WGU C70 QUESTIONS & ANSWERS
100% CORRECT!!
A software company suspects that employees have set up automatic corporate email
forwarding to their personal inboxes against company policy. The company hires
forensic investigators to identify the employees violating policy, with the intention of
issuing warnings to them.
Which type of cybercrime investigation approach is this company taking? -
ANSWERAdministrative
Which model or legislation applies a holistic approach toward any criminal activity as
a criminal operation? - ANSWEREnterprise Theory of Investigation
What does a forensic investigator need to obtain before seizing a computing device
in a criminal case? - ANSWERCourt warrant
Which activity should be used to check whether an application has ever been
installed on a computer? - ANSWERLog review
Which characteristic describes an organization's forensic readiness in the context of
cybercrimes? - ANSWERIt includes cost considerations.
A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick
containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in evidence? -
ANSWERThose who obtain access to the device
Which operating system is targeted by the DaveGrohl password cracker? -
ANSWEROS X
Which password cracker is used to recover passwords on an OS X operating
system? - ANSWERDaveGrohl
Which tool allows a forensic investigator to process Transmission Control Protocol
(TCP) streams for analysis of malicious traffic? - ANSWERWireshark
Which tool allows an investigator to review or process information in a Windows
environment but does not rely on the Windows API? - ANSWEREnCase
Which type of attack is a denial-of-service technique that sends a large amount of
data to overwhelm system resources? - ANSWERMail bombing
Which computer crime forensics step requires an investigator to duplicate and image
the collected digital information? - ANSWERAcquiring data
, What is the last step of a criminal investigation that requires the involvement of a
computer forensic investigator? - ANSWERTestifying in court
How can a forensic investigator verify an Android mobile device is on, without
potentially changing the original evidence or interacting with the operating system? -
ANSWERLook for flashing lights
What should a forensic investigator use to protect a mobile device if a Faraday bag
is not available? - ANSWERAluminum foil
Which criterion determines whether a technology used by government to obtain
information in a computer search is considered innovative and requires a search
warrant? - ANSWERAvailability to the general public
Which situation allows a law enforcement officer to seize a hard drive from a
residence without obtaining a search warrant? - ANSWERThe evidence is in
imminent danger.
Which legal document contains a summary of findings and is used to prosecute? -
ANSWERInvestigation report
What should an investigator use to prevent any signals from reaching a mobile
phone? - ANSWERFaraday bag
A forensic investigator is called to the stand as a technical witness in an internet
payment fraud case.
Which behavior is considered ethical by this investigator while testifying? -
ANSWERProviding and explaining facts found during the investigation
A government agent is testifying in a case involving malware on a system.
What should this agent have complied with during search and seizure? -
ANSWERFourth Amendment
Which method is used when an investigator has access to the plaintext and an
image file with the hidden information? - ANSWERKnown-message
Which method is used when an investigator takes a plaintext message, uses various
tools against it, and finds the algorithm used to hide information? -
ANSWERChosen-message
A computer forensic investigator finds an unauthorized wireless access point
connected to an organization's network switch. This access point's wireless network
has a random name with a hidden service set identifier (SSID).
What is this set-up designed to do? - ANSWERCreate a backdoor that a perpetrator
can use by connecting wirelessly to the network
100% CORRECT!!
A software company suspects that employees have set up automatic corporate email
forwarding to their personal inboxes against company policy. The company hires
forensic investigators to identify the employees violating policy, with the intention of
issuing warnings to them.
Which type of cybercrime investigation approach is this company taking? -
ANSWERAdministrative
Which model or legislation applies a holistic approach toward any criminal activity as
a criminal operation? - ANSWEREnterprise Theory of Investigation
What does a forensic investigator need to obtain before seizing a computing device
in a criminal case? - ANSWERCourt warrant
Which activity should be used to check whether an application has ever been
installed on a computer? - ANSWERLog review
Which characteristic describes an organization's forensic readiness in the context of
cybercrimes? - ANSWERIt includes cost considerations.
A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick
containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in evidence? -
ANSWERThose who obtain access to the device
Which operating system is targeted by the DaveGrohl password cracker? -
ANSWEROS X
Which password cracker is used to recover passwords on an OS X operating
system? - ANSWERDaveGrohl
Which tool allows a forensic investigator to process Transmission Control Protocol
(TCP) streams for analysis of malicious traffic? - ANSWERWireshark
Which tool allows an investigator to review or process information in a Windows
environment but does not rely on the Windows API? - ANSWEREnCase
Which type of attack is a denial-of-service technique that sends a large amount of
data to overwhelm system resources? - ANSWERMail bombing
Which computer crime forensics step requires an investigator to duplicate and image
the collected digital information? - ANSWERAcquiring data
, What is the last step of a criminal investigation that requires the involvement of a
computer forensic investigator? - ANSWERTestifying in court
How can a forensic investigator verify an Android mobile device is on, without
potentially changing the original evidence or interacting with the operating system? -
ANSWERLook for flashing lights
What should a forensic investigator use to protect a mobile device if a Faraday bag
is not available? - ANSWERAluminum foil
Which criterion determines whether a technology used by government to obtain
information in a computer search is considered innovative and requires a search
warrant? - ANSWERAvailability to the general public
Which situation allows a law enforcement officer to seize a hard drive from a
residence without obtaining a search warrant? - ANSWERThe evidence is in
imminent danger.
Which legal document contains a summary of findings and is used to prosecute? -
ANSWERInvestigation report
What should an investigator use to prevent any signals from reaching a mobile
phone? - ANSWERFaraday bag
A forensic investigator is called to the stand as a technical witness in an internet
payment fraud case.
Which behavior is considered ethical by this investigator while testifying? -
ANSWERProviding and explaining facts found during the investigation
A government agent is testifying in a case involving malware on a system.
What should this agent have complied with during search and seizure? -
ANSWERFourth Amendment
Which method is used when an investigator has access to the plaintext and an
image file with the hidden information? - ANSWERKnown-message
Which method is used when an investigator takes a plaintext message, uses various
tools against it, and finds the algorithm used to hide information? -
ANSWERChosen-message
A computer forensic investigator finds an unauthorized wireless access point
connected to an organization's network switch. This access point's wireless network
has a random name with a hidden service set identifier (SSID).
What is this set-up designed to do? - ANSWERCreate a backdoor that a perpetrator
can use by connecting wirelessly to the network
