WGU C702 FORENSICS AND NETWORK INTRUSION MAIN
EXAMINATION TEST QUESTIONS AND ANSWERS RATED
A+
✔✔Forensic readiness includes technical and non-technical actions that maximize an
organization's competence to use digital evidence.
A. True
B. False - ✔✔A. True
Ref: Module 1, page 64
✔✔Which of the following is the process of developing a strategy to address the
occurrence of any security breach in the system or network?
A. Forensic readiness planning
B. Best evidence rule
C. Security policy
D. Incident response - ✔✔D. Incident response
Ref: Module 1, page 70
✔✔Codes of ethics are the principles stated to describe the expected behavior of an
investigator while handling a case. Which of the following is not a principle that a
computer forensic investigator must follow?
A. Act with utmost ethical and moral principles.
B. Ensure integrity of the evidence throughout the investigation process.
C. Act in accordance with federal statutes, state statutes, and local laws and policies.
D. Provide personal or prejudiced opinions. - ✔✔D. Provide personal or prejudiced
opinions.
Ref: Module 1, page 83
✔✔In forensics laws, "authenticating or identifying evidences" comes under which rule?
A. Rule 801
B. Rule 708
C. Rule 608
D. Rule 901 - ✔✔D. Rule 901
Ref: Module 1, page 56
✔✔What requires companies that offer financial products or services to protect
customer information against security threats?
A. HIPAA
B. FISMA
C. PCI DSS
D. GLBA - ✔✔D. GLBA
Ref: Module 1, page 92
✔✔Which of the following includes security standards for health information?
,A. FISMA
B. HIPAA
C. PCI DSS
D. GLBA - ✔✔B. HIPAA
Ref: Module 1, pages 93-94
✔✔What is the act passed by the U.S. Congress to protect investors from the possibility
of fraudulent accounting activities by corporations?
A. SOX
B. PCI DSS
C. GLBA
D. FISMA - ✔✔A. SOX
Ref: Module 1, pages 96-97
✔✔What is a proprietary information security standard for organizations that handle
cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards?
A. PCI DSS
B. GLBA
C. SOX
D. FISMA - ✔✔A. PCI DSS
Ref: Module 1, page 96
✔✔What is the role of an expert witness?
A. To testify against the plaintiff
B. To educate the jury and court
C. To support the defense
D. To evaluate the court's decisions - ✔✔B. To educate the jury and court
Ref: Module 2, page 196
✔✔Who is a legitimate issuer of a search warrant?
A. A forensic examiner
B. A judge
C. A police officer
D. A first responder - ✔✔B. A judge
Ref: Module 2, page 145
✔✔Under which of the following circumstances has a court of law allowed investigators
to perform searches without a warrant?
A. Delay in obtaining a warrant may lead to the preservation of evidence and expedite
the investigation process.
B. Expediting the process of obtaining a warrant may lead to a delay in prosecution of a
perpetrator.
C. Delay in obtaining a warrant may lead to the destruction of evidence and hamper the
investigation process.
,D. Expediting the process of obtaining a warrant may lead to the timely prosecution of a
perpetrator. - ✔✔C. Delay in obtaining a warrant may lead to the destruction of
evidence and hamper the investigation process.
Ref: Module 2, page 147
✔✔Which of the following should be physical location and structural design
considerations for forensics labs?
A. Room size should be compact with standard HVAC equipment.
B. Sufficient space to place all equipment to include storage.
C. Lightweight construction materials need to be used.
D. Computer systems should be visible from every angle. - ✔✔B. Sufficient space to
place all equipment to include storage.
Ref: Module 2, page 119
✔✔Which of the following should be work area considerations for forensics labs?
A. Emergency power and protection for all equipment.
B. Additional equipment such as notepads, printers, etc. should be stored elsewhere.
C. Physical computer examinations should take place in a separate workspace.
D. Multiple examiners should share workspace for efficiency. - ✔✔A. Emergency power
and protection for all equipment.
Ref: Module 2, page 119
✔✔Which of the following is not part of the Computer Forensics Investigation
Methodology?
A. Data acquisition
B. Data analysis
C. Testify as an expert defendant
D. Testify as an expert witness - ✔✔C. Testify as an expert defendant
Ref: Module 2, page 135
✔✔Which of the following is not part of the Computer Forensics Investigation
Methodology?
A. Evidence Destruction
B. Evidence Preservation
C. Data Analysis
D. Search and Seizure - ✔✔A. Evidence Destruction
Ref: Module 2, page 135
✔✔Investigators can immediately take action after receiving a report of a security
incident.
A. False
B. True - ✔✔A. False
Ref: Module 2, page 132
, ✔✔Courts call knowledgeable persons to testify to the accuracy of the investigative
process. These people who testify are known as the ________.
A. judges
B. counselors
C. character witnesses
D. expert witnesses - ✔✔D. expert witnesses
Ref: Module 2, page 194
✔✔A chain of custody is a critical document in the computer forensics investigation
process because the document provides legal validation of appropriate evidence
handling.
A. True
B. False - ✔✔A. True
Ref: Module 2, page 164
✔✔Identify the following project, which was launched by the National Institute of
Standards and Technology (NIST), that establishes a "methodology for testing computer
forensics software tools by development of general tool specifications, test procedures,
test criteria, test sets, and test hardware."
A. Computer Forensic Investigation Project (CFIP)
B. Computer Forensic Hardware Project (CFHP)
C. Enterprise Theory of Investigation (ETI)
D. Computer Forensic Tool Testing Project (CFTTP) - ✔✔D. Computer Forensic Tool
Testing Project (CFTTP)
Ref: Module 2, page 126
✔✔First responders can collect or recover data from any computer system or device
that holds electronic information.
A. False
B. True - ✔✔A. False
Ref: Module 2, page 129
✔✔What is not one of the measures a system or network administrator should take
when responding to an incident.
A. Immediately power down the computer if an ongoing attack is detected.
B. Document every detail relevant to the incident.
C. Transfer copies of system logs onto a clean media.
D. Record what is on the screen if the computer is switched on. - ✔✔A. Immediately
power down the computer if an ongoing attack is detected.
Ref: Module 2, page 131
✔✔Written consent from the authority is sufficient to commence search and seizure
activity.
A. True
B. False - ✔✔A. True
EXAMINATION TEST QUESTIONS AND ANSWERS RATED
A+
✔✔Forensic readiness includes technical and non-technical actions that maximize an
organization's competence to use digital evidence.
A. True
B. False - ✔✔A. True
Ref: Module 1, page 64
✔✔Which of the following is the process of developing a strategy to address the
occurrence of any security breach in the system or network?
A. Forensic readiness planning
B. Best evidence rule
C. Security policy
D. Incident response - ✔✔D. Incident response
Ref: Module 1, page 70
✔✔Codes of ethics are the principles stated to describe the expected behavior of an
investigator while handling a case. Which of the following is not a principle that a
computer forensic investigator must follow?
A. Act with utmost ethical and moral principles.
B. Ensure integrity of the evidence throughout the investigation process.
C. Act in accordance with federal statutes, state statutes, and local laws and policies.
D. Provide personal or prejudiced opinions. - ✔✔D. Provide personal or prejudiced
opinions.
Ref: Module 1, page 83
✔✔In forensics laws, "authenticating or identifying evidences" comes under which rule?
A. Rule 801
B. Rule 708
C. Rule 608
D. Rule 901 - ✔✔D. Rule 901
Ref: Module 1, page 56
✔✔What requires companies that offer financial products or services to protect
customer information against security threats?
A. HIPAA
B. FISMA
C. PCI DSS
D. GLBA - ✔✔D. GLBA
Ref: Module 1, page 92
✔✔Which of the following includes security standards for health information?
,A. FISMA
B. HIPAA
C. PCI DSS
D. GLBA - ✔✔B. HIPAA
Ref: Module 1, pages 93-94
✔✔What is the act passed by the U.S. Congress to protect investors from the possibility
of fraudulent accounting activities by corporations?
A. SOX
B. PCI DSS
C. GLBA
D. FISMA - ✔✔A. SOX
Ref: Module 1, pages 96-97
✔✔What is a proprietary information security standard for organizations that handle
cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards?
A. PCI DSS
B. GLBA
C. SOX
D. FISMA - ✔✔A. PCI DSS
Ref: Module 1, page 96
✔✔What is the role of an expert witness?
A. To testify against the plaintiff
B. To educate the jury and court
C. To support the defense
D. To evaluate the court's decisions - ✔✔B. To educate the jury and court
Ref: Module 2, page 196
✔✔Who is a legitimate issuer of a search warrant?
A. A forensic examiner
B. A judge
C. A police officer
D. A first responder - ✔✔B. A judge
Ref: Module 2, page 145
✔✔Under which of the following circumstances has a court of law allowed investigators
to perform searches without a warrant?
A. Delay in obtaining a warrant may lead to the preservation of evidence and expedite
the investigation process.
B. Expediting the process of obtaining a warrant may lead to a delay in prosecution of a
perpetrator.
C. Delay in obtaining a warrant may lead to the destruction of evidence and hamper the
investigation process.
,D. Expediting the process of obtaining a warrant may lead to the timely prosecution of a
perpetrator. - ✔✔C. Delay in obtaining a warrant may lead to the destruction of
evidence and hamper the investigation process.
Ref: Module 2, page 147
✔✔Which of the following should be physical location and structural design
considerations for forensics labs?
A. Room size should be compact with standard HVAC equipment.
B. Sufficient space to place all equipment to include storage.
C. Lightweight construction materials need to be used.
D. Computer systems should be visible from every angle. - ✔✔B. Sufficient space to
place all equipment to include storage.
Ref: Module 2, page 119
✔✔Which of the following should be work area considerations for forensics labs?
A. Emergency power and protection for all equipment.
B. Additional equipment such as notepads, printers, etc. should be stored elsewhere.
C. Physical computer examinations should take place in a separate workspace.
D. Multiple examiners should share workspace for efficiency. - ✔✔A. Emergency power
and protection for all equipment.
Ref: Module 2, page 119
✔✔Which of the following is not part of the Computer Forensics Investigation
Methodology?
A. Data acquisition
B. Data analysis
C. Testify as an expert defendant
D. Testify as an expert witness - ✔✔C. Testify as an expert defendant
Ref: Module 2, page 135
✔✔Which of the following is not part of the Computer Forensics Investigation
Methodology?
A. Evidence Destruction
B. Evidence Preservation
C. Data Analysis
D. Search and Seizure - ✔✔A. Evidence Destruction
Ref: Module 2, page 135
✔✔Investigators can immediately take action after receiving a report of a security
incident.
A. False
B. True - ✔✔A. False
Ref: Module 2, page 132
, ✔✔Courts call knowledgeable persons to testify to the accuracy of the investigative
process. These people who testify are known as the ________.
A. judges
B. counselors
C. character witnesses
D. expert witnesses - ✔✔D. expert witnesses
Ref: Module 2, page 194
✔✔A chain of custody is a critical document in the computer forensics investigation
process because the document provides legal validation of appropriate evidence
handling.
A. True
B. False - ✔✔A. True
Ref: Module 2, page 164
✔✔Identify the following project, which was launched by the National Institute of
Standards and Technology (NIST), that establishes a "methodology for testing computer
forensics software tools by development of general tool specifications, test procedures,
test criteria, test sets, and test hardware."
A. Computer Forensic Investigation Project (CFIP)
B. Computer Forensic Hardware Project (CFHP)
C. Enterprise Theory of Investigation (ETI)
D. Computer Forensic Tool Testing Project (CFTTP) - ✔✔D. Computer Forensic Tool
Testing Project (CFTTP)
Ref: Module 2, page 126
✔✔First responders can collect or recover data from any computer system or device
that holds electronic information.
A. False
B. True - ✔✔A. False
Ref: Module 2, page 129
✔✔What is not one of the measures a system or network administrator should take
when responding to an incident.
A. Immediately power down the computer if an ongoing attack is detected.
B. Document every detail relevant to the incident.
C. Transfer copies of system logs onto a clean media.
D. Record what is on the screen if the computer is switched on. - ✔✔A. Immediately
power down the computer if an ongoing attack is detected.
Ref: Module 2, page 131
✔✔Written consent from the authority is sufficient to commence search and seizure
activity.
A. True
B. False - ✔✔A. True
