WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution

WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A software company suspects that employees have set up automatic corporate email forwarding to their personal inboxes against company policy. The company hires forensic investigators to identify the employees violating policy, with the intention of issuing warnings to them. Which type of cybercrime investigation approach is this company taking? A Civil B Criminal C Administrative D Punitive -CORRECT ANSWER C Which model or legislation applies a holistic approach toward any criminal activity as a criminal operation? A Enterprise Theory of Investigation B Racketeer Influenced and Corrupt Organizations Act C Evidence Examination D Law Enforcement Cyber Incident Reporting -CORRECT ANSWER A What does a forensic investigator need to obtain before seizing a computing device in a criminal case? A Court warrant B Completed crime report C Chain of custody document D Plaintiff's permission -CORRECT ANSWER A Which activity should be used to check whether an application has ever been installed on a computer? A Penetration test B Risk analysis C Log review D Security review -CORRECT ANSWERC Which characteristic describes an organization's forensic readiness in the context of cybercrimes? A It includes moral considerations. B It includes cost considerations. C It excludes nontechnical actions.WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution D It excludes technical actions. -CORRECT ANSWER B A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick containing emails as a primary piece of evidence. Who must sign the chain of custody document once the USB stick is in evidence? A Those who obtain access to the device B Anyone who has ever used the device C Recipients of emails on the device D Authors of emails on the device -CORRECT ANSWER A Which type of attack is a denial-of-service technique that sends a large amount of data to overwhelm system resources? A Phishing B Spamming C Mail bombing D Bluejacking -CORRECT ANSWER C Which computer crime forensics step requires an investigator to duplicate and image the collected digital information? A Securing evidence B Acquiring data C Analyzing data D Assessing evidence -CORRECT ANSWER B What is the last step of a criminal investigation that requires the involvement of a computer forensic investigator? A Analyzing the data collected B Testifying in court C Assessing the evidence D Performing search and seizure -CORRECT ANSWER B How can a forensic investigator verify an Android mobile device is on, without potentially changing the original evidence or interacting with the operating system? A Check to see if it is plugged into a computer B Tap the screen multiple times C Look for flashing lights D Hold down the power button -CORRECT ANSWER CWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution What should a forensic investigator use to protect a mobile device if a Faraday bag is not available? A Aluminum foil B Sturdy container C Cardboard box D Bubble wrap -CORRECT ANSWER A Which criterion determines whether a technology used by government to obtain information in a computer search is considered innovative and requires a search warrant? A Availability to the general public B Dependency on third-party software C Implementation based on open source software D Use of cloud-based machine learning -CORRECT ANSWER A Which situation allows a law enforcement officer to seize a hard drive from a residence without obtaining a search warrant? A The computer is left unattended. B The front door is wide open. C The occupant is acting suspicious. D The evidence is in imminent danger. -CORRECT ANSWER D Which legal document contains a summary of findings and is used to prosecute? A Investigation report B Search warrant C Search and seizure D Chain of custody -CORRECT ANSWERA What should an investigator use to prevent any signals from reaching a mobile phone? A Faraday bag B Dry bag C Anti-static container D Lock box -CORRECT ANSWER A A forensic investigator is called to the stand as a technical witness in an internet payment fraud case. Which behavior is considered ethical by this investigator while testifying? A Providing and explaining facts found during the investigationWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution B Interpreting the findings and offering a clear opinion to the jury C Helping the jury arrive at a conclusion based on the facts D Assisting the attorney in compiling a list of essential questions -CORRECT ANSWER A A government agent is testifying in a case involving malware on a system. What should this agent have complied with during search and seizure? A Fourth Amendment B Stored Communications Act C Net Neutrality Bill D Federal Rules of Evidence -CORRECT ANSWER A Which path should a forensic investigator use to look for system logs in a Mac? A /var/log/cups/access_log B /var/log/ C /var/audit/ D /var/log/ -CORRECT ANSWER B Which tool should a forensic investigator use to view information from Linux kernel ring buffers? A arp B dmesg C fsck D grep -CORRECT ANSWER B A forensic investigator makes a bit-stream copy of a Windows hard drive that has been reformatted. The investigator needs to locate only the Adobe PDF files on the hard drive. Which tool should this investigator use? A Quick Recovery B Handy Recovery C EaseUS Data Recovery D Stellar Data Recovery -CORRECT ANSWER C Which hexadecimal value should an investigator search for to find JPEG images on a device? A 0x424D B 0xD0CF11E0A1B11AE1WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution C 0x504B D 0xFFD8 -CORRECT ANSWER D Which type of steganography allows the user to physically move a file but keep the associated files in their original location for recovery? A Whitespace B Folder C Image D Web -CORRECT ANSWER B An employee steals a sensitive text file by embedding it into a PNG file. The employee then sends this file via an instant chat message to an accomplice. Which type of steganography did this employee use? A Document B Image C Text D Web -CORRECT ANSWER B Which method is used when an investigator has access to the plaintext and an image file with the hidden information? A Stego-only B Known-stego C Known-message D Chosen-message -CORRECT ANSWER C Which method is used when an investigator takes a plaintext message, uses various tools against it, and finds the algorithm used to hide information? A Stego-only B Known-stego C Known-message D Chosen-message -CORRECT ANSWER D Which operating system is targeted by the DaveGrohl password cracker? A Linux B OS X C UNIX D Windows -CORRECT ANSWER B Which password cracker is used to recover passwords on an OS X operating system?WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A Cain and Abel B DaveGrohl C L0phtCrack D Ophcrack -CORRECT ANSWER B Which tool allows a forensic investigator to process Transmission Control Protocol (TCP) streams for analysis of malicious traffic? A Kibana B OSSEC C Syslog-ng D Wireshark -CORRECT ANSWER D Which tool allows an investigator to review or process information in a Windows environment but does not rely on the Windows API? A EnCase B netstat C dd D LogMeister -CORRECT ANSWER A A computer forensic investigator finds an unauthorized wireless access point connected to an organization's network switch. This access point's wireless network has a random name with a hidden service set identifier (SSID). What is this set-up designed to do? A Create a backdoor that a perpetrator can use by connecting wirelessly to the network B Jam the wireless signals to stop all legitimate traffic from using the wireless network C Activate the wireless cards in the laptops of victims to gain access to their data and network D Transmit high-power signals that force users to connect to the rogue wireless network -CORRECT ANSWER A Which web-based application attack corrupts the execution stack of a web application? A Buffer overflow B Cookie poisoning C SQL injection D Denial-of-service -CORRECT ANSWERA An employee is accused of sending a threatening email through Microsoft Exchange.WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Which file extension should the investigator search for to find the archived message on the server? A .DB B .NSF C .PST D .EDB -CORRECT ANSWER D Investigators do not have physical access to the computer of the victim of an email crime. Which task should these investigators instruct the victim to perform in order to identify the sending email server? A Provide the email body B Provide the email header C Run Aid4Mail Email Forensics D Run Email Address Verifier -CORRECT ANSWER B Which tool should a forensic investigator use on a Windows computer to locate all the data on a computer disk, protect evidence, and create evidentiary reports for use in legal proceedings? A Wireshark B OmniPeek C ProDiscover D Capsa -CORRECT ANSWER C What is the purpose of hashing tools during data acquisition? A Dumping the original RAM contents to a forensically sterile removable device B Enabling write protection on the original media to preserve the original evidence C Validating the collected digital evidence by comparing the original and copied file message digests D Creating a replica of the original source to prevent the inadvertent original -CORRECT ANSWER C Which software-based tool is used to prevent writes to storage devices on a computer? A CRU WiebeTech B ILook Investigator C SAFE Block D USB WriteBlocker -CORRECT ANSWER CWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Which tool should a forensic team use to research unauthorized changes in a database? A ApexSQL DBA B Gargoyle Investigator Forensic Pro C LSASecretsView D RSA NetWitness Investigator -CORRECT ANSWER A Which graphical tool should investigators use to identify publicly available information about a public IP address? A AWStats B GoAccess C SmartWhois D NsLookup -CORRECT ANSWER C Which tool is used to search and analyze PC messaging logs? A Chat Stick B File Viewer C SnowBatch D Zamzar -CORRECT ANSWER A Which forensic tool allows an investigator to acquire database files for analysis from a mobile device? A Andriller B Volatility C WinDump D Tripwire -CORRECT ANSWER A A first responder arrives at an active crime scene that has several mobile devices. What should this first responder do while securing the crime scene? A Leave the devices in the state they are in and put them in anti-static bags B Turn on the devices and review recently accessed data C Turn of f the devices to preserve the volatile memory D Leave the devices as found and fill out chain of custody paperwork -CORRECT ANSWER D What is a responsibility of the first responder at a crime scene? A Package and transport the evidence B Identify the presence of rootkits on the evidenceWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution C Decrypt the evidence by cracking passwords D Detect malware present on the evidence -CORRECT ANSWER A Which step preserves the forensic integrity of volatile evidence when a device is discovered in the powered-on state? A Documenting the procedures for shutting down the system B Collecting information with a secure command shell C Using the built-in backup utility to gather information D Copying the file with the keyboard shortcut Ctrl+C -CORRECT ANSWER Which action maintains the integrity of evidence when a forensic laptop is used to acquire data from a compromised computer? A Connecting the machines with a straight through cable B Connecting the machines with a crossover cable C Enabling a hardware write blocker D Enabling administrative control -CORRECT ANSWERC What should an investigator do while collecting evidence from a device? A Turn of f the computer to protect the data B Install antivirus software to protect information C Begin documenting the chain of custody D Close any open documents and applications -CORRECT ANSWER C Why should investigators use the bit-stream disk-to-disk data acquisition method rather than the disk-to-image method? A Ensures that integrity is not compromised B Preserves the required chain of custody C Addresses potential errors and incompatibilities D Avoids the possibility of running out of space -CORRECT ANSWER C Which anti-forensic defense technique allows a forensic investigator to determine if the system's kernel is compromised? A Performing a brute-force attack B Conducting steganalysis C Performing BIOS bypass D Conducting rootkit detection -CORRECT ANSWER D Which anti-forensic defense technique allows a forensic investigator to gain access to files protected with Encrypting File System (EFS)? BWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A Installing a recovery certificate B Detecting hosts in promiscuous mode C Performing BIOS bypass D Conducting rootkit detection -CORRECT ANSWER A Which anti-forensic defense technique allows a forensic investigator to reset the firmware in order to access the operating system? A Install a recovery certificate B Detect hosts in promiscuous mode C Perform BIOS password bypass D Conduct rootkit detection -CORRECT ANSWER C A software company has a data breach and hires a forensic expert to examine event and intrusion detection logs on its Linux servers. The investigator finds a suspicious user ID and wants to track all events of that user. Which command should this forensic expert use? A ausearch B dd C readelf D cron -CORRECT ANSWER A A forensic investigator receives dozens of log-in failure events within a few minutes. A security attack event is generated. What is the goal when performing event correlation? A Data aggregation B Content reduction C Explorative data analysis D Root cause identification -CORRECT ANSWER D A computer forensic investigator is preparing an affidavit statement. Which type of report should this investigator prepare? A Formal verbal B Informal verbal C Formal written D Informal written -CORRECT ANSWER C A forensic investigator is preparing a report in response to a security breach. The report is augmented by documentation provided by a third party.WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Which optional section in the report serves as a gesture of thanks for the third-party support? A Acknowledgments B References C Conclusions D Appendices -CORRECT ANSWER A A network log from a remote system is entered into evidence, and the proper steps are taken to protect the integrity of the data. The log contains network intrusion data but does not contain any information about the log. What must an investigator document about this log in the forensic report? A Name of the server B Number of records in the file C Name of the server administrator D Number of bytes in the file -CORRECT ANSWER A What should an investigator do to ensure that creating a forensic hard drive image does not alter the drive? A Make a duplicate using the dd command B Make a duplicate using the cp command C Copy each file to a new disk using copy and paste D Copy each file to a new disk using File Explorer -CORRECT ANSWER A A Mac computer that does not have removeable batteries is powered on. Which action must a first responder take to preserve digital evidence from the computer once volatile information is collected? A Place the computer in an anti-static bag B Obtain the IP address of the computer C Maintain the power with a portable charger D Press the power switch for 30 seconds -CORRECT ANSWER D What should an investigator do to ensure that a phone serving as evidence at a crime scene is properly isolated? A Contact the service provider B Turn the device off C Remove the battery D Use a Faraday bag -CORRECT ANSWER DWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution First responders arrive at a company and determine that a non-company Windows 7 computer was used to breach information systems. The computer is still powered on. What is the correct procedure for powering of f this computer once the volatile information has been collected? A Shut down the device by clicking Special Shutdown B Unplug the electrical cord from the wall socket C Type Get-Service | Where {$_.status -eq 'running'} D Press down the Ctrl and L keys simultaneously -CORRECT ANSWER B What is the minimum number of workstations a forensics lab needs? A One B Two C Three D Four -CORRECT ANSWER B Which function does the BIOS parameter block (BPB) handle for the hard disk? A Describes the physical layout and volume partitions B Specifies the location of the operating system C Initializes code that executes after powering the firmware interface D Interprets the boot configuration data and selects boot policy -CORRECT ANSWER A How does RAID 3 store information? A Information is written on a minimum of two drives for quick reading and writing of data. B Data is mirrored on two drives to improve the speed of retrieving information and resilience. C Information is written at byte level across multiple drives, but only one is dedicated for parity. D Information is stored on multiple drives, with floating parity for improved performance and resilience. -CORRECT ANSWER C Which file system is on a system with MacOS installed? A New Technology File System (NTFS) B Hierarchical File System Plus (HFS+) C Extended file system (EXT) D Z File System (ZFS) -CORRECT ANSWER BWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Where should an investigator search for details of activities that have taken place in an SQL database? A Primary data files (MDF) B Secondary data files (NDF) C Data definition language (DDL) files D Transaction log data files (LDF) -CORRECT ANSWERD Which command line utility enables an investigator to analyze privileges assigned to database files? A DBINFO B SHOWFILESTATS C mysqldump D mysqlaccess -CORRECT ANSWER D The following is the header from a threatening email: Received: from M( [124.53.112.16]) by M (8.8.5/8.7.2) Received: from ( [124.211.3.88]) by M (10.5.2/10.4.1) With ESMTP id LAA20869 for ; Tue, Jan :39:24 -0800 (PST) What is the name of the server that sent the message? A M B M C M D -CORRECT ANSWER A Which header allows an investigator to determine if a message was sent to many recipients? A In-Reply-To B Content-Type C X-Distribution D X-Mailer -CORRECT ANSWER C Which operating system contains PLIST files for forensic analysis? A AndroidWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution B Windows C Linux D MacOS -CORRECT ANSWER D Which operating system contains the authentication log at /var/log/? A Android B Linux C iOS D MacOS -CORRECT ANSWER B Which of the following is true regarding computer forensics? A deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them. B deals with the process of finding evidence related to a digital crime to find the culprits and avoid legal action against them. C deals with the process of finding evidence related to a digital crime to find the victims and prevent legal action against them. D deals with the process of finding evidence related to a crime to find the culprits and initiate legal action against them. -CORRECT ANSWER A Which of the following is NOT an objective of computer forensics? A Identify, gather, and preserve the evidence of a cybercrime. B Track and prosecute the perpetrators in a court of law. C Interpret, document, and present the evidence to be admissible during prosecution. D Mitigate vulnerabilities allowing further loss of intellectual property, reputation during an attack. -CORRECT ANSWER D Which of the following is true regarding Enterprise Theory of Investigation (ETI)? A It encourages reactive action on the structure of the criminal enterprise. B It adopts an approach toward criminal activity as a criminal act. C It adopts a holistic approach toward any criminal activity as a criminal operation rather than as a single criminal act. D It differs from traditional investigative methods, and it is less complex and less time- consuming. -CORRECT ANSWER C Forensic readiness refers to:WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A an organization's ability to make optimal use of digital evidence in a limited time period and with minimal investigation costs B replacing the need to meet all regulatory requirements C having no impact on prospects of successful legal action D the establishment of specific incident response procedures and designated trained personnel to prevent a breach -CORRECT ANSWER A Which of the following is NOT an element of cybercrime? A anonymity through masquerading B volatile evidence C fast-paced speed D evidence smaller in size -CORRECT ANSWER D Which of the following is true of cybercrimes? A The claimant is responsible for the collection and analysis of the evidence. B The searching of the devices is based on mutual understanding and provides a wider time frame to hide the evidence. C Investigators attempt to demonstrate information to the opposite party to support the claims and induce settlement. D Investigators, with a warrant, have the authority to forcibly seize the computing devices. -CORRECT ANSWER D Which of the following is true of civil crimes? A The standards of proof need to be very high. B The initial reporting of the evidence is generally informal. C A formal investigation report is required. D Law enforcement agencies are responsible for collecting and analyzing evidence. - CORRECT ANSWER B Which of the following is NOT a consideration during a cybercrime investigation? A collection of clues and forensic evidence B analysis of digital evidence C presentation of admissible evidence D value or cost to the victim -CORRECT ANSWER DWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Which of the following is a user-created source of potential evidence? A printer spool B log files C address book D cookies -CORRECT ANSWER C Which of the following is a computer-created source of potential evidence? A swap file B steganography C bookmarks D spreadsheet -CORRECT ANSWER A Which of the following is NOT where potential evidence may be located? A digital camera B thumb drive C smart card D processor -CORRECT ANSWER D Under which of the following conditions will duplicate evidence NOT suffice? A when original evidence is in possession of the originator B when original evidence is destroyed in the normal course of business C when original evidence is destroyed due to fire or flood D when original evidence is in possession of a third party -CORRECT ANSWER Which of the following Federal Rules of Evidence governs proceedings in the courts of the United States? A Rule 105 B Rule 102 C Rule 103 D Rule 101 -CORRECT ANSWER D Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the proceedings justly determined? A Rule 102 B Rule 103 C Rule 101 D Rule 105 -CORRECT ANSWER A Which of the following Federal Rules of Evidence contains Rulings on Evidence? AWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A Rule 101 B Rule 102 C Rule 105 D Rule 103 -CORRECT ANSWER D Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its proper scope and instruct the jury accordingly? A Rule 101 B Rule 102 C Rule 103 D Rule 105 -CORRECT ANSWER D Which of the following answers refers to a set of methodological procedures and techniques to identify, gather, preserve, extract, interpret, document, and present evidence from computing equipment in such a manner that the discovered evidence is acceptable during a legal and/or administrative proceeding in a court of law? A disaster recovery B incident handling C computer forensics D network analysis -CORRECT ANSWERC Computer forensics deals with the process of finding related to a digital crime to find the culprits and initiate legal action against them. A fraud B insider threats C evidence D malware -CORRECT ANSWER C Minimizing the tangible and intangible losses to the organization or an individual is considered an essential computer forensics use. A False B True -CORRECT ANSWER B Cybercrimes can be classified into the following two types of attacks, based on the line of attack. A fraud and spam B internal and external C phishing and malware -CORRECT ANSWER BWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Espionage, theft of intellectual property, manipulation of records, and Trojan horse attacks are examples of what? A outsider attacks or secondary threats B insider attacks or primary threats C insider attacks or secondary threats D outsider attacks or primary threats -CORRECT ANSWER B External attacks occur when there are inadequate information-security policies and procedures. A True B False -CORRECT ANSWER A Which type of cases involve disputes between two parties? A investigative B administrative C criminal D civil -CORRECT ANSWER D A computer forensic examiner can investigate any crime as long as he or she takes detailed notes and follows the appropriate processes. A True B False -CORRECT ANSWER B A Both Enterprise Theory of Investigation (ETI) and Entrepreneur Theory of Investigation B Enterprise Theory of Investigation (ETI) C Entrepreneur Theory of Investigation -CORRECT ANSWER B Digital devices store data about sessions such as user and type of connection. A True B False -CORRECT ANSWER A Forensic readiness includes technical and non-technical actions that maximize an organization's competence to use digital evidence. A True B False -CORRECT ANSWER AWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Which of the following is the process of developing a strategy to address the occurrence of any security breach in the system or network? A forensic readiness planning B security policy C best evidence rule D incident response -CORRECT ANSWERD Codes of ethics are the principles stated to describe the expected behavior of an investigator while handling a case. Which of the following is NOT a principle that a computer forensic investigator must follow? A Act in accordance with federal statutes, state statutes, and local laws and policies. B Provide personal or prejudiced opinions. C Ensure integrity of the evidence throughout the investigation process. D Act with utmost ethical and moral principles. -CORRECT ANSWER B What must an investigator do in order to offer a good report to a court of law and ease the prosecution? A authorize the evidence B obfuscate the evidence C preserve the evidence D prosecute the evidence -CORRECT ANSWER C What is the role of an expert witness? A to educate the public and court B to testify against the plaintiff C to support the defense D to evaluate the court's decisions -CORRECT ANSWER A Which of the following is NOT a legitimate authorizer of a search warrant? A court of law B magistrate C concerned authority D first responder -CORRECT ANSWERD Under which of the following circumstances has a court of law allowed investigators to perform searches without a warrant? A Expediting the process of obtaining a warrant may lead to the timely prosecution of a perpetrator.WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution B Delay in obtaining a warrant may lead to the destruction of evidence and hamper the investigation process. C Expediting the process of obtaining a warrant may lead to a delay in prosecution of a perpetrator. D Delay in obtaining a warrant may lead to the preservation of evidence and expedite the investigation process. -CORRECT ANSWER B Which of the following should be considered before planning and evaluating the budget for the forensic investigation case? A past success rate as a measure of value B use of outdated, but trusted, technologies C current media coverage of high-profile computer crimes D breakdown of costs into daily and annual expenditure -CORRECT ANSWER Which of the following should be physical location and structural design considerations for forensics labs? A Computer systems should be visible from every angle. B Room size should be compact with standard HVAC equipment. C Lightweight construction materials need to be used. D Lab exteriors should have no windows. -CORRECT ANSWER D Which of the following should be work area considerations for forensics labs? A Examiner station has an area of about 50-63 square feet. B Physical computer examinations should take place in a separate workspace. C Additional equipment such as notepads, printers, etc. should be stored elsewhere. D Multiple examiners should share workspace for efficiency. -CORRECT Which of the following is NOT part of the Computer Forensics Investigation Methodology? A data acquisition B testify as an expert defendant C testify as an expert witness D data analysis -CORRECT ANSWER B Which of the following is NOT part of the Computer Forensics Investigation Methodology? D ANSWER AWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A Assess the evidence.WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution B Secure the evidence. C Destroy the evidence. D Collect the evidence. -CORRECT ANSWER C Investigators can immediately take action after receiving a report of a security incident. A False B True -CORRECT ANSWER A In forensics laws, "authenticating or identifying evidences" comes under which rule? A Rule 901 B Rule 801 C Rule 608 D Rule 708 -CORRECT ANSWER A Courts call knowledgeable persons to testify to the accuracy of the investigative process. These people who testify are known as the : A counselors B expert witnesses C judges D character witnesses -CORRECT ANSWER B A chain of custody is a critical document in the computer forensics investigation process because the document provides legal validation of appropriate evidence handling. A False B True -CORRECT ANSWER B Identify the following project which was launched by the National Institute of Standards and Technology (NIST), that establishes a "methodology for testing computer forensics software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware." A Computer Forensic Hardware Project (CFHP) B Computer Forensic Investigation Project (CFIP) C Enterprise Theory of Investigation (ETI) D Computer Forensic Tool Testing Project (CFTTP) -CORRECT ANSWER D Which of the following is NOT a digital data storage type? A quantum storage devicesWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution B flash memory devices C magnetic storage devices D optical storage devices -CORRECT ANSWER A Which of the following is NOT a common computer file system? A NTFS B FAT32 C EFX3 D EXT2 -CORRECT ANSWER C Which field type refers to the volume descriptor as a primary? A Number 1 B Number 0 C Number 3 D Number 2 -CORRECT ANSWER A Which logical drive holds the information regarding the data and files that are stored in the disk? A secondary partition B extended partition C tertiary partition D primary partition -CORRECT ANSWER B How large is the partition table structure that stores information about the partitions present on the hard disk? A 64-byte B 32-byte C 64-bit D 32-bit -CORRECT ANSWER A How many bits are used by the MBR partition scheme for storing LBAs (Logical Block Addresses) and the size information on a 512-byte sector? A 64 B 128 C 32 D 256 -CORRECT ANSWER C In the GUID Partition Table, which Logical Block Address contains the Partition Entry Array?WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A LBA 0 B LBA 1 C LBA 3 D LBA 2 -CORRECT ANSWER D Which of the following describes when the user restarts the system via the operating system? A hard booting B hot booting C warm booting D cold booting -CORRECT ANSWER C Which Windows operating system powers on and starts up using either the traditional BIOS-MBR method or the newer UEFI-GPT method? A Windows 7 B Windows 8 C Windows Vista D Windows XP -CORRECT ANSWER B Which item describes the following UEFI boot process phase? The phase of EFI consisting of initializing the CPU, temporary memory, and boot firmware volume (BFV); locating and executing the chapters to initialize all the found hardware in the system; and creating a Hand-Of f Block List with all found resources interface descriptors. A RT (Run Time) Phase B DXE (Driver Execution Environment) Phase C PEI (Pre-EFI Initialization) Phase D BDS (Boot Device Selection) Phase -CORRECT ANSWER C Which of the following basic partitioning tools displays details about GPT partition tables in Windows OS? A Gparted B Fdisk C Disk Utility D DiskPart -CORRECT ANSWER D What stage of the Linux boot process includes the task of loading the Linux kernel and optional initial RAM disk? A POST StageWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution B Bootloader Stage C BIOS Stage D Kernel Stage -CORRECT ANSWER B What component of a typical FAT32 file system consists of data that the document framework uses to get to the volume and utilizes the framework parcel to stack the working portion documents? A Boot Sector B FAT Area C Reserved Area D Data Area -CORRECT ANSWER A Which component of the NTFS architecture is a computer system file driver for NTFS? A N B boot sector C Master Boot Record D N -CORRECT ANSWER A What is the name of the abstract layer that resides on top of a complete file system, allows client applications to access various file systems, and consists of a dispatching layer and numerous caches? A Virtual File System (VFS) B Kernel Space C GNUC Library (glibc) D User Space -CORRECT ANSWER A Which information held by the superblock contains major and minor items that allow the mounting code to determine whether or not supported features are available to the file system? A magic number B revision level C mount count D block size -CORRECT ANSWER B Which file system used in Linux was developed by Stephen Tweedie in 2001 as a journaling file system that improves reliability of the system? A Ext3 B Ext2 C Ext4 D Ext -CORRECT ANSWER AWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution How many bit values does HFS use to address allocation blocks? A 32 B 64 C 16 D 8 -CORRECT ANSWER C What UFS file system part is composed of a few blocks in the partition reserved at the beginning? A data groups B boot blocks C cylinder groups D super block -CORRECT ANSWER B What is a machine-readable language used in major digital operations, such as sending and receiving emails? A .NET B ASCII C JAVA D XML -CORRECT ANSWER B What is JPEG an acronym of? A Joint Photographic Exchange Group B Joint Picture Exchange Group C Joint Picture Experts Group D Joint Photographic Experts Group -CORRECT ANSWER D What is the proprietary Microsoft Office presentation file extension used in PowerPoint? A TXT B PDF C PPT D RTF -CORRECT ANSWER C Which of the following is an example of optical media? A CD/DVD B Hard drive -CORRECT ANSWER A C Flash media D USB deviceWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution sector on the disk. A Clusters, Series, and Heads (CSH) B Clusters, Heads, and Series (CHS) C Cylinders, Heads, and Sectors (CHS) D Logical Block Address (LBA) -CORRECT ANSWER C is a 128-bit unique reference number used as an identifier in computer software. A BIOS Parameter Block (BPB) B Unified Extensible Firmware Interface (UEFI) C Global Unique Identifier (GUID) D Master Boot Record (MBR) -CORRECT ANSWER C Mac OS uses a hierarchical file system. A True B False -CORRECT ANSWER A The main advantage of RAID is that if a single physical disk fails: A The operating system will protect the remaining disks. B The system will build another drive. C The system will continue to function without loss of data. D The system will isolate the defective disk. -CORRECT ANSWER C The command "fsstat" displays the details associated with an image file. A True B False -CORRECT ANSWER B What is the simplest RAID level that does not involve any redundancy, and fragments the file into the user-defined stripe size of the array? A RAID 5 B RAID 1 C RAID 0 D RAID 10 -CORRECT ANSWER C An investigator may commit some common mistakes while collecting data from the system that result in the loss of critical evidence. Which of the following is NOT a mistake that investigators commonly make? In Sector, addressing determines the address of the individualWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A choosing wrong resolution for data acquisition B use of correct cables and cabling techniques C poor knowledge of the instrument -CORRECT ANSWER B In Linux Standard Tools, forensic investigators use the following built-in Linux Commands to copy data from a disk drive: A dc and dcfldd B dd and dcfldd C dd and ddfldc D dc and ddfldc -CORRECT ANSWER B Because they are always changing, the information in the registers or the processor cache are the most volatile data. A True B False -CORRECT ANSWER A Forensic data duplication involves the creation of a file that has every bit of information from the source in a raw bit-stream format. A False B True -CORRECT ANSWER B What document is used as a written record consisting of all processes involved in seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence? A investigation of evidence document B written report C chain of custody document D description document -CORRECT ANSWER C What is the process of permanently deleting or destroying data from storage media? A purge B systems capture C media sanitization D disclosure -CORRECT ANSWER C The process of acquiring volatile data from working computers (locked or in sleep condition) that are already powered on is: A static data acquisitionWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution B imaging data acquisition C standard data acquisition D live data acquisition -CORRECT ANSWER D Which of the following refers to the data stored in the registries, cache, and RAM of digital devices? A registries B volatile information C physical memory D systems data -CORRECT ANSWER B Where are deleted items stored on Windows Vista and later versions of Windows? A Drive:RECYCLER B Drive:RECYCLED C Drive:Recycle.Bin$ D Drive:$Recycle.Bin -CORRECT ANSWERD Where are deleted items stored on Windows 98 and earlier versions of Windows? A Drive:$Recycle.Bin B Drive:Recycle.Bin$ C Drive:RECYCLER D Drive:RECYCLED -CORRECT ANSWER D Where are deleted items stored on the Windows 2000, XP, and NT versions of Windows? A Drive:Recycle.Bin$ B Drive:$Recycle.Bin C Drive:RECYCLED D Drive:RECYCLER -CORRECT ANSWER D What is the maximum size limit for the Recycle Bin in Windows prior to Windows Vista? A None B 3.99 MB C 3.99 GB D 0 -CORRECT ANSWER C Which of the following is NOT a feature of the Recover My Files tool? A recovering files even if emptied from the recycle bin data B performing disk recovery after a hard disk crashWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution C recovering files from a network drive D recovering from a hard drive, camera card, USB, Zip, floppy disk, or other media - CORRECT ANSWER C What tool is used for format recovery, unformatting and recovering deleted files emptied from the Recycle Bin, or data lost due to partition loss or damage, software crash, virus infection, or unexpected shutdown and supports hardware RAID? A Quick Recovery B DiskDigger C FileSalvage D EaseUS -CORRECT ANSWER D Which tool undeletes and recovers lost files from hard drives, memory cards, and USB flash drives? A EaseUS B DiskDigger C Quick Recovery D Drive Genius -CORRECT ANSWER B Which tool recovers files that have been lost, deleted, corrupted, or even deteriorated? A Quick Recovery B Recover My Files C EaseUS D DiskDigger -CORRECT ANSWER A Which tool recovers lost data from hard drives, RAID, photographs, deleted files, iPods, and removable disks connected via FireWire or USB? A Recover My Files B Total Recall C DiskDigger D EaseUS -CORRECT ANSWER B What tool scans the entire system for deleted files and folders and recovers them? A Recover My Files B DiskDigger C EaseUS D Advanced Disk Recovery -CORRECT ANSWER D What tool for Mac recovers files from a crashed or virus-corrupted hard drive?WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A DiskDigger B EaseUS C Data Rescue 4 D Recover My Files -CORRECT ANSWER C Which of the following are frequently left by criminals, assisting investigators in understanding the process of crime and the motive behind it, and allowing them to attempt to identify the person(s) who committed it? A fingerprints B bread crumbs C invitations D files -CORRECT ANSWER A In Detecting Rootkits, the following technique is used to compare characteristics of all system processes and executable files with a database of known rootkit fingerprints. A Cross View-Based Detection B Runtime Execution Path Profiling C Signature-Based Detection D Integrity-Based Detection -CORRECT ANSWER C In Anti-Forensics Techniques, which of the following techniques is used to hide a secret message within an ordinary message and extract it at the destination to maintain confidentiality of data? A encryption B steganography C decryption D cryptography -CORRECT ANSWER B Which of the following consists of volatile storage? A RAM B ROM C compact disc D hard drive -CORRECT ANSWER A What is NOT a command used to determine logged-on users? A net sessions B LogonSessions C LoggedSessions D PsLoggedOn -CORRECT ANSWER CWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution What is NOT a command used to determine open files? A PsFile B Open files C Net file D Openfiles -CORRECT ANSWER B What command is used to determine the NetBIOS name table cache in Windows? A Netstat B Ipconfig C Nbtstat D Ifconfig -CORRECT ANSWER C Which tool helps collect information about network connections operative in a Windows system? A Ipconfig B Nbtstat C Netstat D Ifconfig -CORRECT ANSWER C Which of the following is NOT a command used to determine running processes in Windows? A Netstat B Pslist C Tasklist D Listdlls -CORRECT ANSWER A Which is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples? A Volatile Framework B Volatility Extractor C Volatility Framework D Volatile Extractor -CORRECT ANSWER C The information about the system users is stored in which file? A PAT database file B NTUSER.BAT C SAM database file D NTUSER.DAT -CORRECT ANSWER CWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution The value 0 associated with the registry entry EnablePrefetcher tells the system to use which prefetch? A Boot prefetching is enabled. B Prefetching is disabled. C Both application and boot prefetching are enabled. D Application prefetching is enabled. -CORRECT ANSWER B What prefetch does value 1 from the registry entry EnablePrefetcher tell the system to use? A Both application and boot prefetching are enabled. B Boot prefetching is enabled. C Application prefetching is enabled. D Prefetching is disabled. -CORRECT ANSWER C What prefetch does value 2 from the registry entry EnablePrefetcher tell the system to use? A Prefetching is disabled. B Both application and boot prefetching are enabled. C Boot prefetching is enabled. D Application prefetching is enabled. -CORRECT ANSWER C What prefetch does value 3 from the registry entry EnablePrefetcher tell the system to use? A Application prefetching is enabled. B Both application and boot prefetching are enabled. C Prefetching is disabled. D Boot prefetching is enabled. -CORRECT ANSWER B What tool enables you to retrieve information about event logs and publishers in Windows 10? A Wevtutil B EventViewer C Regedit D Msconfig -CORRECT ANSWER A Intruders attempting to gain remote access to a system try to find the other systems connected to the network and visible to the compromised system. A TrueWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution B False -CORRECT ANSWER A command is used to display the network configuration of the NICs on the system. A ipconfig all B ipconfig /all C ipconfig all D ipconfig //all -CORRECT ANSWER B Investigators can use Linux commands to gather necessary information from the system. Identify the following shell command that is used to display the kernel ring buffer or information about device drivers loaded into the kernel. A dmesg B pstree C Fsck D Stat -CORRECT ANSWER A What are the unique identification numbers assigned to Windows user accounts for granting user access to particular resources? A Windows access number B Microsoft security ID C user access numbers D security definitions -CORRECT ANSWER B In Windows Event Log File Internals, the following file is used to store the Databases related to the system: A D B A C S D S -CORRECT ANSWER C Thumbnails of images remain on computers even after files are deleted. A True B False -CORRECT ANSWER A What is NOT one of the three tiers a log management infrastructure typically comprises? A log rotation B log monitoringWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution C log analysis and storage D log generation -CORRECT ANSWER A Which is NOT a log management system function? A log conversion B log compression C log generation D log reduction -CORRECT ANSWER C What is NOT one of the three major concerns regarding log management? A log protection and availability B log viewing C log creation and storage D log analysis -CORRECT ANSWER B Which is a type of network-based attack? A social engineering B eavesdropping C spamming D phishing -CORRECT ANSWER B Which attack does NOT directly lead to unauthorized access? A man-in-the-middle B spoofing C sniffing D denial-of-service -CORRECT ANSWERD How can an attacker exploit a network? A through wired or wireless connections B through special cables C through wired connections only D through wireless connections only -CORRECT ANSWER A What is the primary reason for forensic investigators to examine logs? A to make notes of critical events because logs are not admissible as evidence B to gain an insight into events that occurred in the affected devices/network C to record their own access to the device D to begin collecting information for a crime in progress -CORRECT ANSWER BWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Which is true about the transport layer in the TCP/IP model? A It is located between the network access layer and the internet layer. B It includes protocols with HTTP, FTP, SMTP, and DNS. C It is the backbone for data flow between two devices in a network. D It is the lowest layer in the TCP/IP model. -CORRECT ANSWER C What is an ongoing process that returns results simultaneously so that the system or operators can respond to attacks immediately? A postmortem B past-time analysis C real-time analysis D premortem -CORRECT ANSWER C Which of the following is an internal network vulnerability? A enumeration B bottleneck C eavesdropping D spoofing -CORRECT ANSWER B Which attack is specific to wireless networks? A denial-of-service B man-in-the-middle attack C password-based attacks D jamming signal attack -CORRECT ANSWER D Where can congressional security standards and guidelines be found, along with an emphasis for federal agencies to develop, document, and implement organization-wide programs for information security? A FISMA B GLBA C HIPAA D PCI DSS -CORRECT ANSWER A What requires companies that offer financial products or services to protect customer information against security threats? A FISMA B PCI DSS C GLBA D HIPAA -CORRECT ANSWER CWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Which of the following includes security standards for health information? A PCI DSS B GLBA C FISMA D HIPAA -CORRECT ANSWER D What is a proprietary information security standard for organizations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards? A PCI DSS B GLBA C FISMA D SOX -CORRECT ANSWER A In what type of forensic examination do investigators perform an examination of logs to detect something that has already occurred in a network/device and determine what it is? A systems B postmortem C real-time D log file -CORRECT ANSWER B Which are the most common network attacks launched against wireless networks? A IP address spoofing B AP MAC spoofing C buffer overflow D router attacks -CORRECT ANSWERB In Event Correlation Approaches, which approach is used to monitor the computers' and computer users' behavior and provide an alert if something anomalous is found? A route correlation B role-based approach C Bayesian correlation D vulnerability-based approach -CORRECT ANSWER B The investigator uses which of the following commands to view the ARP table in Windows? A arp // B arp .aWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution C arp /all D arp -a -CORRECT ANSWER D Which is NOT an indication of a web attack? A web pages redirected to an unknown website B network performance being unusually slow C logs found to have no known anomalies D access denied to normally available web services -CORRECT ANSWER Which is a threat to web applications? A error handling B cookie poisoning C validated input D secure storage -CORRECT ANSWER B What layer of web application architecture includes all the web appliances, such as smartphones and PCs, where interaction with a web application deployed on a web server occurs? A business layer B client layer C web server layer D database layer -CORRECT ANSWER B What layer of web application architecture contains components that parse the request (HTTP Request Parser) coming in and forwards the response back? A client layer B business layer C database layer D web server layer -CORRECT ANSWERD What layer of web application architecture is responsible for the core functioning of the system and includes logic and applications, such as .NET, used by developers to build websites according to client requirements? A web server layer B database layer C business layer D client layer -CORRECT ANSWER C CWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution What layer of web application architecture is composed of cloud services that hold all commercial transactions and a server that supplies an organization's production data in a structured form? A web server layer B database layer C client layer D business layer -CORRECT ANSWER B Which web application threat occurs when the application fails to guard memory properly and allows writing beyond maximum size? A SQL injection B information leakage C buffer overflow D cookie poisoning -CORRECT ANSWERC Which web application threat refers to the modification of a website's remnant data for bypassing security measures or gaining unauthorized information? A SQL injection B buffer overflow C information leakage D cookie poisoning -CORRECT ANSWERD Which web application threat occurs when an attacker is allowed to gain access as a legitimate user to a web application or data such as account records, credit card numbers, passwords, or other authenticated information? A information leakage B cookie poisoning C buffer overflow D insecure storage -CORRECT ANSWERD Which web application threat refers to a drawback in a web application where it unintentionally reveals sensitive data to an unauthorized user? A buffer overflow B SQL injection C information leakage D cookie poisoning -CORRECT ANSWERC Which web application threat arises when a web application is unable to handle technical issues properly and the website returns information, such as database dumps, stack traces, and codes?WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A cookie poisoning B denial-of-service A improper error handling B cookie poisoning C SQL injection D buffer overflow -CORRECT ANSWERA Which web application threat refers to vulnerable management functions, including user updates, recovery of passwords, or resetting passwords? A cookie poisoning B broken account management C buffer overflow D SQL injection -CORRECT ANSWER B Which web application threat occurs when attackers exploit HTTP, gain access to unauthorized directories, and execute commands outside the web server's root directory? A cookie poisoning B buffer overflow C SQL injection D directory traversal -CORRECT ANSWER D Which web application threat occurs when attackers insert commands via input data and are able to tamper with the data? C buffer overflow D SQL injection -CORRECT ANSWER D Which web application threat occurs when attackers intend to manipulate the communication exchanged between the client and server to make changes in application data? A SQL injection B cookie poisoning C buffer overflow D parameter tampering -CORRECT ANSWER D Which web application threat is a method intended to terminate website or server operations by making resources unavailable to clients? A SQL injection B denial-of-serviceWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution C buffer overflow D cookie poisoning -CORRECT ANSWERB Which web application threat occurs when attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, or query strings? A SQL injection B cookie poisoning C buffer overflow D unvalidated input -CORRECT ANSWER D Which web application threat occurs when attackers bypass the client's ID security mechanisms, gain access privileges, and inject malicious scripts into specific fields in web pages? A buffer overflow B SQL injection C cookie poisoning D cross-site scripting -CORRECT ANSWER D Which web application threat occurs when attackers insert malicious code, commands, or scripts into the input gates of web applications, enabling the applications to interpret and run the newly supplied malicious input? A buffer overflow B cookie poisoning C injection flaws D SQL injection -CORRECT ANSWER C Which web application threat occurs when an authenticated user is forced to perform certain tasks on the web application chosen by an attacker? A cross-site request forgery B cookie poisoning C SQL injection D buffer overflow -CORRECT ANSWERA Which web application threat occurs when attackers identify a flaw, bypass authentication, and compromise the network? A broken access control B cookie poisoning C SQL injection D buffer overflow -CORRECT ANSWERAWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Which supports HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP? A Windows Server B Internet Information Server (IIS) C web server D logs -CORRECT ANSWER B On Windows Server 2012, by default, the IIS log files are stored at which of the following locations? A %SystemDrive%inetpubLogFiles B %SystemDrive%PerfLogsLogFiles C %SystemDrive%PerfLogsLogsLogFiles D %SystemDrive%inetpubLogsLogFiles -CORRECT ANSWER D Which of the following is a web analytics solution for small and medium size websites? A event appreciation, event formulation, event including, root cause analysis B deep log analyzer C forensic analyzer D root cause analyzer -CORRECT ANSWER B Which command is used to find if TCP and UDP ports have unusual listening? A netstat -s B netstat -n C netstat -na D netstat -ns -CORRECT ANSWER C Which of the three different files storing data and logs in SQL servers holds the entire log information associated with the database? A LDF B NDF C MDF D PDF -CORRECT ANSWER A Which of the three different files storing data and logs in SQL servers is optional? A LDF B MDF C PDF D NDF -CORRECT ANSWER DWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution What file format is used by Windows Vista and later versions to store event logs as simple text files in XML format? A .txt B EVTX C TXTX D .log -CORRECT ANSWER B What type of forensics takes action when a security incident has occurred and both detection and analysis of the malicious activities performed by criminals over the SQL database file are required? A data forensics B MSSQL forensics C primary data file D data file forensics -CORRECT ANSWER B For Forensic Analysis, which of the following MySQL Utility Programs is used to export metadata, data, or both from one or more databases? A mysqldbmeta B mysqldatabase C mysqldbdata D mysqldbexport -CORRECT ANSWERD Which command line utility is used to take a backup of the database? A mysqlbackup B mysqldump C mysqldbdump D mysqldatabase -CORRECT ANSWER B Which of the three different files storing data and logs in SQL servers is the starting point of a database and points to other files in the database? A LDF B NDF C PDF D MDF -CORRECT ANSWER D What cloud service offers a platform for developing applications and services? A PaaS B SaaS C IaaSWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution D AaaS -CORRECT ANSWER A What cloud service enables subscribers to use fundamental IT resources— such as computing power, virtualization, data storage, network, etc.—on demand? A IaaS B PaaS C SaaS D AaaS -CORRECT ANSWER A What cloud service offers application software to subscribers on demand or over the internet and is charged for by the provider on a pay-per-use basis, by subscription, by advertising, or by sharing among multiple users? A PaaS B AaaS C IaaS D SaaS -CORRECT ANSWER D Which of the following is also known as an internal or corporate cloud and is a cloud infrastructure that a single organization operates? A private cloud B public cloud C community cloud D hybrid cloud -CORRECT ANSWER A What is a cloud environment composed of two or more clouds that remain unique entities but are bound together to offer the benefits of multiple deployment models? A hybrid cloud B community cloud C private cloud D public cloud -CORRECT ANSWER A Which cloud environment is a multi-tenant infrastructure shared among organizations with common computing concerns, such as security, regulatory compliance, performance requirements, and jurisdiction? A private cloud B community cloud C hybrid cloud D public cloud -CORRECT ANSWER BWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution Which cloud environment allows the provider to make services—such as applications, servers, and data storage—available to the public over the internet? A hybrid cloud B public cloud C community cloud D private cloud -CORRECT ANSWER B Which of the following stakeholders includes professionals—such as cloud security architects, network administrators, security administrators, and ethical hackers— responsible for managing and maintaining all aspects of the cloud? A investigators B law advisors C incident handlers D IT professionals -CORRECT ANSWER D Which of the following stakeholders is responsible for conducting forensic examinations against allegations made regarding wrongdoings, found vulnerabilities, and attacks over the cloud? A IT professionals B law advisors C investigators D incident handlers -CORRECT ANSWER C Which of the following stakeholders are the first responders for all the security events or occurrences taking place on a cloud? A law advisors B incident handlers C IT professionals D investigators -CORRECT ANSWER B Which of the following stakeholders are responsible to make sure all the forensic activities are within the jurisdiction and not violating any regulations or agreements? A IT professionals B law advisors C incident handlers D investigators -CORRECT ANSWER B What type of cloud testing should organizations perform regularly to monitor their security posture?WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A pen testing B installations C cloning D deployment -CORRECT ANSWER A A full service B self-service C catering D a la carte -CORRECT ANSWER B Identify the following Cloud computing services that enable subscribers to use fundamental IT resources such as computing power, virtualization, data storage, network, and so on—on demand. A Software-as-a-Service (SaaS) B Platform-as-a-Service (PaaS) C Infrastructure-as-a-Service (IaaS) -CORRECT ANSWER C On Windows 10 OS, by default, the Google Drive Client is installed at which of the following locations? A C:GoogleDrive B C:Program Files (x86)GoogleDrive C C:ProgramDataGoogleDrive D C:Program FilesDrive -CORRECT ANSWER B Which of the following is a disadvantage of a private cloud? A expense B security is not guaranteed C lack of control D difficulty achieving data compliance -CORRECT ANSWER A What is a common technique used to distribute malware on the web by injecting malware into legitimate looking websites to trick users into selecting them? A click-jacking B drive-by downloads C malvertising D Blackhat SEO -CORRECT ANSWER AWGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution What is a common technique used to distribute malware on the web with tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to get higher search-engine ranking for malware pages? A malvertising B click-jacking C Blackhat SEO D drive-by downloads -CORRECT ANSWER C What is a common technique used to distribute malware on the web by mimicking legitimate institutions in an attempt to steal passwords, credit cards, and bank account data? A malvertising B drive-by downloads C Blackhat SEO D spear phishing sites -CORRECT ANSWER D What is a common technique used to distribute malware on the web by embedding malware-laden advertisements in authentic online advertising channels to spread onto systems of unsuspecting users? A drive-by downloads B Blackhat SEO C compromised websites D malvertising -CORRECT ANSWER D What is a common technique used to distribute malware on the web when an attacker exploits flaws in browser software to install malware just by merely visiting a website? A Blackhat SEO B malvertising C drive-by downloads D click-jacking -CORRECT ANSWER C When a reputable website is infected with malware that secretly installs itself on a visitor's system and thereafter carries out malicious activities, it is an example of which common technique used by hackers to distribute malware? A compromised legitimate websites B social engineering C malvertising D spear phishing sites -CORRECT ANSWER A Why is it safe to conduct static analysis?WGU Master's Course C702 - Forensics and Network Intrusion With Complete Solution A The proces