WGU C702 FORENSICS AND NETWORK INTRUSION TEST
PAPER QUESTIONS AND ANSWERS RATED A+
✔✔A forensic investigator is collecting evidence from the MySQL server. The
investigator needs to verify the status of the tables and repair them using one of the
MySQL utility programs. Which utility program should the investigator use? -
✔✔myisamchk
✔✔Which process studies system changes after multiple actions occur? - ✔✔Host
integrity monitoring
✔✔Which type of log-on event is created when a user logs on to a computer locally? -
✔✔Interactive
✔✔A forensic investigator receives a virtual machine (VM) in a dd image file. Which
program should the investigator use to convert the dd image into a bootable VM? -
✔✔QEMU disk image utility
✔✔A forensic investigator uses The Sleuth Kit (TSK) to extract information about when
directories were created and modified. Which command should the investigator use to
extract the information? - ✔✔fls
✔✔Which log does an investigator analyze to determine when an external attacker first
entered a network? - ✔✔Firewall
✔✔Which Windows event ID gets logged when a new process is started? - ✔✔4688
✔✔Which Tor network relay allows a client IP address to be read? - ✔✔Entry relay
✔✔What should a forensic investigator collect to analyze the email artifacts of a Tor
Browser session? - ✔✔Memory dump
✔✔A forensic investigator is investigating an attack on a WordPress database. The
investigator has already made a backup of the database from the MySQL server and
needs to restore the data on the forensic investigator's laptop. Which command creates
a database named wordpress? - ✔✔Create database wordpress;
✔✔Which utility should be used to acquire Mozilla Thunderbird data? - ✔✔SysTools
MailPro+
✔✔Where should a forensic investigator look for the Integrated Circuit Card ID (ICCID)
when collecting cellular evidence? - ✔✔Mobile phone device
, ✔✔Where does a forensic investigator monitor information about calls and messages
sent between wireless networks and landlines in a cellular network? - ✔✔Mobile
switching center (MSC)
✔✔A forensic investigator is investigating an ext4 drive on a Linux system. What is the
minimum kernel that supports this? - ✔✔v2.6.19
✔✔Which application should a forensic investigator use to analyze information on a
Mac OSX? - ✔✔Data Rescue 4
✔✔Microsoft Security IDs - ✔✔are available in Windows Registry Editor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList
✔✔HFS (Hierarchical File System) Plus - ✔✔file system developed by Apple for Mac
OS X. It is also referred to as Mac OS Extended.
✔✔The EXT file system - ✔✔created to be used with the Linux kernel. Windows and
Mac OS cannot read EXT file systems.
✔✔exFAT file system - ✔✔Microsoft file system that is compatible with Windows and
Mac OS 10.6+. It is also compatible with many media devices such as TVs and portable
media players.
✔✔The FAT file system - ✔✔file system is a general purpose file system that is
compatible with all major operating systems. default file system for all Windows
operating systems prior to Windows 2000.only used for devices with small capacity
where portability between operating systems is paramount.
✔✔The NTFS file system - ✔✔modern, well-formed file is a system that is most
commonly used by Windows Vista, 7 & 8. It has feature-rich, yet simple organization
that allows it to be used on very large volumes.
✔✔Logical block addressing (LBA) - ✔✔Use for specifying the location of blocks of data
stored on computer storage devices, generally secondary storage systems such as hard
disk drives.
✔✔fsutil command. - ✔✔command performs the tasks that are related to file allocation
table (FAT) and NTFS file systems such as managing reparse points, managing sparse
files, or dismounting a volume
✔✔Metasploit framework and what you can do with that. - ✔✔Timestomp, which is part
of the Metasploit Framework, is a trail obfuscation tool that attackers use to modify, edit,
PAPER QUESTIONS AND ANSWERS RATED A+
✔✔A forensic investigator is collecting evidence from the MySQL server. The
investigator needs to verify the status of the tables and repair them using one of the
MySQL utility programs. Which utility program should the investigator use? -
✔✔myisamchk
✔✔Which process studies system changes after multiple actions occur? - ✔✔Host
integrity monitoring
✔✔Which type of log-on event is created when a user logs on to a computer locally? -
✔✔Interactive
✔✔A forensic investigator receives a virtual machine (VM) in a dd image file. Which
program should the investigator use to convert the dd image into a bootable VM? -
✔✔QEMU disk image utility
✔✔A forensic investigator uses The Sleuth Kit (TSK) to extract information about when
directories were created and modified. Which command should the investigator use to
extract the information? - ✔✔fls
✔✔Which log does an investigator analyze to determine when an external attacker first
entered a network? - ✔✔Firewall
✔✔Which Windows event ID gets logged when a new process is started? - ✔✔4688
✔✔Which Tor network relay allows a client IP address to be read? - ✔✔Entry relay
✔✔What should a forensic investigator collect to analyze the email artifacts of a Tor
Browser session? - ✔✔Memory dump
✔✔A forensic investigator is investigating an attack on a WordPress database. The
investigator has already made a backup of the database from the MySQL server and
needs to restore the data on the forensic investigator's laptop. Which command creates
a database named wordpress? - ✔✔Create database wordpress;
✔✔Which utility should be used to acquire Mozilla Thunderbird data? - ✔✔SysTools
MailPro+
✔✔Where should a forensic investigator look for the Integrated Circuit Card ID (ICCID)
when collecting cellular evidence? - ✔✔Mobile phone device
, ✔✔Where does a forensic investigator monitor information about calls and messages
sent between wireless networks and landlines in a cellular network? - ✔✔Mobile
switching center (MSC)
✔✔A forensic investigator is investigating an ext4 drive on a Linux system. What is the
minimum kernel that supports this? - ✔✔v2.6.19
✔✔Which application should a forensic investigator use to analyze information on a
Mac OSX? - ✔✔Data Rescue 4
✔✔Microsoft Security IDs - ✔✔are available in Windows Registry Editor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList
✔✔HFS (Hierarchical File System) Plus - ✔✔file system developed by Apple for Mac
OS X. It is also referred to as Mac OS Extended.
✔✔The EXT file system - ✔✔created to be used with the Linux kernel. Windows and
Mac OS cannot read EXT file systems.
✔✔exFAT file system - ✔✔Microsoft file system that is compatible with Windows and
Mac OS 10.6+. It is also compatible with many media devices such as TVs and portable
media players.
✔✔The FAT file system - ✔✔file system is a general purpose file system that is
compatible with all major operating systems. default file system for all Windows
operating systems prior to Windows 2000.only used for devices with small capacity
where portability between operating systems is paramount.
✔✔The NTFS file system - ✔✔modern, well-formed file is a system that is most
commonly used by Windows Vista, 7 & 8. It has feature-rich, yet simple organization
that allows it to be used on very large volumes.
✔✔Logical block addressing (LBA) - ✔✔Use for specifying the location of blocks of data
stored on computer storage devices, generally secondary storage systems such as hard
disk drives.
✔✔fsutil command. - ✔✔command performs the tasks that are related to file allocation
table (FAT) and NTFS file systems such as managing reparse points, managing sparse
files, or dismounting a volume
✔✔Metasploit framework and what you can do with that. - ✔✔Timestomp, which is part
of the Metasploit Framework, is a trail obfuscation tool that attackers use to modify, edit,
