WGU C840 Digital Forensics in cybersecurity Actual Final Proficiency Pretest Exam Questions and Verified Answers 2024/2025
8 views 0 purchase
Course
WGU C840
Institution
WGU C840
WGU C840 Digital Forensics in cybersecurity Actual Final Proficiency Pretest Exam Questions and Verified Answers 2024/2025
The process of examining malicious computer code is known as - correct answer Software Forensics
The intentional copy and use of the intellectual property - correct answe...
WGU C840 Digital Forensics in cybersecurity Actual Final
Proficiency Pretest Exam Questions and Verified Answers
2024/2025
The process of examining malicious computer code is known as - correct answer
Software Forensics
The intentional copy and use of the intellectual property - correct answer Data
Piracy
Type of Spyware products - correct answer PowerSpy; Verity; ICU; and Work Time
A good fictitious email get what percent response rate - correct answer 1-3%
Define rules of evidence - correct answer Rules that govern whether, when, how,
and why proof of a legal case can be placed before a judge or jury
Tools that enable an investigator to reconstruct file fragments if files have been
deleted or overwritten. Forensic specialist must therefore have tools that allow
manipulation and evaluation of bit-level information. - correct answer Bit-level
The unused space between the logical end of the file and the physical end of the
file. - correct answer File Slack or Slack Space
Definition of Digital Evidence - correct answer Information that has been
processed and assembled so that it is relevant to an investigation and supports a
specific finding or determination
,Linux Live CD that you use to boot a system and then use the tools. Offers a wide
number of general security and hacking tools. - correct answer BackTrack
Forensics - correct answer the use of science and technology to investigate and
establish facts in criminal or civil courts of law."
Analysis Plan - correct answer What should be created before a forensic
examination can begin. Guides work in the analysis process.
Bit-level information - correct answer information at the level of actual 1s and 0s
stored in memory or on the storage device
You should only touch the actual original evidence any more than you have to,
why - correct answer There is some chance of altering it
What are the three basic task for handling evidence - correct answer 1. Find
Evidence
2. Preserve Evidence
3. Prepare Evidence
Expert Report - correct answer Formal document that details the expert's findings
How many copies of a suspect drive should make to work with - correct answer
Two Copies Each (using different imaging)
What is the four Stage framework for the Scientific Working Group on Digital
Evidence (SWGDE) - correct answer 1. Collect
2. Preserve
,3. Examine
4. Transfer
Forensic certification is open to both the public and private sectors and is specific
to the use and mastery of FTK. Requirements for taking the exam include
completing boot camp and windows forensic courses. - correct answer
AccessData Certified Examiner
Sets the standards for digital evidence processing, analysis, and diagnostics -
correct answer The DoD Cyber Crime Center (DC3)
Involves the authentication of evidence-based on scientific or technical knowledge
relevant to cases - correct answer Expert Testimony
Data that changes rapidly and may be lost when the machine that holds it is
powered down - correct answer Volatile Data
Physical Analysis - correct answer offline analysis conducted on an evidence disk
or forensic duplicate after booting from a CD or another system
Logical analysis - correct answer Analysis involving using the native operating
system, on the evidence disk or a forensic duplicate, to peruse the data
Unallocated Space - correct answer Free space, or the area of a hard drive that
has never been allocated for file storage.
Sweepers or scrubbers - correct answer A kind of software that cleans unallocated
space also called a scrubber
, Basic Input/Output System (BIOS) - correct answer The software built into the
ROM chip that is the first code run by a computer when it is powered on. Its
primary function is to identify and test the devices attached to the computer that
are used to input and output information, such as the keyboard, monitor, hard
drives, serial communications, and so on. Some newer computers, such as Apple
Macintosh computers, use EFI instead of BIOS.
Steganalysis - correct answer the process of analyzing a file or files for hidden
content.
4.7GB - correct answer A one sided DVD (double-sided DVD 9.4GB)
Host Protected Area - correct answer An area where computer vendors could
store data that is protected from user activities and OS utilities such as delete and
format.
MD5sum - correct answer Linux command can be used to create a hash
Swap File - correct answer Windows uses swap files on each system as a "scratch
pad" to write data when additional RAM is required. A swap file is a virtual
Memory extension of RAM.
SHA 1 - correct answer Mostly commonly used hashing algorithm
EnCase - correct answer Format that is defined by guidance software for use in it's
forensic tool to store hard drive images and individual files.
SSD - correct answer What drives can be least susceptible to damage when
dropped
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller KieranKent55. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
