WGU C702 CHFI and OA UPDATED
ACTUAL Exam Questions and CORRECT
Answers
Which of the following is true regarding computer forensics? - CORRECT ANSWER -
Computer forensics deals with the process of finding evidence related to a digital crime to find
the culprits and initiate legal action against them.
Which of the following is NOT a objective of computer forensics? - CORRECT
ANSWER - Document vulnerabilities allowing further loss of intellectual property,
finances, and reputation during an attack.
Which of the following is true regarding Enterprise Theory of Investigation (ETI)? - CORRECT
ANSWER - It adopts a holistic approach toward any criminal activity as a criminal
operation rather as a single criminal act.
Forensic readiness refers to: - CORRECT ANSWER - An organization's ability to make
optimal use of digital evidence in a limited time period and with minimal investigation costs.
Which of the following is NOT a element of cybercrime? - CORRECT ANSWER -
Evidence smaller in size.
Which of the following is true of cybercrimes? - CORRECT ANSWER - Investigators,
with a warrant, have the authority to forcibly seize the computing devices.
Which of the following is true of cybercrimes? - CORRECT ANSWER - The initial
reporting of the evidence is usually informal.
Which of the following is NOT a consideration during a cybercrime investigation? - CORRECT
ANSWER - Value or cost to the victim.
,Which of the following is a user-created source of potential evidence? - CORRECT
ANSWER - Address book.
Which of the following is a computer-created source of potential evidence? - CORRECT
ANSWER - Swap file.
Which of the following is NOT where potential evidence may be located? - CORRECT
ANSWER - Processor.
Under which of the following conditions will duplicate evidence NOT suffice? - CORRECT
ANSWER - When original evidence is in possession of the originator.
Which of the following Federal Rules of Evidence governs proceedings in the courts of the
United States? - CORRECT ANSWER - Rule 101.
Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and
the proceedings justly determined? - CORRECT ANSWER - Rule 102.
Which of the following Federal Rules of Evidence contains rulings on evidence? - CORRECT
ANSWER - Rule 103
Which of the following Federal Rules of Evidence states that the court shall restrict the evidence
to its proper scope and instruct the jury accordingly? - CORRECT ANSWER - Rule 105
Which of the following refers to a set of methodological procedures and techniques to identify,
gather, preserve, extract, interpret, document, and present evidence from computing equipment
in such a manner that the discovered evidence is acceptable during a legal and/or administrative
proceeding in a court of law? - CORRECT ANSWER - Computer Forensics.
Computer Forensics deals with the process of finding _____ related to a digital crime to find the
culprits and initiate legal action against them. - CORRECT ANSWER - Evidence.
, Minimizing the tangible and intangible losses to the organization or an individual is considered
an essential computer forensics use. - CORRECT ANSWER - True.
Cybercrimes can be classified into the following two types of attacks, based on the line of attack.
- CORRECT ANSWER - Internal and External.
Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are
examples of what? - CORRECT ANSWER - Insider attack or primary attacks.
External attacks occur when there are inadequate information-security policies and procedures. -
CORRECT ANSWER - True.
Which type of cases involve disputes between two parties? - CORRECT ANSWER -
Civil.
A computer forensic examiner can investigate any crime as long as he or she takes detailed notes
and follows the appropriate processes. - CORRECT ANSWER - False.
________ is the standard investigative model used by the FBI when conducting investigations
against major criminal organizations. - CORRECT ANSWER - Enterprise Theory of
Investigation (ETI).
Forensic readiness includes technical and nontechnical actions that maximize an organization's
competence to use digital evidence. - CORRECT ANSWER - True.
Which of the following is the process of developing a strategy to address the occurrence of any
security breach in the system or network? - CORRECT ANSWER - Incident Response.
Digital devices store data about session such as user and type of connection. - CORRECT
ANSWER - True.
ACTUAL Exam Questions and CORRECT
Answers
Which of the following is true regarding computer forensics? - CORRECT ANSWER -
Computer forensics deals with the process of finding evidence related to a digital crime to find
the culprits and initiate legal action against them.
Which of the following is NOT a objective of computer forensics? - CORRECT
ANSWER - Document vulnerabilities allowing further loss of intellectual property,
finances, and reputation during an attack.
Which of the following is true regarding Enterprise Theory of Investigation (ETI)? - CORRECT
ANSWER - It adopts a holistic approach toward any criminal activity as a criminal
operation rather as a single criminal act.
Forensic readiness refers to: - CORRECT ANSWER - An organization's ability to make
optimal use of digital evidence in a limited time period and with minimal investigation costs.
Which of the following is NOT a element of cybercrime? - CORRECT ANSWER -
Evidence smaller in size.
Which of the following is true of cybercrimes? - CORRECT ANSWER - Investigators,
with a warrant, have the authority to forcibly seize the computing devices.
Which of the following is true of cybercrimes? - CORRECT ANSWER - The initial
reporting of the evidence is usually informal.
Which of the following is NOT a consideration during a cybercrime investigation? - CORRECT
ANSWER - Value or cost to the victim.
,Which of the following is a user-created source of potential evidence? - CORRECT
ANSWER - Address book.
Which of the following is a computer-created source of potential evidence? - CORRECT
ANSWER - Swap file.
Which of the following is NOT where potential evidence may be located? - CORRECT
ANSWER - Processor.
Under which of the following conditions will duplicate evidence NOT suffice? - CORRECT
ANSWER - When original evidence is in possession of the originator.
Which of the following Federal Rules of Evidence governs proceedings in the courts of the
United States? - CORRECT ANSWER - Rule 101.
Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and
the proceedings justly determined? - CORRECT ANSWER - Rule 102.
Which of the following Federal Rules of Evidence contains rulings on evidence? - CORRECT
ANSWER - Rule 103
Which of the following Federal Rules of Evidence states that the court shall restrict the evidence
to its proper scope and instruct the jury accordingly? - CORRECT ANSWER - Rule 105
Which of the following refers to a set of methodological procedures and techniques to identify,
gather, preserve, extract, interpret, document, and present evidence from computing equipment
in such a manner that the discovered evidence is acceptable during a legal and/or administrative
proceeding in a court of law? - CORRECT ANSWER - Computer Forensics.
Computer Forensics deals with the process of finding _____ related to a digital crime to find the
culprits and initiate legal action against them. - CORRECT ANSWER - Evidence.
, Minimizing the tangible and intangible losses to the organization or an individual is considered
an essential computer forensics use. - CORRECT ANSWER - True.
Cybercrimes can be classified into the following two types of attacks, based on the line of attack.
- CORRECT ANSWER - Internal and External.
Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are
examples of what? - CORRECT ANSWER - Insider attack or primary attacks.
External attacks occur when there are inadequate information-security policies and procedures. -
CORRECT ANSWER - True.
Which type of cases involve disputes between two parties? - CORRECT ANSWER -
Civil.
A computer forensic examiner can investigate any crime as long as he or she takes detailed notes
and follows the appropriate processes. - CORRECT ANSWER - False.
________ is the standard investigative model used by the FBI when conducting investigations
against major criminal organizations. - CORRECT ANSWER - Enterprise Theory of
Investigation (ETI).
Forensic readiness includes technical and nontechnical actions that maximize an organization's
competence to use digital evidence. - CORRECT ANSWER - True.
Which of the following is the process of developing a strategy to address the occurrence of any
security breach in the system or network? - CORRECT ANSWER - Incident Response.
Digital devices store data about session such as user and type of connection. - CORRECT
ANSWER - True.
