E x c e l l e n c e i s k e y | 2 0 2 0 2 5 ~ P a g e |1
WGU Course C840 - Digital Forensics in
Cybersecurity Questions & 100% correct
Answers- Latest Test | Graded A+ | Passed
The chief information officer of an accounting firm believes sensitive data is being exposed on the
local network. Which tool should the IT staff use to gather digital evidence about this security
vulnerability?
A Sniffer
B Disk analyzer
C Tracer
D Virus scanner
֎ -:- A
A police detective investigating a threat traces the source to a house. The couple at the house
shows the detective the only computer the family owns, which is in their son's bedroom. The couple
states that their son is presently in class at a local middle school.
How should the detective legally gain access to the computer?
A Obtain a search warrant from the police
B Seize the computer under the USA Patriot Act
C Obtain consent to search from the parents
D Seize the computer under the Computer Security Act
֎ -:- C
How should a forensic scientist obtain the network configuration from a Windows PC before seizing
it from a crime scene?
A By using the ipconfig command from a command prompt on the computer
B By using the tracert command from a command prompt on the computer
26/08/2024 | © Copyright- This work may not be copied for profit.
, E x c e l l e n c e i s k e y | 2 0 2 0 2 5 ~ P a g e |2
C By logging into the router to which the PC is connected
D By installing a network packet sniffer on the computer
֎ -:- A
The human resources manager of a small accounting firm believes he may have been a victim of a
phishing scam. The manager clicked on a link in an email message that asked him to verify the
logon credentials for the firm's online bank account.
Which digital evidence should a forensic investigator collect to investigate this incident?
A System log
B Security log
C Disk cache
D Browser cache
֎ -:- D
After a company's single-purpose, dedicated messaging server is hacked by a cybercriminal, a
forensics expert is hired to investigate the crime and collect evidence.
Which digital evidence should be collected?
A Web server logs
B Firewall logs
C Phishing emails
D Spam messages
֎ -:- B
Thomas received an email stating that he needed to follow a link and verify his bank account
information to ensure it was secure. Shortly after following the instructions, Thomas noticed money
was missing from his account.
26/08/2024 | © Copyright- This work may not be copied for profit.
, E x c e l l e n c e i s k e y | 2 0 2 0 2 5 ~ P a g e |3
Which digital evidence should be considered to determine how Thomas' account information was
compromised?
A Social media accounts
B Router logs
C Flash drive contents
D Email messages
֎ -:- D
The chief executive officer (CEO) of a small computer company has identified a potential hacking
attack from an outside competitor.
Which type of evidence should a forensics investigator use to identify the source of the hack?
A Disk drive backups
B Network transaction logs
C Browser history
D Email headers
֎ -:- B
A forensic scientist arrives at a crime scene to begin collecting evidence.
What is the first thing the forensic scientist should do?
A Turn off the power to the entire area being examined
B Unplug all network connections so data cannot be deleted remotely
C Gather up all physical evidence and move it out as quickly as possible
D Photograph all evidence in its original place
֎ -:- D
Which method of copying digital evidence ensures proper evidence collection?
26/08/2024 | © Copyright- This work may not be copied for profit.
, E x c e l l e n c e i s k e y | 2 0 2 0 2 5 ~ P a g e |4
A Make the copy using file transfer
B Copy files using drag and drop
C Make the copy at the bit-level
D Copy the logical partitions
֎ -:- C
A computer involved in a crime is infected with malware. The computer is on and connected to the
company's network. The forensic investigator arrives at the scene.
Which action should be the investigator's first step?
A Remove the malware and secure the computer.
B Unplug the computer's power cord.
C Unplug the computer's Ethernet cable.
D Label all the attachments and secure the computer.
֎ -:- C
What are the three basic tasks that a systems forensic specialist must keep in mind when handling
evidence during a cybercrime investigation?
Answer options may be used more than once or not at all. Select your answers from the pull-down
list.
1 Preserve evidence
2 Catalog evidence
3 Prepare evidence
4 Make multiple copies of evidence
5 Disseminate evidence
6 Prepare evidence report
7 Find evidence
26/08/2024 | © Copyright- This work may not be copied for profit.
WGU Course C840 - Digital Forensics in
Cybersecurity Questions & 100% correct
Answers- Latest Test | Graded A+ | Passed
The chief information officer of an accounting firm believes sensitive data is being exposed on the
local network. Which tool should the IT staff use to gather digital evidence about this security
vulnerability?
A Sniffer
B Disk analyzer
C Tracer
D Virus scanner
֎ -:- A
A police detective investigating a threat traces the source to a house. The couple at the house
shows the detective the only computer the family owns, which is in their son's bedroom. The couple
states that their son is presently in class at a local middle school.
How should the detective legally gain access to the computer?
A Obtain a search warrant from the police
B Seize the computer under the USA Patriot Act
C Obtain consent to search from the parents
D Seize the computer under the Computer Security Act
֎ -:- C
How should a forensic scientist obtain the network configuration from a Windows PC before seizing
it from a crime scene?
A By using the ipconfig command from a command prompt on the computer
B By using the tracert command from a command prompt on the computer
26/08/2024 | © Copyright- This work may not be copied for profit.
, E x c e l l e n c e i s k e y | 2 0 2 0 2 5 ~ P a g e |2
C By logging into the router to which the PC is connected
D By installing a network packet sniffer on the computer
֎ -:- A
The human resources manager of a small accounting firm believes he may have been a victim of a
phishing scam. The manager clicked on a link in an email message that asked him to verify the
logon credentials for the firm's online bank account.
Which digital evidence should a forensic investigator collect to investigate this incident?
A System log
B Security log
C Disk cache
D Browser cache
֎ -:- D
After a company's single-purpose, dedicated messaging server is hacked by a cybercriminal, a
forensics expert is hired to investigate the crime and collect evidence.
Which digital evidence should be collected?
A Web server logs
B Firewall logs
C Phishing emails
D Spam messages
֎ -:- B
Thomas received an email stating that he needed to follow a link and verify his bank account
information to ensure it was secure. Shortly after following the instructions, Thomas noticed money
was missing from his account.
26/08/2024 | © Copyright- This work may not be copied for profit.
, E x c e l l e n c e i s k e y | 2 0 2 0 2 5 ~ P a g e |3
Which digital evidence should be considered to determine how Thomas' account information was
compromised?
A Social media accounts
B Router logs
C Flash drive contents
D Email messages
֎ -:- D
The chief executive officer (CEO) of a small computer company has identified a potential hacking
attack from an outside competitor.
Which type of evidence should a forensics investigator use to identify the source of the hack?
A Disk drive backups
B Network transaction logs
C Browser history
D Email headers
֎ -:- B
A forensic scientist arrives at a crime scene to begin collecting evidence.
What is the first thing the forensic scientist should do?
A Turn off the power to the entire area being examined
B Unplug all network connections so data cannot be deleted remotely
C Gather up all physical evidence and move it out as quickly as possible
D Photograph all evidence in its original place
֎ -:- D
Which method of copying digital evidence ensures proper evidence collection?
26/08/2024 | © Copyright- This work may not be copied for profit.
, E x c e l l e n c e i s k e y | 2 0 2 0 2 5 ~ P a g e |4
A Make the copy using file transfer
B Copy files using drag and drop
C Make the copy at the bit-level
D Copy the logical partitions
֎ -:- C
A computer involved in a crime is infected with malware. The computer is on and connected to the
company's network. The forensic investigator arrives at the scene.
Which action should be the investigator's first step?
A Remove the malware and secure the computer.
B Unplug the computer's power cord.
C Unplug the computer's Ethernet cable.
D Label all the attachments and secure the computer.
֎ -:- C
What are the three basic tasks that a systems forensic specialist must keep in mind when handling
evidence during a cybercrime investigation?
Answer options may be used more than once or not at all. Select your answers from the pull-down
list.
1 Preserve evidence
2 Catalog evidence
3 Prepare evidence
4 Make multiple copies of evidence
5 Disseminate evidence
6 Prepare evidence report
7 Find evidence
26/08/2024 | © Copyright- This work may not be copied for profit.
