WGU - D431 DIGITAL FORENSICS
IN CYBERSECURITY EXAM
QUESTIONS WITH CORRECT
DETAILED ANSWERS || ALREADY
GRADED A+ < LATEST VERSION >
1. Which law requires both parties to consent to the recording of a
conversation?
A. Electronic Communications Privacy (ECPA)
B. Communications Assistance to Law Enforcement Act
(CALEA)
C. USA Patriot Act
D. Health Insurance Portability and Accountability Act (HIPPA)
- ANSWER 🗸 A. Electronic Communication Privacy
(ECPA)
2. Which law is related to the disclosure of personally identifiable
protected health information (PHI)?
A. Federal Privacy Act of 1974
B. Electronic Communication Privacy Act
C. Health Insurance Portability and Accountability Act
(HIPAA)
D. CAN-SPAM Act - ANSWER 🗸 C. Health Insurance
Portability and Accountability Act (HIPAA)
,3. A forensic scientist arrives at a crime scene to begin collecting
evidence. What is the first thing the forensic scientist should do?
A. Photograph all evidence in its original place
B. Unplug all network connections so data cannot be deleted
remotely
C. Turn off the power to the entire area being examited
D. Gather up all physical evidence and move it out as quickly as
possible - ANSWER 🗸 A. Photograph all evidence in its
original place.
4. Which method of copying digital evidence ensures proper evidence
collection?
A. Make the copy at the bit level
B. Copy files using drag and drop
C. Make the copy using file transfer
D. Copy the logical partitions - ANSWER 🗸 A. Make the copy
at the bit level.
5. A computer involved in a crime is infected with malware. The
computer is on and connected to the company's network. The
forensic investigator arrives at the scene. Which action should be
the investigator's first step?
A. Unplug the computer's Ethernet Cable
B. Unplug the computer's power cord
C. Remove the malware and secure the computer
D. Label all the attachments and secure the computer -
ANSWER 🗸 A. Unplug the computer's Ethernet Cable.
6. What are the three basic tasks that a system forensic specialist
must keep in mind when handling evidence during a cybercrime
investigation? Answer options may be used more than once or not
all Select your answers from the pull-down list.
A. Find evidence
B. Catalog evidence
, C. Disseminate evidence
D. Preserve evidence
E. Prepare evidence
F. Prepare evidence report
G. Make multiple copies of evidence - ANSWER 🗸 A. Find
Evidence
D. Preserve Evidence
E. Prepare Evidence
7. How do forensic specialists show that digital evidence was handled
in a protected, secure manner during the process of collecting and
analyzing the evidence?
A. Forensic lab logbooks
B. Chain of custody
C. Forensic Software logs
D. Chain of email messages - ANSWER 🗸 B. Chain of custody
8. Which characteristic applies to magnetic drives compared to solid-
state drives (ssds)?
A. Lower cost
B. Lower capacity
C. Lower Power consumption
D. Better durability - ANSWER 🗸 A. Lower cost
9. Which characteristic applies to solid-state drives (ssds) compared
to magnetic drives?
A. They are less susceptible to damage
B. They cost less
C. They have slower start-up times
D. They use more power - ANSWER 🗸 A. They are less
susceptible to damage
10. Which type of storage format should be transported in a
special bag to reduce electrostatic interference?
, A. Solid-state drives
B. Optical Media
C. Digitial Audio Tapes
D. Magnetic Media - ANSWER 🗸 D. Magnetic media
11. Which Windows component is responsible for reading the
boot ini file and displaying the boot loader menu on Windows XP
during the boot process?
A. NTLDR
B. NTOSKRNL
C. Windows Registry
D. Win32 subsystem - ANSWER 🗸 A. NTLDR
12. The following line of code is a example of how to make a
forensic copy of the suspect drive: - ANSWER 🗸 D. Linux
13. Which file system is supported by Mac?
A. Berkeley Fast File System (FFS)
B. Extended File System (Ext)
C. Reiser File System (reiserfs)
D. Hierarchical File System Plus (HFS+) - ANSWER 🗸 D.
Hierarchical File System Plus (HFS+)
14. Where are local passwords stored for the Windows operating
System?
A. SAM file in \Windows\System32\
B. SAM file in \Windows\Security\
C. In the registry key HKEY_LOCAL_MACHINE\SYSTEM
D. In the registry key HKEY_LOCAL_MACHINE\SECURITY
- ANSWER 🗸 A. SAM file in \Windows\System32
15. Where on the Windows system is the config folder located
that contains the SAM file?
A. C:\Windows\System32
IN CYBERSECURITY EXAM
QUESTIONS WITH CORRECT
DETAILED ANSWERS || ALREADY
GRADED A+ < LATEST VERSION >
1. Which law requires both parties to consent to the recording of a
conversation?
A. Electronic Communications Privacy (ECPA)
B. Communications Assistance to Law Enforcement Act
(CALEA)
C. USA Patriot Act
D. Health Insurance Portability and Accountability Act (HIPPA)
- ANSWER 🗸 A. Electronic Communication Privacy
(ECPA)
2. Which law is related to the disclosure of personally identifiable
protected health information (PHI)?
A. Federal Privacy Act of 1974
B. Electronic Communication Privacy Act
C. Health Insurance Portability and Accountability Act
(HIPAA)
D. CAN-SPAM Act - ANSWER 🗸 C. Health Insurance
Portability and Accountability Act (HIPAA)
,3. A forensic scientist arrives at a crime scene to begin collecting
evidence. What is the first thing the forensic scientist should do?
A. Photograph all evidence in its original place
B. Unplug all network connections so data cannot be deleted
remotely
C. Turn off the power to the entire area being examited
D. Gather up all physical evidence and move it out as quickly as
possible - ANSWER 🗸 A. Photograph all evidence in its
original place.
4. Which method of copying digital evidence ensures proper evidence
collection?
A. Make the copy at the bit level
B. Copy files using drag and drop
C. Make the copy using file transfer
D. Copy the logical partitions - ANSWER 🗸 A. Make the copy
at the bit level.
5. A computer involved in a crime is infected with malware. The
computer is on and connected to the company's network. The
forensic investigator arrives at the scene. Which action should be
the investigator's first step?
A. Unplug the computer's Ethernet Cable
B. Unplug the computer's power cord
C. Remove the malware and secure the computer
D. Label all the attachments and secure the computer -
ANSWER 🗸 A. Unplug the computer's Ethernet Cable.
6. What are the three basic tasks that a system forensic specialist
must keep in mind when handling evidence during a cybercrime
investigation? Answer options may be used more than once or not
all Select your answers from the pull-down list.
A. Find evidence
B. Catalog evidence
, C. Disseminate evidence
D. Preserve evidence
E. Prepare evidence
F. Prepare evidence report
G. Make multiple copies of evidence - ANSWER 🗸 A. Find
Evidence
D. Preserve Evidence
E. Prepare Evidence
7. How do forensic specialists show that digital evidence was handled
in a protected, secure manner during the process of collecting and
analyzing the evidence?
A. Forensic lab logbooks
B. Chain of custody
C. Forensic Software logs
D. Chain of email messages - ANSWER 🗸 B. Chain of custody
8. Which characteristic applies to magnetic drives compared to solid-
state drives (ssds)?
A. Lower cost
B. Lower capacity
C. Lower Power consumption
D. Better durability - ANSWER 🗸 A. Lower cost
9. Which characteristic applies to solid-state drives (ssds) compared
to magnetic drives?
A. They are less susceptible to damage
B. They cost less
C. They have slower start-up times
D. They use more power - ANSWER 🗸 A. They are less
susceptible to damage
10. Which type of storage format should be transported in a
special bag to reduce electrostatic interference?
, A. Solid-state drives
B. Optical Media
C. Digitial Audio Tapes
D. Magnetic Media - ANSWER 🗸 D. Magnetic media
11. Which Windows component is responsible for reading the
boot ini file and displaying the boot loader menu on Windows XP
during the boot process?
A. NTLDR
B. NTOSKRNL
C. Windows Registry
D. Win32 subsystem - ANSWER 🗸 A. NTLDR
12. The following line of code is a example of how to make a
forensic copy of the suspect drive: - ANSWER 🗸 D. Linux
13. Which file system is supported by Mac?
A. Berkeley Fast File System (FFS)
B. Extended File System (Ext)
C. Reiser File System (reiserfs)
D. Hierarchical File System Plus (HFS+) - ANSWER 🗸 D.
Hierarchical File System Plus (HFS+)
14. Where are local passwords stored for the Windows operating
System?
A. SAM file in \Windows\System32\
B. SAM file in \Windows\Security\
C. In the registry key HKEY_LOCAL_MACHINE\SYSTEM
D. In the registry key HKEY_LOCAL_MACHINE\SECURITY
- ANSWER 🗸 A. SAM file in \Windows\System32
15. Where on the Windows system is the config folder located
that contains the SAM file?
A. C:\Windows\System32
