WGU C702 FORENSICS AND NETWORK INTRUSION STUDY
EXAM GUIDE QUESTIONS AND ANSWERS RATED A+
✔✔What is the role of an expert witness? - ✔✔To educate the public and court.
✔✔Which of the following is NOT a legitimate authorizer of a search warrant? - ✔✔First
Responder.
✔✔Under which of the following circumstances has a court of law allowed investigators
to perform searches without a warrant? - ✔✔Delay in obtaining a warrant may lead to
the destruction of evidence and hamper the investigation process.
✔✔Which of the following should be considered before planning and evaluating the
budget for the forensic investigation case? - ✔✔Breakdown of costs into daily and
annual expenditure.
✔✔Which of the following should be physical location and structural design
considerations for forensics labs? - ✔✔Lab exteriors should have no windows.
✔✔Which of the following should be work area considerations for forensics labs? -
✔✔Examiner station has an area of about 50-63 square feet.
✔✔Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - ✔✔Testify as an expert defendant.
✔✔Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - ✔✔Destroy the evidence.
✔✔Investigators can immediately take action after receiving a report of a security
incident. - ✔✔False.
✔✔In forensics laws, "authenticating or identifying evidences" comes under which rule?
- ✔✔Rule 901.
✔✔Courts call knowledgable persons to testify to the accuracy of the investigative
process. These people who tesify are known as the: - ✔✔Expert witnesses.
✔✔A chain of custody is a critical document in the computer forensics investigation
process because the document provides legal validation of appropriate evidence
handling. - ✔✔True.
✔✔Identify the following which was launched by the National Institute of Standards and
Technology (NIST), that establishes a "methodology for testing computer forensics
, software tools by development of general tool specifications, test procedures, test
criteria, test sets, and test hardware." - ✔✔Computer Forensic Tool Testing Project
(CFTTP)
✔✔Which of the following is NOT a digital data storage type? - ✔✔Quantum storage
devices.
✔✔Which of the following is NOT a common computer file system? - ✔✔EFX3
✔✔Which field type refers to the volume descriptor as a primary? - ✔✔Number 1
✔✔Which logical drive holds the information regarding the data and files that are stored
in the disk? - ✔✔Extended partition.
✔✔How large is the partition table structure that stores information about the partitions
present on the hard disk? - ✔✔64-byte.
✔✔How many bits are used by the MBR partition scheme for storing LBAs (Logical
Block Addresses) and the size information on a 512-byte sector? - ✔✔32 bits
✔✔in the GUID Partition Table, which Logical Block Address contains the Partition
Entry Array? - ✔✔LBA 2
✔✔Which of the following describes when the user restarts the system via the operating
system? - ✔✔Warm booting.
✔✔Which Windows operating system power on and starts up using either the traditional
BIOS-MBR method or the newer UEFI-GPT method? - ✔✔Windows 8.
✔✔Which item describes the following UEFI boot process phase?
The phase of EFI consisting of initializing the CPU, temporary memory, and boot
firmware volume (BFV); locating and executing the chapters to initialize all the found
hardware in the system; and creating a Hand-Off Block List with all found resources
interface descriptors. - ✔✔PEI (Pre-EFI Initialization) Phase.
✔✔Which of the following basic partitioning tools displays details about the GPT
partition tables in Windows OS? - ✔✔DiskPart.
✔✔What stage of the Linux boot process includes the task of loading the Linux kernel
and optional initial RAM disk? - ✔✔Bootloader Stage
EXAM GUIDE QUESTIONS AND ANSWERS RATED A+
✔✔What is the role of an expert witness? - ✔✔To educate the public and court.
✔✔Which of the following is NOT a legitimate authorizer of a search warrant? - ✔✔First
Responder.
✔✔Under which of the following circumstances has a court of law allowed investigators
to perform searches without a warrant? - ✔✔Delay in obtaining a warrant may lead to
the destruction of evidence and hamper the investigation process.
✔✔Which of the following should be considered before planning and evaluating the
budget for the forensic investigation case? - ✔✔Breakdown of costs into daily and
annual expenditure.
✔✔Which of the following should be physical location and structural design
considerations for forensics labs? - ✔✔Lab exteriors should have no windows.
✔✔Which of the following should be work area considerations for forensics labs? -
✔✔Examiner station has an area of about 50-63 square feet.
✔✔Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - ✔✔Testify as an expert defendant.
✔✔Which of the following is NOT part of the Computer Forensics Investigation
Methodology? - ✔✔Destroy the evidence.
✔✔Investigators can immediately take action after receiving a report of a security
incident. - ✔✔False.
✔✔In forensics laws, "authenticating or identifying evidences" comes under which rule?
- ✔✔Rule 901.
✔✔Courts call knowledgable persons to testify to the accuracy of the investigative
process. These people who tesify are known as the: - ✔✔Expert witnesses.
✔✔A chain of custody is a critical document in the computer forensics investigation
process because the document provides legal validation of appropriate evidence
handling. - ✔✔True.
✔✔Identify the following which was launched by the National Institute of Standards and
Technology (NIST), that establishes a "methodology for testing computer forensics
, software tools by development of general tool specifications, test procedures, test
criteria, test sets, and test hardware." - ✔✔Computer Forensic Tool Testing Project
(CFTTP)
✔✔Which of the following is NOT a digital data storage type? - ✔✔Quantum storage
devices.
✔✔Which of the following is NOT a common computer file system? - ✔✔EFX3
✔✔Which field type refers to the volume descriptor as a primary? - ✔✔Number 1
✔✔Which logical drive holds the information regarding the data and files that are stored
in the disk? - ✔✔Extended partition.
✔✔How large is the partition table structure that stores information about the partitions
present on the hard disk? - ✔✔64-byte.
✔✔How many bits are used by the MBR partition scheme for storing LBAs (Logical
Block Addresses) and the size information on a 512-byte sector? - ✔✔32 bits
✔✔in the GUID Partition Table, which Logical Block Address contains the Partition
Entry Array? - ✔✔LBA 2
✔✔Which of the following describes when the user restarts the system via the operating
system? - ✔✔Warm booting.
✔✔Which Windows operating system power on and starts up using either the traditional
BIOS-MBR method or the newer UEFI-GPT method? - ✔✔Windows 8.
✔✔Which item describes the following UEFI boot process phase?
The phase of EFI consisting of initializing the CPU, temporary memory, and boot
firmware volume (BFV); locating and executing the chapters to initialize all the found
hardware in the system; and creating a Hand-Off Block List with all found resources
interface descriptors. - ✔✔PEI (Pre-EFI Initialization) Phase.
✔✔Which of the following basic partitioning tools displays details about the GPT
partition tables in Windows OS? - ✔✔DiskPart.
✔✔What stage of the Linux boot process includes the task of loading the Linux kernel
and optional initial RAM disk? - ✔✔Bootloader Stage
