WGU C702 FORENSICS AND NETWORK INTRusion PRACTICE TEST QUESTIONS AND CORRECT ANSWERS (VERIFIED
ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT DOWNLOAD PDF
*Core Domains
Digital Forensics Fundamentals
Network Intrusion Detection & Prevention
Incident Response Processes
Evidence Collection & Preservation
Log Analysis & Traffic Monitoring
Malware & Attack Vectors
Legal & Ethical Considerations
Cybersecurity Frameworks*
This comprehensive practice exam is designed to prepare candidates for the WGU Master's Course C702 Forensics and Network Intrusion
objective assessment. The exam evaluates critical skills in digital forensics, network intrusion detection, incident response, and evidence handling.
Questions are presented in multiple-choice and scenario-based formats that emphasize real-world application and professional decision-making.
Candidates will demonstrate knowledge of forensic investigation processes, network traffic analysis, IDS/IPS deployment, legal compliance
requirements, and ethical standards. Success on this exam indicates readiness to perform forensic investigations, identify network intrusions, and
maintain evidence integrity in professional cybersecurity environments.
SECTION ONE: QUESTIONS 1–100
Question 1
What is the primary purpose of maintaining a chain of custody in digital forensics?
A. To speed up the forensic analysis process
B. To ensure evidence integrity and legal admissibility
C. To reduce the cost of forensic investigations
D. To customize forensic tools for specific cases
,🟢 B. To ensure evidence integrity and legal admissibility
🔴 RATIONALE: The chain of custody documents who handled evidence, when, and under what circumstances, proving integrity and admissibility
in legal proceedings.
Question 2
Which type of IDS monitors traffic on an entire network segment?
A. Host-based IDS (HIDS)
B. Perimeter IDS (PIDS)
C. Network-based IDS (NIDS)
D. VM-based IDS (VMIDS)
🟢 C. Network-based IDS (NIDS)
🔴 RATIONALE: NIDS analyzes data packets from the network to protect entire segments, while HIDS monitors specific hosts.
Question 3
What is the first step in a computer forensics investigation process?
A. Analyze the evidence
B. Identify the computer crime
C. Collect preliminary evidence
D. Obtain a court warrant
🟢 B. Identify the computer crime
🔴 RATIONALE: The investigation process begins with identifying the computer crime, followed by collecting preliminary evidence, then obtaining
legal authorization.
Question 4
Which forensic tool is commonly used for creating bitstream copies of evidence?
,A. Antivirus scanner
B. FTK Imager
C. Network enumerator
D. Statistical analyzer
🟢 B. FTK Imager
🔴 RATIONALE: FTK Imager is a relevant security tool specifically used for creating bitstream copies of forensic evidence.
Question 5
What does MD5 checksum verify in digital forensics?
A. Encryption strength
B. Evidence integrity and authenticity
C. Network traffic patterns
D. Malware classification
🟢 B. Evidence integrity and authenticity
🔴 RATIONALE: MD5 checksums generate hash values that verify evidence has not been altered, maintaining integrity throughout the investigation.
Question 6
Which of the following is NOT a characteristic of digital evidence?
A. Volatility
B. Intangibility
C. Reproducibility
D. Physical permanence
🟢 D. Physical permanence
🔴 RATIONALE: Digital evidence is volatile, intangible, and reproducible, but lacks physical permanence since it exists as data.
Question 7
What is steganography in the context of cybersecurity?
, A. A method of encrypting network traffic
B. Hidden data embedding within legitimate files
C. A type of network intrusion detection
D. Forensic evidence collection technique
🟢 B. Hidden data embedding within legitimate files
🔴 RATIONALE: Steganography involves hiding data within legitimate files, which is a significant niche topic in C702 forensics.
Question 8
Which federal rule of evidence addresses hearsay in digital forensics?
A. Best Evidence Rule
B. Federal Rules of Evidence 9.2.1
C. SWGDE Standard
D. Chain of Custody Protocol
🟢 B. Federal Rules of Evidence 9.2.1
🔴 RATIONALE: Federal Rules of Evidence 9.2.1 specifically addresses the hearsay rule in digital evidence contexts.
Question 9
What is the primary function of a write blocker in forensic investigations?
A. Speed up data transfer
B. Prevent modification of evidence drives
C. Encrypt forensic copies
D. Analyze network traffic
🟢 B. Prevent modification of evidence drives
🔴 RATIONALE: Write blockers ensure non-alteration of evidence by preventing any modifications to original evidence drives.
Question 10
Which attack vector targets database systems specifically?
ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT DOWNLOAD PDF
*Core Domains
Digital Forensics Fundamentals
Network Intrusion Detection & Prevention
Incident Response Processes
Evidence Collection & Preservation
Log Analysis & Traffic Monitoring
Malware & Attack Vectors
Legal & Ethical Considerations
Cybersecurity Frameworks*
This comprehensive practice exam is designed to prepare candidates for the WGU Master's Course C702 Forensics and Network Intrusion
objective assessment. The exam evaluates critical skills in digital forensics, network intrusion detection, incident response, and evidence handling.
Questions are presented in multiple-choice and scenario-based formats that emphasize real-world application and professional decision-making.
Candidates will demonstrate knowledge of forensic investigation processes, network traffic analysis, IDS/IPS deployment, legal compliance
requirements, and ethical standards. Success on this exam indicates readiness to perform forensic investigations, identify network intrusions, and
maintain evidence integrity in professional cybersecurity environments.
SECTION ONE: QUESTIONS 1–100
Question 1
What is the primary purpose of maintaining a chain of custody in digital forensics?
A. To speed up the forensic analysis process
B. To ensure evidence integrity and legal admissibility
C. To reduce the cost of forensic investigations
D. To customize forensic tools for specific cases
,🟢 B. To ensure evidence integrity and legal admissibility
🔴 RATIONALE: The chain of custody documents who handled evidence, when, and under what circumstances, proving integrity and admissibility
in legal proceedings.
Question 2
Which type of IDS monitors traffic on an entire network segment?
A. Host-based IDS (HIDS)
B. Perimeter IDS (PIDS)
C. Network-based IDS (NIDS)
D. VM-based IDS (VMIDS)
🟢 C. Network-based IDS (NIDS)
🔴 RATIONALE: NIDS analyzes data packets from the network to protect entire segments, while HIDS monitors specific hosts.
Question 3
What is the first step in a computer forensics investigation process?
A. Analyze the evidence
B. Identify the computer crime
C. Collect preliminary evidence
D. Obtain a court warrant
🟢 B. Identify the computer crime
🔴 RATIONALE: The investigation process begins with identifying the computer crime, followed by collecting preliminary evidence, then obtaining
legal authorization.
Question 4
Which forensic tool is commonly used for creating bitstream copies of evidence?
,A. Antivirus scanner
B. FTK Imager
C. Network enumerator
D. Statistical analyzer
🟢 B. FTK Imager
🔴 RATIONALE: FTK Imager is a relevant security tool specifically used for creating bitstream copies of forensic evidence.
Question 5
What does MD5 checksum verify in digital forensics?
A. Encryption strength
B. Evidence integrity and authenticity
C. Network traffic patterns
D. Malware classification
🟢 B. Evidence integrity and authenticity
🔴 RATIONALE: MD5 checksums generate hash values that verify evidence has not been altered, maintaining integrity throughout the investigation.
Question 6
Which of the following is NOT a characteristic of digital evidence?
A. Volatility
B. Intangibility
C. Reproducibility
D. Physical permanence
🟢 D. Physical permanence
🔴 RATIONALE: Digital evidence is volatile, intangible, and reproducible, but lacks physical permanence since it exists as data.
Question 7
What is steganography in the context of cybersecurity?
, A. A method of encrypting network traffic
B. Hidden data embedding within legitimate files
C. A type of network intrusion detection
D. Forensic evidence collection technique
🟢 B. Hidden data embedding within legitimate files
🔴 RATIONALE: Steganography involves hiding data within legitimate files, which is a significant niche topic in C702 forensics.
Question 8
Which federal rule of evidence addresses hearsay in digital forensics?
A. Best Evidence Rule
B. Federal Rules of Evidence 9.2.1
C. SWGDE Standard
D. Chain of Custody Protocol
🟢 B. Federal Rules of Evidence 9.2.1
🔴 RATIONALE: Federal Rules of Evidence 9.2.1 specifically addresses the hearsay rule in digital evidence contexts.
Question 9
What is the primary function of a write blocker in forensic investigations?
A. Speed up data transfer
B. Prevent modification of evidence drives
C. Encrypt forensic copies
D. Analyze network traffic
🟢 B. Prevent modification of evidence drives
🔴 RATIONALE: Write blockers ensure non-alteration of evidence by preventing any modifications to original evidence drives.
Question 10
Which attack vector targets database systems specifically?