WGU C702 UPDATED ACTUAL Exam
Questions and CORRECT Answers
Quantitative Risk Analysis - CORRECT ANSWER --
Computer Forensics - CORRECT ANSWER - A set of methodological procedures and
techniques that help identify, gather, preserve, extract, interpret, document, and present evidence
from computers in a way that is legally admissible
Cyber Crime - CORRECT ANSWER - Any illegal act involving a computing device,
network, its systems, or its applications. Both internal and external
Enterprise Theory of Investigation (ETI) - CORRECT ANSWER - Methodology for
investigating criminal activity
Types of Cyber Crime - CORRECT ANSWER - Civil, Criminal, Administrative
Civil Cases - CORRECT ANSWER - Involve disputes between two parties. Brought for
violation of contracts and lawsuits where a guilty outcome generally results in monetary
damages to the plaintiff
Criminal Cases - CORRECT ANSWER - Brought by law enforcement agencies in
response to a suspected violation of law where a guilty outcome results in monetary damages,
imprisonment, or both
Administrative Cases - CORRECT ANSWER - An internal investigation by an
organization to discover if its employees/clients/partners are abiding by the rules or policies
(Violation of company policies). Non-criminal in nature and are related to misconduct or
activities of an employee
Rules of Forensic Investigation - CORRECT ANSWER - Safeguard the integrity of the
evidence and render it acceptable in a court of law. The forensic examiner must make duplicate
, copies of the original evidence. The duplicate copies must be accurate replications of the
originals, and the forensic examiner must also authenticate the duplicate copies to avoid
questions about the integrity of the evidence. Must not continue with the investigation if the
examination is going to be beyond his or her knowledge level or skill level.
Cyber Crime Investigation Methodology/Steps - CORRECT ANSWER - 1.Identify the
computer crime 2.Collect preliminary evidence 3.Obtain court warrant dor discovery/seizure of
evidence 4.Perform first responder procedures 5.Seize evidence at the crime scene 6. Transport
evidence to lab 7.Create two bitstream copies of the evidence 8. Generate MD5 checksum of the
images 9. Maintain chain of custody 10. Store original evidence in secure location 11. Analyze
the image copy for evidence 12. Prepare a forensic report 13. Submit a report to client 14. Testify
in course as an expert witness
Locard's Exchange Principle - CORRECT ANSWER - Anyone of anything, entering a
crime scene takes something of the scene with them and leaves something of themselves behind
when they leave.
Types of Digital Data - CORRECT ANSWER - Volatile Data
Non-volatile Data
Volatile Data - CORRECT ANSWER - Temporary information on a device that requires a
constant power supply and is deleted if the power supply is interrupted
Non-Volatile Data - CORRECT ANSWER - Secondary storage of data. Long-term,
persistent data.
Permanent data stored on secondary storage devices, such as hard disks and memory cards.
Characteristics of Digital Evidence - CORRECT ANSWER - 1. Be Relevant
2. Be probative
3. Be authentic
4. Be accurate
5. Be complete
Questions and CORRECT Answers
Quantitative Risk Analysis - CORRECT ANSWER --
Computer Forensics - CORRECT ANSWER - A set of methodological procedures and
techniques that help identify, gather, preserve, extract, interpret, document, and present evidence
from computers in a way that is legally admissible
Cyber Crime - CORRECT ANSWER - Any illegal act involving a computing device,
network, its systems, or its applications. Both internal and external
Enterprise Theory of Investigation (ETI) - CORRECT ANSWER - Methodology for
investigating criminal activity
Types of Cyber Crime - CORRECT ANSWER - Civil, Criminal, Administrative
Civil Cases - CORRECT ANSWER - Involve disputes between two parties. Brought for
violation of contracts and lawsuits where a guilty outcome generally results in monetary
damages to the plaintiff
Criminal Cases - CORRECT ANSWER - Brought by law enforcement agencies in
response to a suspected violation of law where a guilty outcome results in monetary damages,
imprisonment, or both
Administrative Cases - CORRECT ANSWER - An internal investigation by an
organization to discover if its employees/clients/partners are abiding by the rules or policies
(Violation of company policies). Non-criminal in nature and are related to misconduct or
activities of an employee
Rules of Forensic Investigation - CORRECT ANSWER - Safeguard the integrity of the
evidence and render it acceptable in a court of law. The forensic examiner must make duplicate
, copies of the original evidence. The duplicate copies must be accurate replications of the
originals, and the forensic examiner must also authenticate the duplicate copies to avoid
questions about the integrity of the evidence. Must not continue with the investigation if the
examination is going to be beyond his or her knowledge level or skill level.
Cyber Crime Investigation Methodology/Steps - CORRECT ANSWER - 1.Identify the
computer crime 2.Collect preliminary evidence 3.Obtain court warrant dor discovery/seizure of
evidence 4.Perform first responder procedures 5.Seize evidence at the crime scene 6. Transport
evidence to lab 7.Create two bitstream copies of the evidence 8. Generate MD5 checksum of the
images 9. Maintain chain of custody 10. Store original evidence in secure location 11. Analyze
the image copy for evidence 12. Prepare a forensic report 13. Submit a report to client 14. Testify
in course as an expert witness
Locard's Exchange Principle - CORRECT ANSWER - Anyone of anything, entering a
crime scene takes something of the scene with them and leaves something of themselves behind
when they leave.
Types of Digital Data - CORRECT ANSWER - Volatile Data
Non-volatile Data
Volatile Data - CORRECT ANSWER - Temporary information on a device that requires a
constant power supply and is deleted if the power supply is interrupted
Non-Volatile Data - CORRECT ANSWER - Secondary storage of data. Long-term,
persistent data.
Permanent data stored on secondary storage devices, such as hard disks and memory cards.
Characteristics of Digital Evidence - CORRECT ANSWER - 1. Be Relevant
2. Be probative
3. Be authentic
4. Be accurate
5. Be complete
