2024 WGU C702 EXAM WITH
CORRECT ANSWERS
A software company suspects that employees have set up automatic
corporate email forwarding to their personal inboxes against company policy.
The company hires forensic investigators to identify the employees violating
policy, with the intention of issuing warnings to them.
Which type of cybercrime investigation approach is this company taking?
Civil
Criminal
Administrative
Punitive - CORRECT-ANSWERSAdministrative
Which model or legislation applies a holistic approach toward any criminal
activity as a criminal operation?
Enterprise Theory of Investigation
Racketeer Influenced and Corrupt Organizations Act
Evidence Examination
Law Enforcement Cyber Incident Reporting - CORRECT-ANSWERSEnterprise
Theory of Investigation
Which hexadecimal value should an investigator search for to find JPEG
images on a device?
0x424D
0xD0CF11E0A1B11AE1
0x504B030414000600
0xFFD8 - CORRECT-ANSWERS0xFFD8
Which type of steganography allows the user to physically move a file but
keep the associated files in their original location for recovery?
Whitespace
Folder
Image
Web - CORRECT-ANSWERSFolder
, An employee steals a sensitive text file by embedding it into a PNG file. The
employee then sends this file via an instant chat message to an accomplice.
Which type of steganography did this employee use?
Document
Image
Text
Web - CORRECT-ANSWERSImage
A first responder arrives at an active crime scene that has several mobile
devices.
What should this first responder do while securing the crime scene?
Leave the devices in the state they are in and put them in anti-static bags
Turn on the devices and review recently accessed data
Turn off the devices to preserve the volatile memory
Leave the devices as found and fill out chain of custody paperwork -
CORRECT-ANSWERSLeave the devices as found and fill out chain of custody
paperwork
What is a responsibility of the first responder at a crime scene?
Package and transport the evidence
Identify the presence of rootkits on the evidence
Decrypt the evidence by cracking passwords
Detect malware present on the evidence - CORRECT-ANSWERSPackage and
transport the evidence
Which step preserves the forensic integrity of volatile evidence when a
device is discovered in the powered-on state?
Documenting the procedures for shutting down the system
Collecting information with a secure command shell
Using the built-in backup utility to gather information
Copying the file with the keyboard shortcut Ctrl+C - CORRECT-
ANSWERSCollecting information with a secure command shell
Which action maintains the integrity of evidence when a forensic laptop is
used to acquire data from a compromised computer?
Connecting the machines with a straight through cable
Connecting the machines with a crossover cable
Enabling a hardware write blocker
CORRECT ANSWERS
A software company suspects that employees have set up automatic
corporate email forwarding to their personal inboxes against company policy.
The company hires forensic investigators to identify the employees violating
policy, with the intention of issuing warnings to them.
Which type of cybercrime investigation approach is this company taking?
Civil
Criminal
Administrative
Punitive - CORRECT-ANSWERSAdministrative
Which model or legislation applies a holistic approach toward any criminal
activity as a criminal operation?
Enterprise Theory of Investigation
Racketeer Influenced and Corrupt Organizations Act
Evidence Examination
Law Enforcement Cyber Incident Reporting - CORRECT-ANSWERSEnterprise
Theory of Investigation
Which hexadecimal value should an investigator search for to find JPEG
images on a device?
0x424D
0xD0CF11E0A1B11AE1
0x504B030414000600
0xFFD8 - CORRECT-ANSWERS0xFFD8
Which type of steganography allows the user to physically move a file but
keep the associated files in their original location for recovery?
Whitespace
Folder
Image
Web - CORRECT-ANSWERSFolder
, An employee steals a sensitive text file by embedding it into a PNG file. The
employee then sends this file via an instant chat message to an accomplice.
Which type of steganography did this employee use?
Document
Image
Text
Web - CORRECT-ANSWERSImage
A first responder arrives at an active crime scene that has several mobile
devices.
What should this first responder do while securing the crime scene?
Leave the devices in the state they are in and put them in anti-static bags
Turn on the devices and review recently accessed data
Turn off the devices to preserve the volatile memory
Leave the devices as found and fill out chain of custody paperwork -
CORRECT-ANSWERSLeave the devices as found and fill out chain of custody
paperwork
What is a responsibility of the first responder at a crime scene?
Package and transport the evidence
Identify the presence of rootkits on the evidence
Decrypt the evidence by cracking passwords
Detect malware present on the evidence - CORRECT-ANSWERSPackage and
transport the evidence
Which step preserves the forensic integrity of volatile evidence when a
device is discovered in the powered-on state?
Documenting the procedures for shutting down the system
Collecting information with a secure command shell
Using the built-in backup utility to gather information
Copying the file with the keyboard shortcut Ctrl+C - CORRECT-
ANSWERSCollecting information with a secure command shell
Which action maintains the integrity of evidence when a forensic laptop is
used to acquire data from a compromised computer?
Connecting the machines with a straight through cable
Connecting the machines with a crossover cable
Enabling a hardware write blocker
