TRUE
courts have ruled that under any circumstances, a copy (or duplicate) of digital
evidence is admissible as an original as long as someone can - ANSWER: Authenticate
it
the goal of digital evidence acquisition process is to duplicate the original evidence in
a manner that - ANSWER: Protects; Preserves
,what are the three most widely used hashing authentication methods - ANSWER:
MD5;SHA1;CRC32
the MD5 hash algorithm produces a ______value - ANSWER: 128 bit
why is it preferred that the acquisition be conducted in the forensic laboratory -
ANSWER: the lab is a "controlled" environment, usually to avoid contamination; the
lab maintains additional resources not usually available "on scene"; there is less risk
of "cross-contamination" in a controlled laboratory setting
a computer forensic examination is any specific principle or technique that can be
applied to ____,______,_____ or ______ evidence during a criminal or civil
investigation - ANSWER: Identifying, recovering, reconstruction, analyzing
what is the main reason digital forensics diverges from the more traditional areas of
forensic investigations - ANSWER: the rate of technological change
which of the following is NOT one of the Alpha 5 protocols - ANSWER: Attack
creating "digital fingerprints" or cryptographic (hashing) checksums is part of which
phase of he Alpha 5 - ANSWER: Authentication
which of the following is not one of the four "Cardinal Rules" of computer forensics -
ANSWER: never document until all evidence is evaluated
A "target" describes - ANSWER: the object of a crime (victim)
what is the process of effectively finding digitalo based evidence - ANSWER: Digital
Forensic Analysis
to gather digital evidence based upon "levels of proof", Criminal proof is defined as
_____ and civil is _______ - ANSWER: Beyond a reasonable doubt; confirmation of a
fact by evidence
what is information readily available and accessible to the end-user? - ANSWER:
Backup datea
Data file of information that are no longer in active use, but stored separately to free
space on a hard drive are reffered to as - ANSWER: Archival data
"anyone or anything entering a crime/incident scene takes something with them and
leaves something of themselves behind when they depart - ANSWER: Locard's
Principle
what two processes carry out classification - ANSWER: Individualization;Comparison
, Inculpatory evidence - ANSWER: evidence that supports a given theory
exculpatory evidence - ANSWER: Evidence that contradicts a given theory
Weight of evidence - ANSWER: the strength, value and believability of evidence
presented on a factual issue by one side as compared to evidence introduced by the
other side is referred to:
Quality Assurance (QA) - ANSWER: what refers to the the measure that are taken by
the laboratory to monitor, verify, and document its performance
Quality Control (QC) - ANSWER: Quality Assurance serves as a functional check on
_____ in a laboratory
An efficient quality assurance program for a computer forensic laboratory involves
smooth integration of: - ANSWER: People, equipment, and protocols
Standard Operating Procedures (SOPs) - ANSWER: What baseline document may
allow your computer forensic laboratory operations to run smoothly?
What documents should be submitted at the completion of each computer forensic
examination? - ANSWER: Report of Investigation; Report of examination
What type of technology should be used to preview digital media in a GUI
environment without making changed to the media? - ANSWER: read only
Tools that may be used to try to conduct a preview of digital media - ANSWER:
Access data FTK; Guidance Software's Encase; Mount Image Pro
the goal of digital evidence processing is to ______ and examine the data - ANSWER:
gain access to the data
why is recording the time/date information from the CMOS crucial to the
investigation? - ANSWER: it is helpful in correlating temporal data during the analysis
phase
Destruction; Damage; Alteration - ANSWER: As a computer forensic examiner, you
want to disconnect storage devices to protect data from:
Digital Artifact - ANSWER: A digital file produced or shaped by human craft, which
retains investigative or historical interest is called:
all persons involved in conducting examination of digital evidence should be: -
ANSWER: trained for this purpose
