WGU C702 – Forensics and Network Intrusion – Full Exam Preparation Q&A
with Correct Answers 2025.
Comprehensive study resource for the WGU Master’s-level course C702:
Forensics and Network Intrusion. It features a comprehensive bank of
multiple-choice questions with verified correct answers, covering key topics
such as forensic methodologies, digital evidence handling, cybercrime laws,
system architecture, file systems, network intrusion detection, anti-forensics,
malware distribution, and cloud forensics. Perfectly aligned with WGU
assessments, this file is ideal for in-depth exam preparation and review.
Current Updated Guide 2025/2026
A software company suspects that employees have set up automatic corporate email
forwarding to their personal inboxes against company policy. The company hires forensic
investigators to identify the employees violating policy, with the intention of issuing
warnings to them.
Which type of cybercrime investigation approach is this company taking?
A Civil
B Criminal
C Administrative
D Punitive - ansC
Which model or legislation applies a holistic approach toward any criminal activity as a
criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting - ansA
What does a forensic investigator need to obtain before seizing a computing device in a
criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission - ansA
Which activity should be used to check whether an application has ever been installed on a
computer?
A Penetration test
B Risk analysis
C Log review
D Security review - ansC
Which characteristic describes an organization's forensic readiness in the context of
cybercrimes?
A It includes moral considerations.
B It includes cost considerations.
C It excludes nontechnical actions.
D It excludes technical actions. - ansB
,WGU C702 – Forensics and Network Intrusion – Full Exam Preparation Q&A
with Correct Answers 2025.
Comprehensive study resource for the WGU Master’s-level course C702:
Forensics and Network Intrusion. It features a comprehensive bank of
multiple-choice questions with verified correct answers, covering key topics
such as forensic methodologies, digital evidence handling, cybercrime laws,
system architecture, file systems, network intrusion detection, anti-forensics,
malware distribution, and cloud forensics. Perfectly aligned with WGU
assessments, this file is ideal for in-depth exam preparation and review.
Current Updated Guide 2025/2026
A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick containing
emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in evidence?
A Those who obtain access to the device
B Anyone who has ever used the device
C Recipients of emails on the device
D Authors of emails on the device - ansA
Which type of attack is a denial-of-service technique that sends a large amount of data to
overwhelm system resources?
A Phishing
B Spamming
C Mail bombing
D Bluejacking - ansC
Which computer crime forensics step requires an investigator to duplicate and image the
collected digital information?
A Securing evidence
B Acquiring data
C Analyzing data
D Assessing evidence - ansB
What is the last step of a criminal investigation that requires the involvement of a computer
forensic investigator?
A Analyzing the data collected
B Testifying in court
C Assessing the evidence
D Performing search and seizure - ansB
How can a forensic investigator verify an Android mobile device is on, without potentially
changing the original evidence or interacting with the operating system?
A Check to see if it is plugged into a computer
B Tap the screen multiple times
C Look for flashing lights
D Hold down the power button - ansC
What should a forensic investigator use to protect a mobile device if a Faraday bag is not
available?
,WGU C702 – Forensics and Network Intrusion – Full Exam Preparation Q&A
with Correct Answers 2025.
Comprehensive study resource for the WGU Master’s-level course C702:
Forensics and Network Intrusion. It features a comprehensive bank of
multiple-choice questions with verified correct answers, covering key topics
such as forensic methodologies, digital evidence handling, cybercrime laws,
system architecture, file systems, network intrusion detection, anti-forensics,
malware distribution, and cloud forensics. Perfectly aligned with WGU
assessments, this file is ideal for in-depth exam preparation and review.
Current Updated Guide 2025/2026
A Aluminum foil
B Sturdy container
C Cardboard box
D Bubble wrap - ansA
Which criterion determines whether a technology used by government to obtain information
in a computer search is considered innovative and requires a search warrant?
A Availability to the general public
B Dependency on third-party software
C Implementation based on open source software
D Use of cloud-based machine learning - ansA
Which situation allows a law enforcement officer to seize a hard drive from a residence
without obtaining a search warrant?
A The computer is left unattended.
B The front door is wide open.
C The occupant is acting suspicious.
D The evidence is in imminent danger. - ansD
Which legal document contains a summary of findings and is used to prosecute?
A Investigation report
B Search warrant
C Search and seizure
D Chain of custody - ansA
What should an investigator use to prevent any signals from reaching a mobile phone?
A Faraday bag
B Dry bag
C Anti-static container
D Lock box - ansA
A forensic investigator is called to the stand as a technical witness in an internet payment
fraud case.
Which behavior is considered ethical by this investigator while testifying?
A Providing and explaining facts found during the investigation
B Interpreting the findings and offering a clear opinion to the jury
C Helping the jury arrive at a conclusion based on the facts
D Assisting the attorney in compiling a list of essential questions - ansA
A government agent is testifying in a case involving malware on a system.
, WGU C702 – Forensics and Network Intrusion – Full Exam Preparation Q&A
with Correct Answers 2025.
Comprehensive study resource for the WGU Master’s-level course C702:
Forensics and Network Intrusion. It features a comprehensive bank of
multiple-choice questions with verified correct answers, covering key topics
such as forensic methodologies, digital evidence handling, cybercrime laws,
system architecture, file systems, network intrusion detection, anti-forensics,
malware distribution, and cloud forensics. Perfectly aligned with WGU
assessments, this file is ideal for in-depth exam preparation and review.
Current Updated Guide 2025/2026
What should this agent have complied with during search and seizure?
A Fourth Amendment
B Stored Communications Act
C Net Neutrality Bill
D Federal Rules of Evidence - ansA
Which path should a forensic investigator use to look for system logs in a Mac?
A /var/log/cups/access_log
B /var/log/
C /var/audit/
D /var/log/install.log - ansB
Which tool should a forensic investigator use to view information from Linux kernel ring
buffers?
A arp
B dmesg
C fsck
D grep - ansB
A forensic investigator makes a bit-stream copy of a Windows hard drive that has been
reformatted. The investigator needs to locate only the Adobe PDF files on the hard drive.
Which tool should this investigator use?
A Quick Recovery
B Handy Recovery
C EaseUS Data Recovery
D Stellar Data Recovery - ansC
Which hexadecimal value should an investigator search for to find JPEG images on a device?
A 0x424D
B 0xD0CF11E0A1B11AE1
C 0x504B030414000600
D 0xFFD8 - ansD
Which type of steganography allows the user to physically move a file but keep the
associated files in their original location for recovery?
A Whitespace
B Folder
with Correct Answers 2025.
Comprehensive study resource for the WGU Master’s-level course C702:
Forensics and Network Intrusion. It features a comprehensive bank of
multiple-choice questions with verified correct answers, covering key topics
such as forensic methodologies, digital evidence handling, cybercrime laws,
system architecture, file systems, network intrusion detection, anti-forensics,
malware distribution, and cloud forensics. Perfectly aligned with WGU
assessments, this file is ideal for in-depth exam preparation and review.
Current Updated Guide 2025/2026
A software company suspects that employees have set up automatic corporate email
forwarding to their personal inboxes against company policy. The company hires forensic
investigators to identify the employees violating policy, with the intention of issuing
warnings to them.
Which type of cybercrime investigation approach is this company taking?
A Civil
B Criminal
C Administrative
D Punitive - ansC
Which model or legislation applies a holistic approach toward any criminal activity as a
criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting - ansA
What does a forensic investigator need to obtain before seizing a computing device in a
criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission - ansA
Which activity should be used to check whether an application has ever been installed on a
computer?
A Penetration test
B Risk analysis
C Log review
D Security review - ansC
Which characteristic describes an organization's forensic readiness in the context of
cybercrimes?
A It includes moral considerations.
B It includes cost considerations.
C It excludes nontechnical actions.
D It excludes technical actions. - ansB
,WGU C702 – Forensics and Network Intrusion – Full Exam Preparation Q&A
with Correct Answers 2025.
Comprehensive study resource for the WGU Master’s-level course C702:
Forensics and Network Intrusion. It features a comprehensive bank of
multiple-choice questions with verified correct answers, covering key topics
such as forensic methodologies, digital evidence handling, cybercrime laws,
system architecture, file systems, network intrusion detection, anti-forensics,
malware distribution, and cloud forensics. Perfectly aligned with WGU
assessments, this file is ideal for in-depth exam preparation and review.
Current Updated Guide 2025/2026
A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick containing
emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in evidence?
A Those who obtain access to the device
B Anyone who has ever used the device
C Recipients of emails on the device
D Authors of emails on the device - ansA
Which type of attack is a denial-of-service technique that sends a large amount of data to
overwhelm system resources?
A Phishing
B Spamming
C Mail bombing
D Bluejacking - ansC
Which computer crime forensics step requires an investigator to duplicate and image the
collected digital information?
A Securing evidence
B Acquiring data
C Analyzing data
D Assessing evidence - ansB
What is the last step of a criminal investigation that requires the involvement of a computer
forensic investigator?
A Analyzing the data collected
B Testifying in court
C Assessing the evidence
D Performing search and seizure - ansB
How can a forensic investigator verify an Android mobile device is on, without potentially
changing the original evidence or interacting with the operating system?
A Check to see if it is plugged into a computer
B Tap the screen multiple times
C Look for flashing lights
D Hold down the power button - ansC
What should a forensic investigator use to protect a mobile device if a Faraday bag is not
available?
,WGU C702 – Forensics and Network Intrusion – Full Exam Preparation Q&A
with Correct Answers 2025.
Comprehensive study resource for the WGU Master’s-level course C702:
Forensics and Network Intrusion. It features a comprehensive bank of
multiple-choice questions with verified correct answers, covering key topics
such as forensic methodologies, digital evidence handling, cybercrime laws,
system architecture, file systems, network intrusion detection, anti-forensics,
malware distribution, and cloud forensics. Perfectly aligned with WGU
assessments, this file is ideal for in-depth exam preparation and review.
Current Updated Guide 2025/2026
A Aluminum foil
B Sturdy container
C Cardboard box
D Bubble wrap - ansA
Which criterion determines whether a technology used by government to obtain information
in a computer search is considered innovative and requires a search warrant?
A Availability to the general public
B Dependency on third-party software
C Implementation based on open source software
D Use of cloud-based machine learning - ansA
Which situation allows a law enforcement officer to seize a hard drive from a residence
without obtaining a search warrant?
A The computer is left unattended.
B The front door is wide open.
C The occupant is acting suspicious.
D The evidence is in imminent danger. - ansD
Which legal document contains a summary of findings and is used to prosecute?
A Investigation report
B Search warrant
C Search and seizure
D Chain of custody - ansA
What should an investigator use to prevent any signals from reaching a mobile phone?
A Faraday bag
B Dry bag
C Anti-static container
D Lock box - ansA
A forensic investigator is called to the stand as a technical witness in an internet payment
fraud case.
Which behavior is considered ethical by this investigator while testifying?
A Providing and explaining facts found during the investigation
B Interpreting the findings and offering a clear opinion to the jury
C Helping the jury arrive at a conclusion based on the facts
D Assisting the attorney in compiling a list of essential questions - ansA
A government agent is testifying in a case involving malware on a system.
, WGU C702 – Forensics and Network Intrusion – Full Exam Preparation Q&A
with Correct Answers 2025.
Comprehensive study resource for the WGU Master’s-level course C702:
Forensics and Network Intrusion. It features a comprehensive bank of
multiple-choice questions with verified correct answers, covering key topics
such as forensic methodologies, digital evidence handling, cybercrime laws,
system architecture, file systems, network intrusion detection, anti-forensics,
malware distribution, and cloud forensics. Perfectly aligned with WGU
assessments, this file is ideal for in-depth exam preparation and review.
Current Updated Guide 2025/2026
What should this agent have complied with during search and seizure?
A Fourth Amendment
B Stored Communications Act
C Net Neutrality Bill
D Federal Rules of Evidence - ansA
Which path should a forensic investigator use to look for system logs in a Mac?
A /var/log/cups/access_log
B /var/log/
C /var/audit/
D /var/log/install.log - ansB
Which tool should a forensic investigator use to view information from Linux kernel ring
buffers?
A arp
B dmesg
C fsck
D grep - ansB
A forensic investigator makes a bit-stream copy of a Windows hard drive that has been
reformatted. The investigator needs to locate only the Adobe PDF files on the hard drive.
Which tool should this investigator use?
A Quick Recovery
B Handy Recovery
C EaseUS Data Recovery
D Stellar Data Recovery - ansC
Which hexadecimal value should an investigator search for to find JPEG images on a device?
A 0x424D
B 0xD0CF11E0A1B11AE1
C 0x504B030414000600
D 0xFFD8 - ansD
Which type of steganography allows the user to physically move a file but keep the
associated files in their original location for recovery?
A Whitespace
B Folder
