WGU C702 CHFI And OA EXAM QUESTIONS AND ANSWERS

WGU C702 CHFI And OA EXAM
QUESTIONS AND ANSWERS

/. Which of the following is true regarding computer forensics? - Answer-Computer
forensics deals with the process of finding evidence related to a digital crime to find the
culprits and initiate legal action against them.

/.Which of the following is NOT a objective of computer forensics? - Answer-Document
vulnerabilities allowing further loss of intellectual property, finances, and reputation
during an attack.

/.Which of the following is true regarding Enterprise Theory of Investigation (ETI)? -
Answer-It adopts a holistic approach toward any criminal activity as a criminal operation
rather as a single criminal act.

/.Forensic readiness refers to: - Answer-An organization's ability to make optimal use of
digital evidence in a limited time period and with minimal investigation costs.

/.Which of the following is NOT a element of cybercrime? - Answer-Evidence smaller in
size.

/.Which of the following is true of cybercrimes? - Answer-Investigators, with a warrant,
have the authority to forcibly seize the computing devices.

/.Which of the following is true of cybercrimes? - Answer-The initial reporting of the
evidence is usually informal.

/.Which of the following is NOT a consideration during a cybercrime investigation? -
Answer-Value or cost to the victim.

/.Which of the following is a user-created source of potential evidence? - Answer-
Address book.

/.Which of the following is a computer-created source of potential evidence? - Answer-
Swap file.

/.Which of the following is NOT where potential evidence may be located? - Answer-
Processor.

/.Under which of the following conditions will duplicate evidence NOT suffice? - Answer-
When original evidence is in possession of the originator.

,/.Which of the following Federal Rules of Evidence governs proceedings in the courts of
the United States? - Answer-Rule 101.

/.Which of the following Federal Rules of Evidence ensures that the truth may be
ascertained and the proceedings justly determined? - Answer-Rule 102.

/.Which of the following Federal Rules of Evidence contains rulings on evidence? -
Answer-Rule 103

/.Which of the following Federal Rules of Evidence states that the court shall restrict the
evidence to its proper scope and instruct the jury accordingly? - Answer-Rule 105

/.Which of the following refers to a set of methodological procedures and techniques to
identify, gather, preserve, extract, interpret, document, and present evidence from
computing equipment in such a manner that the discovered evidence is acceptable
during a legal and/or administrative proceeding in a court of law? - Answer-Computer
Forensics.

/.Computer Forensics deals with the process of finding _____ related to a digital crime
to find the culprits and initiate legal action against them. - Answer-Evidence.

/.Minimizing the tangible and intangible losses to the organization or an individual is
considered an essential computer forensics use. - Answer-True.

/.Cybercrimes can be classified into the following two types of attacks, based on the line
of attack. - Answer-Internal and External.

/.Espionage, theft of intellectual property, manipulation of records, and trojan horse
attacks are examples of what? - Answer-Insider attack or primary attacks.

/.External attacks occur when there are inadequate information-security policies and
procedures. - Answer-True.

/.Which type of cases involve disputes between two parties? - Answer-Civil.

/.A computer forensic examiner can investigate any crime as long as he or she takes
detailed notes and follows the appropriate processes. - Answer-False.

/.________ is the standard investigative model used by the FBI when conducting
investigations against major criminal organizations. - Answer-Enterprise Theory of
Investigation (ETI).

/.Forensic readiness includes technical and nontechnical actions that maximize an
organization's competence to use digital evidence. - Answer-True.

, /.Which of the following is the process of developing a strategy to address the
occurrence of any security breach in the system or network? - Answer-Incident
Response.

/.Digital devices store data about session such as user and type of connection. -
Answer-True.

/.Codes of ethics are the principles stated to describe the expected behavior of an
investigator while handling a case. Which of the following is NOT a principle that a
computer forensic investigator must follow? - Answer-Provide personal or prejudiced
opinions.

/.What must an investigator do in order to offer a good report to a court of law and ease
the prosecution? - Answer-Preserve the evidence.

/.What is the role of an expert witness? - Answer-To educate the public and court.

/.Which of the following is NOT a legitimate authorizer of a search warrant? - Answer-
First Responder.

/.Under which of the following circumstances has a court of law allowed investigators to
perform searches without a warrant? - Answer-Delay in obtaining a warrant may lead to
the destruction of evidence and hamper the investigation process.

/.Which of the following should be considered before planning and evaluating the
budget for the forensic investigation case? - Answer-Breakdown of costs into daily and
annual expenditure.

/.Which of the following should be physical location and structural design considerations
for forensics labs? - Answer-Lab exteriors should have no windows.

/.Which of the following should be work area considerations for forensics labs? -
Answer-Examiner station has an area of about 50-63 square feet.

/.Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - Answer-Testify as an expert defendant.

/.Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - Answer-Destroy the evidence.

/.Investigators can immediately take action after receiving a report of a security incident.
- Answer-False.

/.In forensics laws, "authenticating or identifying evidences" comes under which rule? -
Answer-Rule 901.