WGU C840 Digital Forensics in
Cybersecurity OBJECTIVE ASSESSMENT
ACTUAL EXAM 2025/2026 QUESTIONS
WITH VERIFIED CORRECT SOLUTIONS ||
100% GUARANTEED PASS
<BRAND NEW VERSION>
1. FAT- ANSWER ✓Stores file locations by sector in a file called the file
allocation table. This table contains information about which clusters are
being used by which particular files and which clusters are free to be used.
2. NTFS (New Technology File System) - ANSWER ✓File system used by
Windows NT 4, 2000, XP, Vista, 7, Server 2003, and Server 2008. One
major improvement of this system was the increased volume sizes.
3. Extended file system- ANSWER ✓System created specifically for Linux.
There have been many versions; the current version is 4.
4. ReiserFS- ANSWER ✓Popular journaling file system, used primarily with
Linux. It was the first file system to be included with the standard Linux
kernel, and first appeared in kernel version 2.4.1.
5. The Berkeley Fast File System- ANSWER ✓This is also known as the
UNIX file system. Uses a bitmap to track free clusters, indicating which
clusters are available and which are not.
,6. Data hiding- ANSWER ✓Storage of data where an investigator is unlikely
to find it.
7. Data transformation- ANSWER ✓Disguising the meaning of information.
8. Data contraception- ANSWER ✓Storage of data where a forensic specialist
cannot analyze it.
9. Data fabrication- ANSWER ✓Uses false positives and false leads
extensively.
10.File system alteration- ANSWER ✓Corruption of data structures and files
that organize data.
11.Documentary evidence- ANSWER ✓data stored as written matter, on paper
or in electronic files. THIS includes memory-resident data and computer
files. Examples are e-mail messages, logs, databases, photographs, and
telephone call-detail records. Investigators must authenticate documentary
evidence.
12.Testimonial evidence- ANSWER ✓information that forensic specialists use
to support or interpret real or documentary evidence. For example, they may
employ THIS to demonstrate that the fingerprints found on a keyboard are
those of a specific individual. Or system access controls might show that a
particular user stored specific photographs on a desktop.
13.Demonstrative evidence- ANSWER ✓information that helps explain other
evidence. An example is a chart that explains a technical concept to the
judge and jury. Forensic specialists must often provide testimony to support
the conclusions of their analyses. For example, a member of an incident
response team might be required to testify that he or she identified the
computer program that deleted customer records at a specified date and time.
14.sector- ANSWER ✓the basic unit of data storage on a hard disk, which is
usually 512 bytes
15.The premier federal agency tasked with combating cybercrime. - ANSWER
✓The United States Secret Service
,16.Internet forensics- ANSWER ✓the process of piecing together where and
when a user has been on the Internet. For example, you can use THIS to
determine whether inappropriate Internet content access and downloading
were accidental.
17.Malware forensics is also known as- ANSWER ✓software forensics.
18.Anti-forensics - ANSWER ✓ The actions that perpetrators take to conceal
their locations, activities, or identities.
19.Cell-phone forensics - ANSWER ✓ The process of searching the contents of
cell phones.
20.Chain of custody - ANSWER ✓ The continuity of control of evidence that
makes it possible to account for all that has happened to evidence between
its original collection and its appearance in court, preferably unaltered
21.Computer forensics - ANSWER ✓ The use of analytical and investigative
techniques to identify, collect, examine and preserve computer-based
material for presentation as evidence in a court of law
22.Curriculum Vitae (CV) - ANSWER ✓ An extensive document expounding
one's experience and qualifications for a position, similar to a resume but
with more detail. In academia and expert work, a CV is usually used rather
than a resume
23.The Computer Security Act of 1987 - ANSWER ✓ Passed to improve the
security and privacy of sensitive information in federal computer systems.
The law requires the establishment of minimum acceptable security
practices, creation of computer security plans, and training of system users
or owners of facilities that house sensitive information.
24.The Foreign Intelligence Surveillance Act of 1978 (FISA) - ANSWER ✓ A
law that allows for collection of "foreign intelligence information" between
foreign powers and agents of foreign powers using physical and electronic
surveillance. A warrant is issued by a special court created by this Act for
actions under this Act.
, 25.The Child Protection and Sexual Predator Punishment Act of 1998 -
ANSWER ✓ Requires service providers that become aware of the storage or
transmission of child pornography to report it to law enforcement.
26.The Children's Online Privacy Protection Act of 1998 (COPPA) - ANSWER
✓ Protects children 13 years of age and under from the collection and use of
their personal information by Web sites. This act replaces the Child Online
Protection Act of 1988 (COPA), which was determined to be
unconstitutional.
27.Basis Technology invented an open file standard format with three
variations, all supported by Sleuth Kit and Autopsy. The name of this file
format is what? - ANSWER ✓ The Advanced Forensic Format
28.Most SSDs use which flash memory? - ANSWER ✓ Negated AND
(NAND) gate-based flash memory, which retains memory even without
power.
29.The __________ format is a proprietary format that is defined by Guidance
Software for use in its forensic tool to store hard drive images and individual
files. It includes a hash of the file to ensure nothing was changed when it
was copied from the source. - ANSWER ✓ EnCase
30.What was designed as an area where computer vendors could store data that
is shielded from user activities and operating system utilities, such as delete
and format? - ANSWER ✓ The host protected area (HPA)
31.RAID 0, 1, 3, 5, 6, 10 - ANSWER ✓ · RAID 0 (Disk striping)
· RAID 1 (Disk Mirroring)
· RAID3 or 4 are striped disks with dedicated parity.
· RAID 5 (Striping with distributed parity)
· RAID 6 (Striping with double parity)
· RAID 10 (Striping + Mirroring)
32.What name is given to analysis involving using the native operating system,
on the evidence disk or a forensic duplicate, to peruse the data? - ANSWER
✓ Logical Analysis
Cybersecurity OBJECTIVE ASSESSMENT
ACTUAL EXAM 2025/2026 QUESTIONS
WITH VERIFIED CORRECT SOLUTIONS ||
100% GUARANTEED PASS
<BRAND NEW VERSION>
1. FAT- ANSWER ✓Stores file locations by sector in a file called the file
allocation table. This table contains information about which clusters are
being used by which particular files and which clusters are free to be used.
2. NTFS (New Technology File System) - ANSWER ✓File system used by
Windows NT 4, 2000, XP, Vista, 7, Server 2003, and Server 2008. One
major improvement of this system was the increased volume sizes.
3. Extended file system- ANSWER ✓System created specifically for Linux.
There have been many versions; the current version is 4.
4. ReiserFS- ANSWER ✓Popular journaling file system, used primarily with
Linux. It was the first file system to be included with the standard Linux
kernel, and first appeared in kernel version 2.4.1.
5. The Berkeley Fast File System- ANSWER ✓This is also known as the
UNIX file system. Uses a bitmap to track free clusters, indicating which
clusters are available and which are not.
,6. Data hiding- ANSWER ✓Storage of data where an investigator is unlikely
to find it.
7. Data transformation- ANSWER ✓Disguising the meaning of information.
8. Data contraception- ANSWER ✓Storage of data where a forensic specialist
cannot analyze it.
9. Data fabrication- ANSWER ✓Uses false positives and false leads
extensively.
10.File system alteration- ANSWER ✓Corruption of data structures and files
that organize data.
11.Documentary evidence- ANSWER ✓data stored as written matter, on paper
or in electronic files. THIS includes memory-resident data and computer
files. Examples are e-mail messages, logs, databases, photographs, and
telephone call-detail records. Investigators must authenticate documentary
evidence.
12.Testimonial evidence- ANSWER ✓information that forensic specialists use
to support or interpret real or documentary evidence. For example, they may
employ THIS to demonstrate that the fingerprints found on a keyboard are
those of a specific individual. Or system access controls might show that a
particular user stored specific photographs on a desktop.
13.Demonstrative evidence- ANSWER ✓information that helps explain other
evidence. An example is a chart that explains a technical concept to the
judge and jury. Forensic specialists must often provide testimony to support
the conclusions of their analyses. For example, a member of an incident
response team might be required to testify that he or she identified the
computer program that deleted customer records at a specified date and time.
14.sector- ANSWER ✓the basic unit of data storage on a hard disk, which is
usually 512 bytes
15.The premier federal agency tasked with combating cybercrime. - ANSWER
✓The United States Secret Service
,16.Internet forensics- ANSWER ✓the process of piecing together where and
when a user has been on the Internet. For example, you can use THIS to
determine whether inappropriate Internet content access and downloading
were accidental.
17.Malware forensics is also known as- ANSWER ✓software forensics.
18.Anti-forensics - ANSWER ✓ The actions that perpetrators take to conceal
their locations, activities, or identities.
19.Cell-phone forensics - ANSWER ✓ The process of searching the contents of
cell phones.
20.Chain of custody - ANSWER ✓ The continuity of control of evidence that
makes it possible to account for all that has happened to evidence between
its original collection and its appearance in court, preferably unaltered
21.Computer forensics - ANSWER ✓ The use of analytical and investigative
techniques to identify, collect, examine and preserve computer-based
material for presentation as evidence in a court of law
22.Curriculum Vitae (CV) - ANSWER ✓ An extensive document expounding
one's experience and qualifications for a position, similar to a resume but
with more detail. In academia and expert work, a CV is usually used rather
than a resume
23.The Computer Security Act of 1987 - ANSWER ✓ Passed to improve the
security and privacy of sensitive information in federal computer systems.
The law requires the establishment of minimum acceptable security
practices, creation of computer security plans, and training of system users
or owners of facilities that house sensitive information.
24.The Foreign Intelligence Surveillance Act of 1978 (FISA) - ANSWER ✓ A
law that allows for collection of "foreign intelligence information" between
foreign powers and agents of foreign powers using physical and electronic
surveillance. A warrant is issued by a special court created by this Act for
actions under this Act.
, 25.The Child Protection and Sexual Predator Punishment Act of 1998 -
ANSWER ✓ Requires service providers that become aware of the storage or
transmission of child pornography to report it to law enforcement.
26.The Children's Online Privacy Protection Act of 1998 (COPPA) - ANSWER
✓ Protects children 13 years of age and under from the collection and use of
their personal information by Web sites. This act replaces the Child Online
Protection Act of 1988 (COPA), which was determined to be
unconstitutional.
27.Basis Technology invented an open file standard format with three
variations, all supported by Sleuth Kit and Autopsy. The name of this file
format is what? - ANSWER ✓ The Advanced Forensic Format
28.Most SSDs use which flash memory? - ANSWER ✓ Negated AND
(NAND) gate-based flash memory, which retains memory even without
power.
29.The __________ format is a proprietary format that is defined by Guidance
Software for use in its forensic tool to store hard drive images and individual
files. It includes a hash of the file to ensure nothing was changed when it
was copied from the source. - ANSWER ✓ EnCase
30.What was designed as an area where computer vendors could store data that
is shielded from user activities and operating system utilities, such as delete
and format? - ANSWER ✓ The host protected area (HPA)
31.RAID 0, 1, 3, 5, 6, 10 - ANSWER ✓ · RAID 0 (Disk striping)
· RAID 1 (Disk Mirroring)
· RAID3 or 4 are striped disks with dedicated parity.
· RAID 5 (Striping with distributed parity)
· RAID 6 (Striping with double parity)
· RAID 10 (Striping + Mirroring)
32.What name is given to analysis involving using the native operating system,
on the evidence disk or a forensic duplicate, to peruse the data? - ANSWER
✓ Logical Analysis
