CNIT 420 Exam I Question and
answers correctly solved 2025/2026
digital forensics - correct answer ✔"the application of computer science and investigative procedures
for a legal purpose involving the analysis of digital evidence and proper search authority, validation with
mathematics hash function, use of validated tools, repeatability, reporting, and possible expert
presentation" - Ken Zatyko
Collection
Examination
Analysis
Reporting - correct answer ✔Four parts to the digital forensics process model
Federal rules of evidence (FRE) - correct answer ✔signed into law in 1973, created to ensure
consistency in federal proceedings
Fourth amendment - correct answer ✔protects everyone's right to be secure in their person, residence,
and property from search and seizure
Inculpatory evidence - correct answer ✔incriminating evidence, or provides evidence of an action
Exculpatory evidence - correct answer ✔provides evidence of a lack of action
False - correct answer ✔T/F: Data recovery and disaster recovery are forms of digital forensics
Investigations triad - correct answer ✔network intrusion detection and incident response, digital
investigations, and vulnerability/threat assessment and risk assessment are all a part of the
,vulnerability/threat assessment and risk assessment - correct answer ✔part of the investigations triad,
tests and verifies the integrity of stand-alone workstations and network servers
Digital investigations - correct answer ✔part of the investigations triad, manages the investigations and
conducts forensic analysis of systems suspected of containing evidence
Network intrusion detection and incident response - correct answer ✔part of the investigations triad,
detects intruder attacks by using automated tools and monitoring network firewall logs
Case law - correct answer ✔used when statutes don't exist, allows legal council to apply previous
similar cases to current one in an effort to address ambiguity in laws
Public sector
Private sector - correct answer ✔Two types of investigations
Public sector investigations - correct answer ✔investigations conducted by government agencies,
funded by tax dollars, subject to US Criminal and Constitutional law
Private sector - correct answer ✔investigations conducted by internal corporate investigations, policy
driven, abuse or misuse that is not necessarily against the law, can transform into a criminal
investigation based on evidence
allegation - correct answer ✔A criminal investigation usually begins with a/an ?
Police blotter - correct answer ✔historical database of previous crimes
Digital evidence first responder - correct answer ✔arrives on the incident scene, assesses the situation,
takes precaution to acquire and preserve evidence
, Digital evidence specialist - correct answer ✔has the skill to analyze the data and determine when
another specialist should be called in to assist
Affidavit - correct answer ✔a sworn statement of support of facts about or evidence of a crime, must
include exhibits that support the allegation
Acceptable use policy - correct answer ✔policy that defines rules for using the company's computers
and networks
Line of authority - correct answer ✔states who has the legal right to initiate an investigation, who can
take possession of evidence, and who can have access to the evidence
Acceptable use policy - correct answer ✔policy that defines rules for using the company's computers
and networks
warning banner - correct answer ✔Business can avoid litigation by displaying a ? on computer screens
that informs the user that the organization reserves the right to inspect computer systems and network
traffic at will
authorized user - correct answer ✔Businesses are advised to specify an ? who has the power to initiate
investigations
True - correct answer ✔T/F: In private sector investigations, you search for evidence to support the
allegations of violations.
True - correct answer ✔T/F: A private sector investigator's job is to minimize risk to the company
Bring your own device environment - correct answer ✔some companies state that if you connect a
personal device to the business network, it falls under the same rules as company property
answers correctly solved 2025/2026
digital forensics - correct answer ✔"the application of computer science and investigative procedures
for a legal purpose involving the analysis of digital evidence and proper search authority, validation with
mathematics hash function, use of validated tools, repeatability, reporting, and possible expert
presentation" - Ken Zatyko
Collection
Examination
Analysis
Reporting - correct answer ✔Four parts to the digital forensics process model
Federal rules of evidence (FRE) - correct answer ✔signed into law in 1973, created to ensure
consistency in federal proceedings
Fourth amendment - correct answer ✔protects everyone's right to be secure in their person, residence,
and property from search and seizure
Inculpatory evidence - correct answer ✔incriminating evidence, or provides evidence of an action
Exculpatory evidence - correct answer ✔provides evidence of a lack of action
False - correct answer ✔T/F: Data recovery and disaster recovery are forms of digital forensics
Investigations triad - correct answer ✔network intrusion detection and incident response, digital
investigations, and vulnerability/threat assessment and risk assessment are all a part of the
,vulnerability/threat assessment and risk assessment - correct answer ✔part of the investigations triad,
tests and verifies the integrity of stand-alone workstations and network servers
Digital investigations - correct answer ✔part of the investigations triad, manages the investigations and
conducts forensic analysis of systems suspected of containing evidence
Network intrusion detection and incident response - correct answer ✔part of the investigations triad,
detects intruder attacks by using automated tools and monitoring network firewall logs
Case law - correct answer ✔used when statutes don't exist, allows legal council to apply previous
similar cases to current one in an effort to address ambiguity in laws
Public sector
Private sector - correct answer ✔Two types of investigations
Public sector investigations - correct answer ✔investigations conducted by government agencies,
funded by tax dollars, subject to US Criminal and Constitutional law
Private sector - correct answer ✔investigations conducted by internal corporate investigations, policy
driven, abuse or misuse that is not necessarily against the law, can transform into a criminal
investigation based on evidence
allegation - correct answer ✔A criminal investigation usually begins with a/an ?
Police blotter - correct answer ✔historical database of previous crimes
Digital evidence first responder - correct answer ✔arrives on the incident scene, assesses the situation,
takes precaution to acquire and preserve evidence
, Digital evidence specialist - correct answer ✔has the skill to analyze the data and determine when
another specialist should be called in to assist
Affidavit - correct answer ✔a sworn statement of support of facts about or evidence of a crime, must
include exhibits that support the allegation
Acceptable use policy - correct answer ✔policy that defines rules for using the company's computers
and networks
Line of authority - correct answer ✔states who has the legal right to initiate an investigation, who can
take possession of evidence, and who can have access to the evidence
Acceptable use policy - correct answer ✔policy that defines rules for using the company's computers
and networks
warning banner - correct answer ✔Business can avoid litigation by displaying a ? on computer screens
that informs the user that the organization reserves the right to inspect computer systems and network
traffic at will
authorized user - correct answer ✔Businesses are advised to specify an ? who has the power to initiate
investigations
True - correct answer ✔T/F: In private sector investigations, you search for evidence to support the
allegations of violations.
True - correct answer ✔T/F: A private sector investigator's job is to minimize risk to the company
Bring your own device environment - correct answer ✔some companies state that if you connect a
personal device to the business network, it falls under the same rules as company property
