WGU C706 Objective Assessment Exam Prep (Latest 2023/ 2024 Update) Secure Software Design| Questions and Verified Answers| 100% Correct| Grade A

WGU C706 Objective Assessment Exam Prep (Latest 2023/ 2024 Update) Secure Software Design| Questions and Verified Answers| 100% Correct| Grade A Q: Which command is used to determine open files? a. Openfile b. Net file c. PSFiles d. Open files Answer: b. Net file Q: What prefetch does value 1 from the registry entry EnablePrefetcher tell the system to use? a. Both application and boot prefetching are enabled b. Boot prefetching is enabled c. Application prefetching is enabled d. Prefetching is enabled Answer: c. Application prefetching is enabled EnablePrefetcher reg key values: 0: Prefetching is disabled 1: Application prefetching is enabled 2: Boot prefetching is enabled 3: Both application and boot prefetching are enabled Q: What prefetch does value 3 from the registry entry EnablePrefetcher tell the system to use? a. Boot prefetching is enabled b. Application prefetching is enabled c. Both application and boot prefetching are enabled d. Prefetching is enabled Answer: c. Both application and boot prefetching are enabled EnablePrefetcher reg key values: 0: Prefetching is disabled 1: Application prefetching is enabled 2: Boot prefetching is enabled 3: Both application and boot prefetching are enabled Q: What tool enables you to retrieve information about event logs and pub- lishers in Windows 10? a. MSconfig b. Wevtutil c. Regedit d. EventViewer Answer: b. Wevtutil Windows 10 stores event logs in EVTX file format and are based on XML (Extension Markup Language). wevtutil command can be used to retrieve information about event logs and publish- ers that is not readily apparent via the Event Viewer user interface. This tool enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests; to run queries; and to export, archive, and clear logs. Command to display a list of available event logs on the system: wevtutil el Q: command is used to display the network configuration of the NICs on the system. a. ipconfig all b. ipconfig /all Answer: b. ipconfig /all Q: In Windows, where is the default location of the spool folder located? a. C:WindowsSystem32spool b. C:Windows c. C:WindowsSystem32spoolPRINTERS d. C:WindowsSpoolPRINTERS Answer: c. C:WindowsSystem32spoolPRINTERS By default in Windows OS, the .SPL and .SHD files are stored in the spool folder driver at C:WindowsSystem32spoolPRINTERS folder. Print spool files are temporary files that the software program stores in the system before completing the print task or to start printing at a scheduled time. Windows stores the file in print spooler directory before printing, while the local print provider (L) writes the contents to a spool file (.spl) and creates a separate graphics file (.emf) for each page. L also maintains detailed data on a print job, such as the username, filename, etc., in a shadow file (.shd). Q: Which Windows Registry hives are considered nonvolatile with respect to data persistence? a. HKEY_USERS, HKEY_CLASSES_ROOT b. HKEY_CURRENT_USERS, HKEY_LOCAL_MACHINE c. HKEY_LOCAL_MACHINE_ HKEY_USERS d. HKEY_LOCAL_MACHINE, HKEY_CURRENT_CONFIG Answer: The main registry hives are: HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_CUR- RENT_CONFIG HKEY_LOCAL_MACHINE HKEY_USERS With respect to data persistence, Windows Registry hives are divided into two types: Non-volatile: HKEY_LOCAL_MACHINE, HKEY_USERS Volatile: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_CURRENT_CONFIG Q: In Windows Event Log File Internals, the following file is used to store the Databases related to the system: a. S b. S c. D d. A Answer: b. S The Windows event log files are, essentially, databases with the records related to the system, security, and applications. The databases related to the system are stored in a file named S The databases related to security are stored in a file named S The databases related to applications are stored in a file named A Windows event logs are stored in: C:WindowsSystem32winevtLogs folder Q: By default, Windows XP and later create hidden administrative shares on a system? a. True b. False Answer: b. False By default, Windows Vista, 7, 8.1 and 10 create hidden administrative shares on a system. Q: What would not be found on a most recently used list? a. Bookmarks b. Opened documents c. Recently visited web pages Answer: a. Bookmarks Q: What does analyzing Shellbags not provide forensic investigators with information about? a. Folders deleted by users b. Folders opened by users from a mounted external hard drive c. Folders not opened from an external hard drive after the drive is mounted d. Timestamps and MAC times of the accessed folder Answer: c. Folders not opened from an external hard drive after the drive is mounted ShellBags hold information on deleted directories, deleted files, previously mounted drives, and user/intruder actions, which can be highly valuable in a forensic investi- gation.