WGU D431 DIGITAL FORENSICS IN
CYBERSECURITY TASK 2 ACTUAL EXAM
SCRIPT 2026 FULL QUESTIONS AND
CORRECT ANSWERS
⫸ Which law is related to the disclosure of personally identifiable
protected health information (PHI)? Answer: HIPAA
⫸ Which U.S. law criminalizes the act of knowingly using a misleading
domain name with the intent to deceive a minor into viewing harmful
material? Answer: 18 USC 2252B
⫸ Which U.S. law protects journalists from turning over their work or
sources to law enforcement before the information is shared with the
public? Answer: The Privacy Protection Act (PPA)
⫸ Which law or guideline lists the four states a mobile device can be in
when data is extracted from it. Answer: NIST SP 800-72 Guidelines
⫸ Which law includes a provision permitting the wiretapping of VoIP
calls? Answer: Communications Assistance to Law Enforcement Act
(CALEA)
⫸ Which policy is included in the CAN-SPAM Act? Answer: The email
sender must provide some mechanism whereby the receiver can opt out
of future emails and that method cannot require the receiver to pay in
order to opt out.
,⫸ Which United States law requires telecommunications equipment
manufacturers to provide built-in surveillance capabilities for federal
agencies? Answer: Communication Assistance to Law Enforcement Act
(CALEA)
⫸ Which law requires a search warrant or one of the recognized
exceptions to the search warrant requirements for searching email
messages on a computer? Answer: The Fourth Amendment to the U.S.
Constitution
⫸ The chief information officer of an accounting firm believes sensitive
data is being exposed on the local network. Which tool should the IT
staff use to gather digital evidence about this security vulnerability?
Answer: Sniffer
⫸ A police detective investigating a threat traces the source to a house.
The couple at the house shows the detective the only computer the
family owns, which is in their son's bedroom. The couple states that their
son is presently in class at a local middle school. How should the
detective legally gain access to the computer? Answer: Obtain consent
to search from the parents.
⫸ How should a forensic scientist obtain the network configuration
from a Windows PC before seizing it from a crime scene? Answer: By
using the ipconfig command from a command prompt on the computer.
, ⫸ The human resources manager of a small accounting firm believes he
may have been a victim of a phishing scam. The manager clicked on a
link in an email message that asked him to verify the logon credentials
for the firm's online bank account. Which digital evidence should a
forensic investigator collect to investigate this incident? Answer:
Browser cache.
⫸ After a company's single-purpose, dedicated messaging server is
hacked by a cybercriminal, a forensics expert is hired to investigate the
crime and collect evidence. Which digital evidence should be collected?
Answer: Firewall logs.
⫸ Thomas received an email stating that he needed to follow a link and
verify his bank account information to ensure it was secure. Shortly after
following the instructions, Thomas noticed money was missing from his
account. Which digital evidence should be considered to determine how
Thomas' account information was compromised? Answer: Email
messages.
⫸ The chief executive officer (CEO) of a small computer company has
identified a potential hacking attack from an outside competitor. Which
type of evidence should a forensics investigator use to identify the
source of the hack? Answer: Network transaction logs.
⫸ A forensic scientist arrives at a crime scene to begin collecting
evidence. What is the first thing the forensic scientist should do?
Answer: Photograph all evidence in its original place.
CYBERSECURITY TASK 2 ACTUAL EXAM
SCRIPT 2026 FULL QUESTIONS AND
CORRECT ANSWERS
⫸ Which law is related to the disclosure of personally identifiable
protected health information (PHI)? Answer: HIPAA
⫸ Which U.S. law criminalizes the act of knowingly using a misleading
domain name with the intent to deceive a minor into viewing harmful
material? Answer: 18 USC 2252B
⫸ Which U.S. law protects journalists from turning over their work or
sources to law enforcement before the information is shared with the
public? Answer: The Privacy Protection Act (PPA)
⫸ Which law or guideline lists the four states a mobile device can be in
when data is extracted from it. Answer: NIST SP 800-72 Guidelines
⫸ Which law includes a provision permitting the wiretapping of VoIP
calls? Answer: Communications Assistance to Law Enforcement Act
(CALEA)
⫸ Which policy is included in the CAN-SPAM Act? Answer: The email
sender must provide some mechanism whereby the receiver can opt out
of future emails and that method cannot require the receiver to pay in
order to opt out.
,⫸ Which United States law requires telecommunications equipment
manufacturers to provide built-in surveillance capabilities for federal
agencies? Answer: Communication Assistance to Law Enforcement Act
(CALEA)
⫸ Which law requires a search warrant or one of the recognized
exceptions to the search warrant requirements for searching email
messages on a computer? Answer: The Fourth Amendment to the U.S.
Constitution
⫸ The chief information officer of an accounting firm believes sensitive
data is being exposed on the local network. Which tool should the IT
staff use to gather digital evidence about this security vulnerability?
Answer: Sniffer
⫸ A police detective investigating a threat traces the source to a house.
The couple at the house shows the detective the only computer the
family owns, which is in their son's bedroom. The couple states that their
son is presently in class at a local middle school. How should the
detective legally gain access to the computer? Answer: Obtain consent
to search from the parents.
⫸ How should a forensic scientist obtain the network configuration
from a Windows PC before seizing it from a crime scene? Answer: By
using the ipconfig command from a command prompt on the computer.
, ⫸ The human resources manager of a small accounting firm believes he
may have been a victim of a phishing scam. The manager clicked on a
link in an email message that asked him to verify the logon credentials
for the firm's online bank account. Which digital evidence should a
forensic investigator collect to investigate this incident? Answer:
Browser cache.
⫸ After a company's single-purpose, dedicated messaging server is
hacked by a cybercriminal, a forensics expert is hired to investigate the
crime and collect evidence. Which digital evidence should be collected?
Answer: Firewall logs.
⫸ Thomas received an email stating that he needed to follow a link and
verify his bank account information to ensure it was secure. Shortly after
following the instructions, Thomas noticed money was missing from his
account. Which digital evidence should be considered to determine how
Thomas' account information was compromised? Answer: Email
messages.
⫸ The chief executive officer (CEO) of a small computer company has
identified a potential hacking attack from an outside competitor. Which
type of evidence should a forensics investigator use to identify the
source of the hack? Answer: Network transaction logs.
⫸ A forensic scientist arrives at a crime scene to begin collecting
evidence. What is the first thing the forensic scientist should do?
Answer: Photograph all evidence in its original place.
