1|Page
WGU Master's Course C702 - Forensics and Network
Intrusion (2025) comprehensive questions and
verified detailed solutions ( MULTIPLE CHOICES)
|100% CORRECT!!
A software company suspects that employees have set up automatic corporate
email forwarding to their personal inboxes against company policy. The company
hires forensic investigators to identify the employees violating policy, with the
intention of issuing warnings to them.
Which type of cybercrime investigation approach is this company taking?
A Civil
B Criminal
C Administrative
D Punitive - (answer)C
Which model or legislation applies a holistic approach toward any criminal activity
as a criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting - (answer)A
,2|Page
What does a forensic investigator need to obtain before seizing a computing
device in a criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission - (answer)A
Which activity should be used to check whether an application has ever been
installed on a computer?
A Penetration test
B Risk analysis
C Log review
D Security review - (answer)C
Which characteristic describes an organization's forensic readiness in the context
of cybercrimes?
A It includes moral considerations.
B It includes cost considerations.
C It excludes nontechnical actions.
D It excludes technical actions. - (answer)B
,3|Page
A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick
containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in evidence?
A Those who obtain access to the device
B Anyone who has ever used the device
C Recipients of emails on the device
D Authors of emails on the device - (answer)A
Which type of attack is a denial-of-service technique that sends a large amount of
data to overwhelm system resources?
A Phishing
B Spamming
C Mail bombing
D Bluejacking - (answer)C
Which computer crime forensics step requires an investigator to duplicate and
image the collected digital information?
A Securing evidence
, 4|Page
B Acquiring data
C Analyzing data
D Assessing evidence - (answer)B
What is the last step of a criminal investigation that requires the involvement of a
computer forensic investigator?
A Analyzing the data collected
B Testifying in court
C Assessing the evidence
D Performing search and seizure - (answer)B
How can a forensic investigator verify an Android mobile device is on, without
potentially changing the original evidence or interacting with the operating
system?
A Check to see if it is plugged into a computer
B Tap the screen multiple times
C Look for flashing lights
D Hold down the power button - (answer)C
What should a forensic investigator use to protect a mobile device if a Faraday
bag is not available?
WGU Master's Course C702 - Forensics and Network
Intrusion (2025) comprehensive questions and
verified detailed solutions ( MULTIPLE CHOICES)
|100% CORRECT!!
A software company suspects that employees have set up automatic corporate
email forwarding to their personal inboxes against company policy. The company
hires forensic investigators to identify the employees violating policy, with the
intention of issuing warnings to them.
Which type of cybercrime investigation approach is this company taking?
A Civil
B Criminal
C Administrative
D Punitive - (answer)C
Which model or legislation applies a holistic approach toward any criminal activity
as a criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting - (answer)A
,2|Page
What does a forensic investigator need to obtain before seizing a computing
device in a criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission - (answer)A
Which activity should be used to check whether an application has ever been
installed on a computer?
A Penetration test
B Risk analysis
C Log review
D Security review - (answer)C
Which characteristic describes an organization's forensic readiness in the context
of cybercrimes?
A It includes moral considerations.
B It includes cost considerations.
C It excludes nontechnical actions.
D It excludes technical actions. - (answer)B
,3|Page
A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick
containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in evidence?
A Those who obtain access to the device
B Anyone who has ever used the device
C Recipients of emails on the device
D Authors of emails on the device - (answer)A
Which type of attack is a denial-of-service technique that sends a large amount of
data to overwhelm system resources?
A Phishing
B Spamming
C Mail bombing
D Bluejacking - (answer)C
Which computer crime forensics step requires an investigator to duplicate and
image the collected digital information?
A Securing evidence
, 4|Page
B Acquiring data
C Analyzing data
D Assessing evidence - (answer)B
What is the last step of a criminal investigation that requires the involvement of a
computer forensic investigator?
A Analyzing the data collected
B Testifying in court
C Assessing the evidence
D Performing search and seizure - (answer)B
How can a forensic investigator verify an Android mobile device is on, without
potentially changing the original evidence or interacting with the operating
system?
A Check to see if it is plugged into a computer
B Tap the screen multiple times
C Look for flashing lights
D Hold down the power button - (answer)C
What should a forensic investigator use to protect a mobile device if a Faraday
bag is not available?
