WGU C702 CHFI and OA Questions and Answers with Complete Solution
Which of the following is true regarding computer forensics? -Ans>>Computer forensics deals with
the process of finding evidence related to a digital crime to find the culprits and initiate legal action
against them.
Which of the following is NOT a objective of computer forensics? -Ans>>Document vulnerabilities
allowing further loss of intellectual property, finances, and reputation during an attack.
Which of the following is true regarding Enterprise Theory of Investigation (ETI)? -Ans>>It adopts a
holistic approach toward any criminal activity as a criminal operation rather as a single criminal act.
Forensic readiness refers to: -Ans>>An organization's ability to make optimal use of digital evidence in
a limited time period and with minimal investigation costs.
Which of the following is NOT a element of cybercrime? -Ans>>Evidence smaller in size.
Which of the following is true of cybercrimes? -Ans>>Investigators, with a warrant, have the authority
to forcibly seize the computing devices.
Which of the following is true of cybercrimes? -Ans>>The initial reporting of the evidence is usually
informal.
Which of the following is NOT a consideration during a cybercrime investigation? -Ans>>Value or cost
to the victim.
Which of the following is a user-created source of potential evidence? -Ans>>Address book.
Which of the following is a computer-created source of potential evidence? -Ans>>Swap file.
Which of the following is NOT where potential evidence may be located? -Ans>>Processor.
Under which of the following conditions will duplicate evidence NOT suffice? -Ans>>When original
evidence is in possession of the originator.
Which of the following Federal Rules of Evidence governs proceedings in the courts of the United
States? -Ans>>Rule 101.
Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the
proceedings justly determined? -Ans>>Rule 102.
Which of the following Federal Rules of Evidence contains rulings on evidence? -Ans>>Rule 103
Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its
proper scope and instruct the jury accordingly? -Ans>>Rule 105
Which of the following refers to a set of methodological procedures and techniques to identify, gather,
preserve, extract, interpret, document, and present evidence from computing equipment in such a
manner that the discovered evidence is acceptable during a legal and/or administrative proceeding in
a court of law? -Ans>>Computer Forensics.
Computer Forensics deals with the process of finding _____ related to a digital crime to find the
culprits and initiate legal action against them. -Ans>>Evidence.
Minimizing the tangible and intangible losses to the organization or an individual is considered an
essential computer forensics use. -Ans>>True.
, Cybercrimes can be classified into the following two types of attacks, based on the line of attack. -
Ans>>Internal and External.
Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are
examples of what? -Ans>>Insider attack or primary attacks.
External attacks occur when there are inadequate information-security policies and procedures. -
Ans>>True.
Which type of cases involve disputes between two parties? -Ans>>Civil.
A computer forensic examiner can investigate any crime as long as he or she takes detailed notes and
follows the appropriate processes. -Ans>>False.
________ is the standard investigative model used by the FBI when conducting investigations against
major criminal organizations. -Ans>>Enterprise Theory of Investigation (ETI).
Forensic readiness includes technical and nontechnical actions that maximize an organization's
competence to use digital evidence. -Ans>>True.
Which of the following is the process of developing a strategy to address the occurrence of any
security breach in the system or network? -Ans>>Incident Response.
Digital devices store data about session such as user and type of connection. -Ans>>True.
Codes of ethics are the principles stated to describe the expected behavior of an investigator while
handling a case. Which of the following is NOT a principle that a computer forensic investigator must
follow? -Ans>>Provide personal or prejudiced opinions.
What must an investigator do in order to offer a good report to a court of law and ease the
prosecution? -Ans>>Preserve the evidence.
What is the role of an expert witness? -Ans>>To educate the public and court.
Which of the following is NOT a legitimate authorizer of a search warrant? -Ans>>First Responder.
Under which of the following circumstances has a court of law allowed investigators to perform
searches without a warrant? -Ans>>Delay in obtaining a warrant may lead to the destruction of
evidence and hamper the investigation process.
Which of the following should be considered before planning and evaluating the budget for the
forensic investigation case? -Ans>>Breakdown of costs into daily and annual expenditure.
Which of the following should be physical location and structural design considerations for forensics
labs? -Ans>>Lab exteriors should have no windows.
Which of the following should be work area considerations for forensics labs? -Ans>>Examiner station
has an area of about 50-63 square feet.
Which of the following is NOT part of the Computer Forensics Investigation Methodology? -
Ans>>Testify as an expert defendant.
Which of the following is NOT part of the Computer Forensics Investigation Methodology? -
Ans>>Destroy the evidence.
Investigators can immediately take action after receiving a report of a security incident. -Ans>>False.
Which of the following is true regarding computer forensics? -Ans>>Computer forensics deals with
the process of finding evidence related to a digital crime to find the culprits and initiate legal action
against them.
Which of the following is NOT a objective of computer forensics? -Ans>>Document vulnerabilities
allowing further loss of intellectual property, finances, and reputation during an attack.
Which of the following is true regarding Enterprise Theory of Investigation (ETI)? -Ans>>It adopts a
holistic approach toward any criminal activity as a criminal operation rather as a single criminal act.
Forensic readiness refers to: -Ans>>An organization's ability to make optimal use of digital evidence in
a limited time period and with minimal investigation costs.
Which of the following is NOT a element of cybercrime? -Ans>>Evidence smaller in size.
Which of the following is true of cybercrimes? -Ans>>Investigators, with a warrant, have the authority
to forcibly seize the computing devices.
Which of the following is true of cybercrimes? -Ans>>The initial reporting of the evidence is usually
informal.
Which of the following is NOT a consideration during a cybercrime investigation? -Ans>>Value or cost
to the victim.
Which of the following is a user-created source of potential evidence? -Ans>>Address book.
Which of the following is a computer-created source of potential evidence? -Ans>>Swap file.
Which of the following is NOT where potential evidence may be located? -Ans>>Processor.
Under which of the following conditions will duplicate evidence NOT suffice? -Ans>>When original
evidence is in possession of the originator.
Which of the following Federal Rules of Evidence governs proceedings in the courts of the United
States? -Ans>>Rule 101.
Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the
proceedings justly determined? -Ans>>Rule 102.
Which of the following Federal Rules of Evidence contains rulings on evidence? -Ans>>Rule 103
Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its
proper scope and instruct the jury accordingly? -Ans>>Rule 105
Which of the following refers to a set of methodological procedures and techniques to identify, gather,
preserve, extract, interpret, document, and present evidence from computing equipment in such a
manner that the discovered evidence is acceptable during a legal and/or administrative proceeding in
a court of law? -Ans>>Computer Forensics.
Computer Forensics deals with the process of finding _____ related to a digital crime to find the
culprits and initiate legal action against them. -Ans>>Evidence.
Minimizing the tangible and intangible losses to the organization or an individual is considered an
essential computer forensics use. -Ans>>True.
, Cybercrimes can be classified into the following two types of attacks, based on the line of attack. -
Ans>>Internal and External.
Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are
examples of what? -Ans>>Insider attack or primary attacks.
External attacks occur when there are inadequate information-security policies and procedures. -
Ans>>True.
Which type of cases involve disputes between two parties? -Ans>>Civil.
A computer forensic examiner can investigate any crime as long as he or she takes detailed notes and
follows the appropriate processes. -Ans>>False.
________ is the standard investigative model used by the FBI when conducting investigations against
major criminal organizations. -Ans>>Enterprise Theory of Investigation (ETI).
Forensic readiness includes technical and nontechnical actions that maximize an organization's
competence to use digital evidence. -Ans>>True.
Which of the following is the process of developing a strategy to address the occurrence of any
security breach in the system or network? -Ans>>Incident Response.
Digital devices store data about session such as user and type of connection. -Ans>>True.
Codes of ethics are the principles stated to describe the expected behavior of an investigator while
handling a case. Which of the following is NOT a principle that a computer forensic investigator must
follow? -Ans>>Provide personal or prejudiced opinions.
What must an investigator do in order to offer a good report to a court of law and ease the
prosecution? -Ans>>Preserve the evidence.
What is the role of an expert witness? -Ans>>To educate the public and court.
Which of the following is NOT a legitimate authorizer of a search warrant? -Ans>>First Responder.
Under which of the following circumstances has a court of law allowed investigators to perform
searches without a warrant? -Ans>>Delay in obtaining a warrant may lead to the destruction of
evidence and hamper the investigation process.
Which of the following should be considered before planning and evaluating the budget for the
forensic investigation case? -Ans>>Breakdown of costs into daily and annual expenditure.
Which of the following should be physical location and structural design considerations for forensics
labs? -Ans>>Lab exteriors should have no windows.
Which of the following should be work area considerations for forensics labs? -Ans>>Examiner station
has an area of about 50-63 square feet.
Which of the following is NOT part of the Computer Forensics Investigation Methodology? -
Ans>>Testify as an expert defendant.
Which of the following is NOT part of the Computer Forensics Investigation Methodology? -
Ans>>Destroy the evidence.
Investigators can immediately take action after receiving a report of a security incident. -Ans>>False.
