Exam (elaborations)
2024 WGU C702 EXAM QUESTIONS WITH CORRECT ANSWERS
- Course
- Institution
2024 WGU C702 EXAM QUESTIONS WITH CORRECT ANSWERS
[Show more]
Content preview
2024 WGU C702 EXAM QUESTIONSWITH CORRECT ANSWERS
Computer Forensics - CORRECT-ANSWERSA set of methodological
procedures and techniques that help identify, gather, preserve, extract,
interpret, document, and present evidence from computers in a way that is
legally admissible
Cyber Crime - CORRECT-ANSWERSAny illegal act involving a computing
device, network, its systems, or its applications. Both internal and external
Enterprise Theory of Investigation (ETI) - CORRECT-ANSWERSMethodology
for investigating criminal activity
Types of Cyber Crime - CORRECT-ANSWERSCivil, Criminal, Administrative
Forensic Investigation Steps - CORRECT-ANSWERS1. Build a forensics
workstation
2. Build the Investigation Team
3. Review Policies and Laws
4. Authorization
5. Risk Assessment
6. Build a mobile forensics toolkit
Buffer Overflow - CORRECT-ANSWERSOccurs when an application fails to
guard its buffer properly and allows writing beyond its maximum size. As a
result, it overwrites the adjacent memory locations
Cookie Poisoning - CORRECT-ANSWERSRefers to the modification of a cookie
for bypassing security measures or gaining unauthorized information
Information Leakage - CORRECT-ANSWERSUnintentional revelation of
sensitive information to an unauthorized user
Improper Error Handling - CORRECT-ANSWERSWhen a web application is
unable to handle internal errors properly. In such case, the website returns
information such as database dumps, stack traces, and error coder in the
form of errors.
,Broken Account Management - CORRECT-ANSWERSRefers to the vulnerable
account management functions including account update, recover of the
forgotten or lost password or reseting the password
Directory Traversal - CORRECT-ANSWERSWhen attackers gain access to
unauthorized directories by exploiting HTTP. Attackers may execute
commands outside the web server's root directory
SQL Injection - CORRECT-ANSWERSAn attacker can execute malicious SQL
statements that control a web application's database server
Parameter/Form Tempering - CORRECT-ANSWERSmanipulating the
communication parameters exchanged between the client and server to
make changes in the application data. A Man in the Middle (MitM) is one of
the examples of this type of attack.
Cross Site Scripting (XSS) - CORRECT-ANSWERSwhenever an application
takes untrusted dataand sends it to a web browser without proper validation
or escaping. XSS allows attackers to execute scripts in the victim's browser
which can hijack user sessions, deface web sites, or redirect the user to
malicious sites.
Injection Flaws - CORRECT-ANSWERSAttackers inject malicious code,
commands or scripts into the input gates of flawed web applications in such
a way that the applications interpret and run the malicious input, which in
turn allows them to extract sensitive information
Cross Site Request Forgery (CSRF) - CORRECT-ANSWERSforces a logged-on
victim's browser to send a forged HTTP request, including the victim's
session cookie and any other automatically included authentication
information, to a vulnerable web application. This allows the attacker to force
the victim's browser to generate requests the vulnerable application thinks
are legitimate requests from the victim.
Broken Access Control - CORRECT-ANSWERSan attacker identifies a flaw
related to access control and bypasses the authentication, and then
compromises the network.
NIST SP 800-145 - CORRECT-ANSWERSdefines cloud computing
Email Message Parts - CORRECT-ANSWERSHeader
Body
Signature
The Daubert Standard - CORRECT-ANSWERSStandard used by a trial judge to
make a preliminary assessment of whether an expert's scientific testimony is
, based on reasoning or methodology that is scientifically valid and can
properly be applied to the facts at issue. Under this standard, the factors that
may be considered in determining whether the methodology is valid are: (1)
whether the theory or technique in question can be ITProTV Video Notes for
CHFI v9 and has been tested; (2) whether it has been subjected to peer
review and publication; (3) its known or potential error rate; (4) the existence
and maintenance
Civil Cases - CORRECT-ANSWERSInvolve disputes between two parties.
Brought for violation of contracts and lawsuits where a guilty outcome
generally results in monetary damages to the plaintiff
Criminal Cases - CORRECT-ANSWERSBrought by law enforcement agencies in
response to a suspected violation of law where a guilty outcome results in
monetary damages, imprisonment, or both
Administrative Cases - CORRECT-ANSWERSAn internal investigation by an
organization to discover if its employees/clients/partners are abiding by the
rules or policies (Violation of company policies). Non-criminal in nature and
are related to misconduct or activities of an employee
Rules of Forensic Investigation - CORRECT-ANSWERSSafeguard the integrity
of the evidence and render it acceptable in a court of law. The forensic
examiner must make duplicate copies of the original evidence. The duplicate
copies must be accurate replications of the originals, and the forensic
examiner must also authenticate the duplicate copies to avoid questions
about the integrity of the evidence. Must not continue with the investigation
if the examination is going to be beyond his or her knowledge level or skill
level.
Cyber Crime Investigation Methodology/Steps - CORRECT-ANSWERS1.Identify
the computer crime 2.Collect preliminary evidence 3.Obtain court warrant
dor discovery/seizure of evidence 4.Perform first responder procedures
5.Seize evidence at the crime scene 6. Transport evidence to lab 7.Create
two bitstream copies of the evidence 8. Generate MD5 checksum of the
images 9. Maintain chain of custody 10. Store original evidence in secure
location 11. Analyze the image copy for evidence 12. Prepare a forensic
report 13. Submit a report to client 14. Testify in course as an expert witness
Locard's Exchange Principle - CORRECT-ANSWERSAnyone of anything,
entering a crime scene takes something of the scene with them and leaves
something of themselves behind when they leave.
Types of Digital Data - CORRECT-ANSWERSVolatile Data
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Elitaa. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $19.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
85169 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now