WGU Master's Course C702 OA - Forensics and Network
Intrusion FINAL EXAM LATEST VERSION REAL EXAM
QUESTIONS AND CORRECT ANSWERS / WGU C702 EXAM
EXAM QUESTIONS AND ANSWERS | VERIFIED
ANSWERS||BRAND NEW VERSION!!
A Mac computer that does not have removeable batteries is powered on.
Which action must a first responder take to preserve digital evidence
from the computer once volatile information is collected?
A Place the computer in an anti-static bag
B Obtain the IP address of the computer
C Maintain the power with a portable charger
D Press the power switch for 30 seconds
D
What should an investigator do to ensure that a phone serving as
evidence at a crime scene is properly isolated?
A Contact the service provider
B Turn the device off
C Remove the battery
D Use a Faraday bag
D
,First responders arrive at a company and determine that a non-company
Windows 7 computer was used to breach information systems. The
computer is still powered on.
What is the correct procedure for powering off this computer once the
volatile information has been collected?
A Shut down the device by clicking Special Shutdown
B Unplug the electrical cord from the wall socket
C Type Get-Service | Where {$_.status -eq 'running'}
D Press down the Ctrl and L keys simultaneously
B
What is the minimum number of workstations a forensics lab needs?
A One
B Two
C Three
D Four
B
Which function does the BIOS parameter block (BPB) handle for the hard
disk?
A Describes the physical layout and volume partitions
B Specifies the location of the operating system
C Initializes code that executes after powering the firmware interface
D Interprets the boot configuration data and selects boot policy
A
,How does RAID 3 store information?
A Information is written on a minimum of two drives for quick reading
and writing of data.
B Data is mirrored on two drives to improve the speed of retrieving
information and resilience.
C Information is written at byte level across multiple drives, but only
one is dedicated for parity.
D Information is stored on multiple drives, with floating parity for
improved performance and resilience.
C
Which file system is on a system with MacOS installed?
A New Technology File System (NTFS)
B Hierarchical File System Plus (HFS+)
C Extended file system (EXT)
D Z File System (ZFS)
B
Where should an investigator search for details of activities that have
taken place in an SQL database?
A Primary data files (MDF)
B Secondary data files (NDF)
C Data definition language (DDL) files
D Transaction log data files (LDF)
D
, Which command line utility enables an investigator to analyze privileges
assigned to database files?
A DBINFO
B SHOWFILESTATS
C mysqldump
D mysqlaccess
D
The following is the header from a threatening email:
Received: from Mailhost.big-isp.com(mailhost.big-isp.com
[124.53.112.16]) by Mailhost.gigantic-isp.com (8.8.5/8.7.2)
Received: from mail.biedburz.usa
(mail.biedburz.usa
[124.211.3.88]) by Mailhost.big-
isp.com (10.5.2/10.4.1) With
ESMTP id LAA20869 for
; Tue,
Jan 26 2016 14:39:24 -0800
(PST)
What is the name of the server that sent the message?
A Mail.biedburz.usa
B Mailhost.big-isp.com
C Mailhost.gigantic-isp.com
D
A
Intrusion FINAL EXAM LATEST VERSION REAL EXAM
QUESTIONS AND CORRECT ANSWERS / WGU C702 EXAM
EXAM QUESTIONS AND ANSWERS | VERIFIED
ANSWERS||BRAND NEW VERSION!!
A Mac computer that does not have removeable batteries is powered on.
Which action must a first responder take to preserve digital evidence
from the computer once volatile information is collected?
A Place the computer in an anti-static bag
B Obtain the IP address of the computer
C Maintain the power with a portable charger
D Press the power switch for 30 seconds
D
What should an investigator do to ensure that a phone serving as
evidence at a crime scene is properly isolated?
A Contact the service provider
B Turn the device off
C Remove the battery
D Use a Faraday bag
D
,First responders arrive at a company and determine that a non-company
Windows 7 computer was used to breach information systems. The
computer is still powered on.
What is the correct procedure for powering off this computer once the
volatile information has been collected?
A Shut down the device by clicking Special Shutdown
B Unplug the electrical cord from the wall socket
C Type Get-Service | Where {$_.status -eq 'running'}
D Press down the Ctrl and L keys simultaneously
B
What is the minimum number of workstations a forensics lab needs?
A One
B Two
C Three
D Four
B
Which function does the BIOS parameter block (BPB) handle for the hard
disk?
A Describes the physical layout and volume partitions
B Specifies the location of the operating system
C Initializes code that executes after powering the firmware interface
D Interprets the boot configuration data and selects boot policy
A
,How does RAID 3 store information?
A Information is written on a minimum of two drives for quick reading
and writing of data.
B Data is mirrored on two drives to improve the speed of retrieving
information and resilience.
C Information is written at byte level across multiple drives, but only
one is dedicated for parity.
D Information is stored on multiple drives, with floating parity for
improved performance and resilience.
C
Which file system is on a system with MacOS installed?
A New Technology File System (NTFS)
B Hierarchical File System Plus (HFS+)
C Extended file system (EXT)
D Z File System (ZFS)
B
Where should an investigator search for details of activities that have
taken place in an SQL database?
A Primary data files (MDF)
B Secondary data files (NDF)
C Data definition language (DDL) files
D Transaction log data files (LDF)
D
, Which command line utility enables an investigator to analyze privileges
assigned to database files?
A DBINFO
B SHOWFILESTATS
C mysqldump
D mysqlaccess
D
The following is the header from a threatening email:
Received: from Mailhost.big-isp.com(mailhost.big-isp.com
[124.53.112.16]) by Mailhost.gigantic-isp.com (8.8.5/8.7.2)
Received: from mail.biedburz.usa
(mail.biedburz.usa
[124.211.3.88]) by Mailhost.big-
isp.com (10.5.2/10.4.1) With
ESMTP id LAA20869 for
; Tue,
Jan 26 2016 14:39:24 -0800
(PST)
What is the name of the server that sent the message?
A Mail.biedburz.usa
B Mailhost.big-isp.com
C Mailhost.gigantic-isp.com
D
A
