C702 Study Guide Exam Questions And All Correct Answers.
6 views 0 purchase
Course
WGU C702
Institution
WGU C702
Which documentation should a forensic examiner prepare prior to a dynamic analysis? - Answer The full path and location of the file being investigated
What allows for a lawful search to be conducted without a warrant or probable cause? - Answer Consent of person with authority
A forensi...
C702 Study Guide Exam Questions And
All Correct Answers.
Which documentation should a forensic examiner prepare prior to a dynamic analysis? - Answer The
full path and location of the file being investigated
What allows for a lawful search to be conducted without a warrant or probable cause? - Answer
Consent of person with authority
A forensic investigator is tasked with retrieving evidence where the primary server has been erased. The
investigator needs to rely on network logs and backup tapes to base their conclusions on while testifying
in court. Which information found in rules of evidence, Rule 1001, helps determine if this testimony is
acceptable to the court? - Answer Definition of original evidence
When can a forensic investigator collect evidence without formal consent? - Answer When properly
worded banners are displayed on the computer screen
Who determines whether a forensic investigation should take place if a situation is undocumented in the
standard operating procedures? - Answer Decision maker
Which situation leads to a civil investigation? - Answer Disputes between two parties that relate to a
contract violation
Which rule does a forensic investigator need to follow? - Answer Use well-known standard procedures
What is the focus of Locard's exchange principle? - Answer Anyone entering a crime scene takes
something with them and leaves something behind.
What is the focus of the enterprise theory of investigation (ETI)? - Answer Solving one crime can tie it
back to a criminal organization's activities.
, A forensic investigator is searching a Windows XP computer image for information about a deleted Word
document. The investigator already viewed the sixth file that was deleted from the computer. Two
additional files were deleted. What is the name of the last file the investigator opens? - Answer
$R7.doc
What is a benefit of a web application firewall (WAF)? - Answer Acts as a reverse proxy to inspect all
HTTP traffic
How does a hacker bypass a web application firewall (WAF) with the toggle case technique? - Answer
By randomly capitalizing some of the characters
During a recent scan of a network, a network administrator sent ICMP echo 8 packets to each IP address
being used in the network. The ICMP echo 8 packets contained an invalid media access control (MAC)
address. Logs showed that one device replied with ICMP echo 0 packets. What does the reply from the
single device indicate? - Answer The machine is in promiscuous mode.
What is the goal for an attacker using a directory traversal attack? - Answer To access areas in the
system in which the attacker should not have access
A forensic investigator is performing malware analysis on a Windows computer. The investigator believes
malware has replaced the legitimate drivers with fake versions. What should the investigator look at to
confirm these suspicions? - Answer The digital signatures on the drivers
Where should an investigator look in the registry to find artifacts if there is malware on a Windows
system? - Answer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Company A is using Company B to host data. Company A lets Company B perform all the daily activities
of managing the data. Company A's customers are unaware of the security procedures Company B uses
to host the data. Which threat does this depict? - Answer Unknown risk profile
Which type of information can a forensic investigator find in a common metadata field for a file? -
Answer Network name
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TestSolver9. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
