WGU Master's Course C702 - Forensics and Network Intrusion Questions And Answers 2022/2023 (All Verified) 100%

WGU Master's Course C702 - Forensics and Network Intrusion Questions And Answers 2022/2023 (All Verified) 100% A software company suspects that employees have set up automatic corporate email forwarding to their personal inboxes against company policy. The company hires forensic investigators to identify the employees violating policy, with the intention of issuing warnings to them. Which type of cybercrime investigation approach is this company taking? A Civil B Criminal C Administrative D Punitive C Which model or legislation applies a holistic approach toward any criminal activity as a criminal operation? A Enterprise Theory of Investigation B Racketeer Influenced and Corrupt Organizations Act C Evidence Examination D Law Enforcement Cyber Incident Reporting A What does a forensic investigator need to obtain before seizing a computing device in a criminal case? A Court warrant B Completed crime report C Chain of custody document D Plaintiff's permission A Which activity should be used to check whether an application has ever been installed on a computer? A Penetration test B Risk analysis C Log review D Security review C Which characteristic describes an organization's forensic readiness in the context of cybercrimes? A It includes moral considerations. B It includes cost considerations. C It excludes nontechnical actions. D It excludes technical actions. B A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick containing emails as a primary piece of evidence. Who must sign the chain of custody document once the USB stick is in evidence? A Those who obtain access to the device B Anyone who has ever used the device C Recipients of emails on the device D Authors of emails on the device A Which type of attack is a denial-of-service technique that sends a large amount of data to overwhelm system resources? A Phishing B Spamming C Mail bombing D Bluejacking C Which computer crime forensics step requires an investigator to duplicate and image the collected digital information? A Securing evidence B Acquiring data C Analyzing data D Assessing evidence B What is the last step of a criminal investigation that requires the involvement of a computer forensic investigator? A Analyzing the data collected B Testifying in court C Assessing the evidence D Performing search and seizure B How can a forensic investigator verify an Android mobile device is on, without potentially changing the original evidence or interacting with the operating system? A Check to see if it is plugged into a computer B Tap the screen multiple times C Look for flashing lights D Hold down the power button C What should a forensic investigator use to protect a mobile device if a Faraday bag is not available? A Aluminum foil B Sturdy container C Cardboard box D Bubble wrap A Which criterion determines whether a technology used by government to obtain information in a computer search is considered innovative and requires a search warrant? A Availability to the general public B Dependency on third-party software C Implementation based on open source software D Use of cloud-based machine learning A Which situation allows a law enforcement officer to seize a hard drive from a residence without obtaining a search warrant? A The computer is left unattended. B The front door is wide open. C The occupant is acting suspicious. D The evidence is in imminent danger. D Which legal document contains a summary of findings and is used to prosecute? A Investigation report B Search warrant C Search and seizure D Chain of custody A What should an investigator use to prevent any signals from reaching a mobile phone? A Faraday bag B Dry bag C Anti-static container D Lock box A A forensic investigator is called to the stand as a technical witness in an internet payment fraud case. Which behavior is considered ethical by this investigator while testifying? A Providing and explaining facts found during the investigation B Interpreting the findings and offering a clear opinion to the jury C Helping the jury arrive at a conclusion based on the facts D Assisting the attorney in compiling a list of essential questions A A government agent is testifying in a case involving malware on a system. What should this agent have complied with during search and seizure? A Fourth Amendment B Stored Communications Act C Net Neutrality Bill D Federal Rules of Evidence A Which path should a forensic investigator use to look for system logs in a Mac? A /var/log/cups/access_log B /var/log/ C /var/audit/ D /var/log/ B Which tool should a forensic investigator use to view information from Linux kernel ring buffers? A arp B dmesg C fsck D grep B A forensic investigator makes a bit-stream copy of a Windows hard drive that has been reformatted. The investigator needs to locate only the Adobe PDF files on the hard drive. Which tool should this investigator use? A Quick Recovery B Handy Recovery C EaseUS Data Recovery D Stellar Data Recovery C Which hexadecimal value should an investigator search for to find JPEG images on a device? A 0x424D B 0xD0CF11E0A1B11AE1 C 0x504B D 0xFFD8 D Which type of steganography allows the user to physically move a file but keep the associated files in their original location for recovery? A Whitespace B Folder C Image D Web B An employee steals a sensitive text file by embedding it into a PNG file. The employee then sends this file via an instant chat message to an accomplice. Which type of steganography did this employee use? A Document B Image C Text D Web B Which method is used when an investigator has access to the plaintext and an image file with the hidden information? A Stego-only B Known-stego C Known-message D Chosen-message C Which method is used when an investigator takes a plaintext message, uses various tools against it, and finds the algorithm used to hide information? A Stego-only B Known-stego C Known-message D Chosen-message D Which operating system is targeted by the DaveGrohl password cracker? A Linux B OS X C UNIX D Windows B Which password cracker is used to recover passwords on an OS X operating system? A Cain and Abel B DaveGrohl C L0phtCrack D Ophcrack B Which tool allows a forensic investigator to process Transmission Control Protocol (TCP) streams for analysis of malicious traffic? A Kibana B OSSEC C Syslog-ng D Wireshark D Which tool allows an investigator to review or process information in a Windows environment but does not rely on the Windows API? A EnCase B netstat C dd D LogMeister A A computer forensic investigator finds an unauthorized wireless access point connected to an organization's network switch. This access point's wireless network has a random name with a hidden service set identifier (SSID). What is this set-up designed to do? A Create a backdoor that a perpetrator can use by connecting wirelessly to the network B Jam the wireless signals to stop all legitimate traffic from using the wireless network C Activate the wireless cards in the laptops of victims to gain access to their data and network D Transmit high-power signals that force users to connect to the rogue wireless network A Which web-based application attack corrupts the execution stack of a web application? A Buffer overflow B Cookie poisoning C SQL injection D Denial-of-service A An employee is accused of sending a threatening email through Microsoft Exchange. Which file extension should the investigator search for to find the archived message on the server? A .DB B .NSF C .PST D .EDB D Investigators do not have physical access to the computer of the victim of an email crime. Which task should these investigators instruct the victim to perform in order to identify the sending email server? A Provide the email body B Provide the email header C Run Aid4Mail Email Forensics D Run Email Address Verifier B Which tool should a forensic investigator use on a Windows computer to locate all the data on a computer disk, protect evidence, and create evidentiary reports for use in legal proceedings? A Wireshark B OmniPeek C ProDiscover D Capsa C What is the purpose of hashing tools during data acquisition? A Dumping the original RAM contents to a forensically sterile removable device B Enabling write protection on the original media to preserve the original evidence C Validating the collected digital evidence by comparing the original and copied file message digests D Creating a replica of the original source to prevent the inadvertent alteration of the original C Which software-based tool is used to prevent writes to storage devices on a computer? A CRU WiebeTech B ILook Investigator C SAFE Block D USB WriteBlocker C Which tool should a forensic team use to research unauthorized changes in a database? A ApexSQL DBA B Gargoyle Investigator Forensic Pro C LSASecretsView D RSA NetWitness Investigator A Which graphical tool should investigators use to identify publicly available information about a public IP address? A AWStats B GoAccess C SmartWhois D NsLookup C Which tool is used to search and analyze PC messaging logs? A Chat Stick B File Viewer C SnowBatch D Zamzar A Which forensic tool allows an investigator to acquire database files for analysis from a mobile device? A Andriller B Volatility C WinDump D Tripwire A A first responder arrives at an active crime scene that has several mobile devices. What should this first responder do while securing the crime scene? A Leave the devices in the state they are in and put them in anti-static bags B Turn on the devices and review recently accessed data C Turn off the devices to preserve the volatile memory D Leave the devices as found and fill out chain of custody paperwork D What is a responsibility of the first responder at a crime scene? A Package and transport the evidence B Identify the presence of rootkits on the evidence C Decrypt the evidence by cracking passwords D Detect malware present on the evidence A Which step preserves the forensic integrity of volatile evidence when a device is discovered in the powered-on state? A Documenting the procedures for shutting down the system B Collecting information with a secure command shell C Using the built-in backup utility to gather information D Copying the file with the keyboard shortcut Ctrl+C B Which action maintains the integrity of evidence when a forensic laptop is used to acquire data from a compromised computer? A Connecting the machines with a straight through cable B Connecting the machines with a crossover cable C Enabling a hardware write blocker D Enabling administrative control C What should an investigator do while collecting evidence from a device? A Turn off the computer to protect the data B Install antivirus software to protect information C Begin documenting the chain of custody D Close any open documents and applications C Why should investigators use the bit-stream disk-to-disk data acquisition method rather than the disk-to-image method? A Ensures that integrity is not compromised B Preserves the required chain of custody C Addresses potential errors and incompatibilities D Avoids the possibility of running out of space C Which anti-forensic defense technique allows a forensic investigator to determine if the system's kernel is compromised? A Performing a brute-force attack B Conducting steganalysis