WGU C702 FORENSICS AND
NETWORK INTRUSION EXAM PREP
QUESTIONS & ANSWERS(RATED
A+)
Denial-of-service technique - ANSWERAn attack that sends a large amount of data
to overwhelm system resources.
Mail bombing - ANSWERA type of denial-of-service attack that involves sending a
large volume of emails to a target.
Acquiring data - ANSWERThe step in computer crime forensics that requires an
investigator to duplicate and image the collected digital information.
Testifying in court - ANSWERThe last step of a criminal investigation that requires
the involvement of a computer forensic investigator.
Verifying an Android mobile device - ANSWERChecking to see if it is plugged into a
computer without potentially changing the original evidence.
Aluminum foil - ANSWERAn alternative to a Faraday bag for protecting a mobile
device.
Search warrant innovation criterion - ANSWERAvailability to the general public
determines whether a technology requires a search warrant.
Seizing a hard drive without a warrant - ANSWERA law enforcement officer can
seize a hard drive if the evidence is in imminent danger.
Investigation report - ANSWERA legal document that contains a summary of findings
and is used to prosecute.
Faraday bag - ANSWERA protective bag used to prevent signals from reaching a
mobile phone.
Ethical behavior while testifying - ANSWERProviding and explaining facts found
during the investigation.
Search and seizure compliance - ANSWERWhat a government agent should have
complied with during search and seizure in a case involving malware.
Flashing lights - ANSWERA method for a forensic investigator to verify an Android
mobile device is on without interacting with the operating system.
,Sturdy container - ANSWERAn alternative to a Faraday bag for protecting a mobile
device.
Cardboard box - ANSWERAn alternative to a Faraday bag for protecting a mobile
device.
Bubble wrap - ANSWERAn alternative to a Faraday bag for protecting a mobile
device.
Dependency on third-party software - ANSWERA criterion that may determine
whether a technology used by government requires a search warrant.
Implementation based on open source software - ANSWERA criterion that may
determine whether a technology used by government requires a search warrant.
Use of cloud-based machine learning - ANSWERA criterion that may determine
whether a technology used by government requires a search warrant.
Suspicious occupant behavior - ANSWERNot a valid reason for a law enforcement
officer to seize a hard drive without a warrant.
Unattended computer - ANSWERNot a valid reason for a law enforcement officer to
seize a hard drive without a warrant.
Wide open front door - ANSWERNot a valid reason for a law enforcement officer to
seize a hard drive without a warrant.
Fourth Amendment - ANSWERA part of the United States Constitution that protects
citizens from unreasonable searches and seizures.
Stored Communications Act - ANSWERA law that governs the voluntary and
involuntary disclosure of stored wire and electronic communications and
transactional records.
Net Neutrality Bill - ANSWERLegislation that aims to ensure that internet service
providers treat all data on the internet the same, without discriminating or charging
differently.
Federal Rules of Evidence - ANSWERA set of rules that governs the introduction of
evidence at civil and criminal trials in federal courts.
Stego-only - ANSWERA method used in steganography where only the stego object
is available to the investigator.
Known-stego - ANSWERA method where the investigator has access to both the
stego object and the method used to hide the information.
Known-message - ANSWERA method where the investigator has access to the
plaintext message and uses it to find the hidden information.
,Chosen-message - ANSWERA method where the investigator can choose a
plaintext message and analyze it to find the hidden information.
Linux - ANSWERAn open-source operating system based on the Linux kernel.
OS X - ANSWERAn operating system developed by Apple Inc. for Macintosh
computers.
UNIX - ANSWERA powerful, multiuser operating system originally developed in the
1960s and 1970s.
Windows - ANSWERA series of operating systems developed by Microsoft for
personal computers.
Cain and Abel - ANSWERA password recovery tool for Microsoft Windows that can
recover passwords by sniffing the network, cracking encrypted passwords, and
more.
DaveGrohl - ANSWERA password cracker specifically designed to recover
passwords on OS X operating systems.
L0phtCrack - ANSWERA password auditing and recovery application for Windows.
Ophcrack - ANSWERAn open-source Windows password cracker based on rainbow
tables.
Wireshark - ANSWERA network protocol analyzer that allows for the capture and
analysis of network traffic.
Administrative - ANSWERA type of cybercrime investigation approach focused on
enforcing company policies and regulations.
Enterprise Theory of Investigation - ANSWERA model that applies a holistic
approach toward any criminal activity as a criminal operation.
Court warrant - ANSWERA legal document issued by a judge authorizing law
enforcement to conduct a search or seizure.
Log review - ANSWERAn activity used to check whether an application has ever
been installed on a computer by examining system logs.
Forensic readiness - ANSWERAn organization's preparedness to handle incidents of
cybercrime, including considerations for cost.
Chain of custody document - ANSWERA document that records the handling of
evidence to maintain its integrity in legal proceedings.
EnCase - ANSWERA digital forensic tool that allows investigators to review or
process information in a Windows environment without relying on the Windows API.
, Backdoor - ANSWERCreate a backdoor that a perpetrator can use by connecting
wirelessly to the network
Jamming - ANSWERJam the wireless signals to stop all legitimate traffic from using
the wireless network
Wireless Card Activation - ANSWERActivate the wireless cards in the laptops of
victims to gain access to their data and network
Rogue Wireless Network - ANSWERTransmit high-power signals that force users to
connect to the rogue wireless network
Buffer Overflow - ANSWERWhich web-based application attack corrupts the
execution stack of a web application?
Archived Email File Extension - ANSWERWhich file extension should the
investigator search for to find the archived message on the server?
.EDB - ANSWER.EDB
Email Server Identification - ANSWERWhich task should these investigators instruct
the victim to perform in order to identify the sending email server?
Email Header - ANSWERProvide the email header
Forensic Tool for Data Location - ANSWERWhich tool should a forensic investigator
use on a Windows computer to locate all the data on a computer disk, protect
evidence, and create evidentiary reports for use in legal proceedings?
ProDiscover - ANSWERProDiscover
Purpose of Hashing Tools - ANSWERWhat is the purpose of hashing tools during
data acquisition?
Validating Digital Evidence - ANSWERValidating the collected digital evidence by
comparing the original and copied file message digests
Software Tool to Prevent Writes - ANSWERWhich software-based tool is used to
prevent writes to storage devices on a computer?
SAFE Block - ANSWERSAFE Block
Database Change Research Tool - ANSWERWhich tool should a forensic team use
to research unauthorized changes in a database?
ApexSQL DBA - ANSWERApexSQL DBA
Public IP Information Tool - ANSWERWhich graphical tool should investigators use
to identify publicly available information about a public IP address?
NETWORK INTRUSION EXAM PREP
QUESTIONS & ANSWERS(RATED
A+)
Denial-of-service technique - ANSWERAn attack that sends a large amount of data
to overwhelm system resources.
Mail bombing - ANSWERA type of denial-of-service attack that involves sending a
large volume of emails to a target.
Acquiring data - ANSWERThe step in computer crime forensics that requires an
investigator to duplicate and image the collected digital information.
Testifying in court - ANSWERThe last step of a criminal investigation that requires
the involvement of a computer forensic investigator.
Verifying an Android mobile device - ANSWERChecking to see if it is plugged into a
computer without potentially changing the original evidence.
Aluminum foil - ANSWERAn alternative to a Faraday bag for protecting a mobile
device.
Search warrant innovation criterion - ANSWERAvailability to the general public
determines whether a technology requires a search warrant.
Seizing a hard drive without a warrant - ANSWERA law enforcement officer can
seize a hard drive if the evidence is in imminent danger.
Investigation report - ANSWERA legal document that contains a summary of findings
and is used to prosecute.
Faraday bag - ANSWERA protective bag used to prevent signals from reaching a
mobile phone.
Ethical behavior while testifying - ANSWERProviding and explaining facts found
during the investigation.
Search and seizure compliance - ANSWERWhat a government agent should have
complied with during search and seizure in a case involving malware.
Flashing lights - ANSWERA method for a forensic investigator to verify an Android
mobile device is on without interacting with the operating system.
,Sturdy container - ANSWERAn alternative to a Faraday bag for protecting a mobile
device.
Cardboard box - ANSWERAn alternative to a Faraday bag for protecting a mobile
device.
Bubble wrap - ANSWERAn alternative to a Faraday bag for protecting a mobile
device.
Dependency on third-party software - ANSWERA criterion that may determine
whether a technology used by government requires a search warrant.
Implementation based on open source software - ANSWERA criterion that may
determine whether a technology used by government requires a search warrant.
Use of cloud-based machine learning - ANSWERA criterion that may determine
whether a technology used by government requires a search warrant.
Suspicious occupant behavior - ANSWERNot a valid reason for a law enforcement
officer to seize a hard drive without a warrant.
Unattended computer - ANSWERNot a valid reason for a law enforcement officer to
seize a hard drive without a warrant.
Wide open front door - ANSWERNot a valid reason for a law enforcement officer to
seize a hard drive without a warrant.
Fourth Amendment - ANSWERA part of the United States Constitution that protects
citizens from unreasonable searches and seizures.
Stored Communications Act - ANSWERA law that governs the voluntary and
involuntary disclosure of stored wire and electronic communications and
transactional records.
Net Neutrality Bill - ANSWERLegislation that aims to ensure that internet service
providers treat all data on the internet the same, without discriminating or charging
differently.
Federal Rules of Evidence - ANSWERA set of rules that governs the introduction of
evidence at civil and criminal trials in federal courts.
Stego-only - ANSWERA method used in steganography where only the stego object
is available to the investigator.
Known-stego - ANSWERA method where the investigator has access to both the
stego object and the method used to hide the information.
Known-message - ANSWERA method where the investigator has access to the
plaintext message and uses it to find the hidden information.
,Chosen-message - ANSWERA method where the investigator can choose a
plaintext message and analyze it to find the hidden information.
Linux - ANSWERAn open-source operating system based on the Linux kernel.
OS X - ANSWERAn operating system developed by Apple Inc. for Macintosh
computers.
UNIX - ANSWERA powerful, multiuser operating system originally developed in the
1960s and 1970s.
Windows - ANSWERA series of operating systems developed by Microsoft for
personal computers.
Cain and Abel - ANSWERA password recovery tool for Microsoft Windows that can
recover passwords by sniffing the network, cracking encrypted passwords, and
more.
DaveGrohl - ANSWERA password cracker specifically designed to recover
passwords on OS X operating systems.
L0phtCrack - ANSWERA password auditing and recovery application for Windows.
Ophcrack - ANSWERAn open-source Windows password cracker based on rainbow
tables.
Wireshark - ANSWERA network protocol analyzer that allows for the capture and
analysis of network traffic.
Administrative - ANSWERA type of cybercrime investigation approach focused on
enforcing company policies and regulations.
Enterprise Theory of Investigation - ANSWERA model that applies a holistic
approach toward any criminal activity as a criminal operation.
Court warrant - ANSWERA legal document issued by a judge authorizing law
enforcement to conduct a search or seizure.
Log review - ANSWERAn activity used to check whether an application has ever
been installed on a computer by examining system logs.
Forensic readiness - ANSWERAn organization's preparedness to handle incidents of
cybercrime, including considerations for cost.
Chain of custody document - ANSWERA document that records the handling of
evidence to maintain its integrity in legal proceedings.
EnCase - ANSWERA digital forensic tool that allows investigators to review or
process information in a Windows environment without relying on the Windows API.
, Backdoor - ANSWERCreate a backdoor that a perpetrator can use by connecting
wirelessly to the network
Jamming - ANSWERJam the wireless signals to stop all legitimate traffic from using
the wireless network
Wireless Card Activation - ANSWERActivate the wireless cards in the laptops of
victims to gain access to their data and network
Rogue Wireless Network - ANSWERTransmit high-power signals that force users to
connect to the rogue wireless network
Buffer Overflow - ANSWERWhich web-based application attack corrupts the
execution stack of a web application?
Archived Email File Extension - ANSWERWhich file extension should the
investigator search for to find the archived message on the server?
.EDB - ANSWER.EDB
Email Server Identification - ANSWERWhich task should these investigators instruct
the victim to perform in order to identify the sending email server?
Email Header - ANSWERProvide the email header
Forensic Tool for Data Location - ANSWERWhich tool should a forensic investigator
use on a Windows computer to locate all the data on a computer disk, protect
evidence, and create evidentiary reports for use in legal proceedings?
ProDiscover - ANSWERProDiscover
Purpose of Hashing Tools - ANSWERWhat is the purpose of hashing tools during
data acquisition?
Validating Digital Evidence - ANSWERValidating the collected digital evidence by
comparing the original and copied file message digests
Software Tool to Prevent Writes - ANSWERWhich software-based tool is used to
prevent writes to storage devices on a computer?
SAFE Block - ANSWERSAFE Block
Database Change Research Tool - ANSWERWhich tool should a forensic team use
to research unauthorized changes in a database?
ApexSQL DBA - ANSWERApexSQL DBA
Public IP Information Tool - ANSWERWhich graphical tool should investigators use
to identify publicly available information about a public IP address?
