WGU C702 CHFI AND OA EXAM
COMPLETE QUESTIONS AND
ANSWERS
\.______ is a 128 bit unique reference number used as an identifier in computer software? -
Answer-Global Unique Identifier (GUID)
\.________ command is used to display the network configuration of the NICs on the system. -
Answer-ipconfig /all
\.________ is the standard investigative model used by the FBI when conducting investigations
against major criminal organizations. - Answer-Enterprise Theory of Investigation (ETI).
\.A chain of custody is a critical document in the computer forensics investigation process
because the document provides legal validation of appropriate evidence handling. - Answer-
True.
\.A computer forensic examiner can investigate any crime as long as he or she takes detailed
notes and follows the appropriate processes. - Answer-False.
\.An email client connects with a POP3 server via which of the following? - Answer-Port 110.
\.An investigator may commit some common mistakes while collecting data from the system
that result in the loss of critical evidence. Which of the following is NOT a mistake that
investigators commonly make? - Answer-Use of correct cables and cabling techniques.
,\.Because they are always changing, the information in the registers or the processor cache are
the most volatile data. - Answer-True.
\.Codes of ethics are the principles stated to describe the expected behavior of an investigator
while handling a case. Which of the following is NOT a principle that a computer forensic
investigator must follow? - Answer-Provide personal or prejudiced opinions.
\.Computer Forensics deals with the process of finding _____ related to a digital crime to find
the culprits and initiate legal action against them. - Answer-Evidence.
\.Courts call knowledgable persons to testify to the accuracy of the investigative process. These
people who tesify are known as the: - Answer-Expert witnesses.
\.Cybercrimes can be classified into the following two types of attacks, based on the line of
attack. - Answer-Internal and External.
\.Digital devices store data about session such as user and type of connection. - Answer-True.
\.Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are
examples of what? - Answer-Insider attack or primary attacks.
\.External attacks occur when there are inadequate information-security policies and
procedures. - Answer-True.
\.For Forensics Analysis, which of the following MySQL Utility Programs is used to export
metadata, data, or both from one or more databases? - Answer-mysqldbexport
\.Forensic data duplication involves the creation of a file that has every bit of information from
the source in a raw bit-stream format. - Answer-True.
, \.Forensic readiness includes technical and nontechnical actions that maximize an organization's
competence to use digital evidence. - Answer-True.
\.Forensic readiness refers to: - Answer-An organization's ability to make optimal use of digital
evidence in a limited time period and with minimal investigation costs.
\.How can an attacker exploit a network? - Answer-Through wired or wireless connections.
\.How large is the partition table structure that stores information about the partitions present
on the hard disk? - Answer-64-byte.
\.How many bit values does HFS use to address allocation blocks? - Answer-16
\.How many bits are used by the MBR partition scheme for storing LBAs (Logical Block
Addresses) and the size information on a 512-byte sector? - Answer-32 bits
\.How should expert witnesses conduct themselves while presenting testimony to any court or
attorney? - Answer-Avoid leaning and develop self-confidence.
\.Identify the following Cloud computing services that enable subscribers to use fundamental IT
resources such as computing power, virtualization, data storage, network, and so on- on
demand. - Answer-Infrastructure-as-a-service (IaaS)
\.Identify the following which was launched by the National Institute of Standards and
Technology (NIST), that establishes a "methodology for testing computer forensics software
tools by development of general tool specifications, test procedures, test criteria, test sets, and
test hardware." - Answer-Computer Forensic Tool Testing Project (CFTTP)
COMPLETE QUESTIONS AND
ANSWERS
\.______ is a 128 bit unique reference number used as an identifier in computer software? -
Answer-Global Unique Identifier (GUID)
\.________ command is used to display the network configuration of the NICs on the system. -
Answer-ipconfig /all
\.________ is the standard investigative model used by the FBI when conducting investigations
against major criminal organizations. - Answer-Enterprise Theory of Investigation (ETI).
\.A chain of custody is a critical document in the computer forensics investigation process
because the document provides legal validation of appropriate evidence handling. - Answer-
True.
\.A computer forensic examiner can investigate any crime as long as he or she takes detailed
notes and follows the appropriate processes. - Answer-False.
\.An email client connects with a POP3 server via which of the following? - Answer-Port 110.
\.An investigator may commit some common mistakes while collecting data from the system
that result in the loss of critical evidence. Which of the following is NOT a mistake that
investigators commonly make? - Answer-Use of correct cables and cabling techniques.
,\.Because they are always changing, the information in the registers or the processor cache are
the most volatile data. - Answer-True.
\.Codes of ethics are the principles stated to describe the expected behavior of an investigator
while handling a case. Which of the following is NOT a principle that a computer forensic
investigator must follow? - Answer-Provide personal or prejudiced opinions.
\.Computer Forensics deals with the process of finding _____ related to a digital crime to find
the culprits and initiate legal action against them. - Answer-Evidence.
\.Courts call knowledgable persons to testify to the accuracy of the investigative process. These
people who tesify are known as the: - Answer-Expert witnesses.
\.Cybercrimes can be classified into the following two types of attacks, based on the line of
attack. - Answer-Internal and External.
\.Digital devices store data about session such as user and type of connection. - Answer-True.
\.Espionage, theft of intellectual property, manipulation of records, and trojan horse attacks are
examples of what? - Answer-Insider attack or primary attacks.
\.External attacks occur when there are inadequate information-security policies and
procedures. - Answer-True.
\.For Forensics Analysis, which of the following MySQL Utility Programs is used to export
metadata, data, or both from one or more databases? - Answer-mysqldbexport
\.Forensic data duplication involves the creation of a file that has every bit of information from
the source in a raw bit-stream format. - Answer-True.
, \.Forensic readiness includes technical and nontechnical actions that maximize an organization's
competence to use digital evidence. - Answer-True.
\.Forensic readiness refers to: - Answer-An organization's ability to make optimal use of digital
evidence in a limited time period and with minimal investigation costs.
\.How can an attacker exploit a network? - Answer-Through wired or wireless connections.
\.How large is the partition table structure that stores information about the partitions present
on the hard disk? - Answer-64-byte.
\.How many bit values does HFS use to address allocation blocks? - Answer-16
\.How many bits are used by the MBR partition scheme for storing LBAs (Logical Block
Addresses) and the size information on a 512-byte sector? - Answer-32 bits
\.How should expert witnesses conduct themselves while presenting testimony to any court or
attorney? - Answer-Avoid leaning and develop self-confidence.
\.Identify the following Cloud computing services that enable subscribers to use fundamental IT
resources such as computing power, virtualization, data storage, network, and so on- on
demand. - Answer-Infrastructure-as-a-service (IaaS)
\.Identify the following which was launched by the National Institute of Standards and
Technology (NIST), that establishes a "methodology for testing computer forensics software
tools by development of general tool specifications, test procedures, test criteria, test sets, and
test hardware." - Answer-Computer Forensic Tool Testing Project (CFTTP)
