WGU Course C840 - Digital Forensics in
Cybersecurity
The chief information officer of an accounting firm believes sensitive
data is being exposed on the local network. Which tool should the IT
staff use to gather digital evidence about this security vulnerability?
A Sniffer
B Disk analyzer
C Tracer
D Virus scanner Correct answer- A
A police detective investigating a threat traces the source to a house.
The couple at the house shows the detective the only computer the
family owns, which is in their son's bedroom. The couple states that
their son is presently in class at a local middle school.
How should the detective legally gain access to the computer?
A Obtain a search warrant from the police
B Seize the computer under the USA Patriot Act
C Obtain consent to search from the parents
D Seize the computer under the Computer Security Act Correct answer-
C
How should a forensic scientist obtain the network configuration from a
Windows PC before seizing it from a crime scene?
,A By using the ipconfig command from a command prompt on the
computer
B By using the tracert command from a command prompt on the
computer
C By logging into the router to which the PC is connected
D By installing a network packet sniffer on the computer Correct
answer- A
The human resources manager of a small accounting firm believes he
may have been a victim of a phishing scam. The manager clicked on a
link in an email message that asked him to verify the logon credentials
for the firm's online bank account.
Which digital evidence should a forensic investigator collect to
investigate this incident?
A System log
B Security log
C Disk cache
D Browser cache Correct answer- D
After a company's single-purpose, dedicated messaging server is
hacked by a cybercriminal, a forensics expert is hired to investigate the
crime and collect evidence.
Which digital evidence should be collected?
A Web server logs
B Firewall logs
C Phishing emails
D Spam messages Correct answer- B
,Thomas received an email stating that he needed to follow a link and
verify his bank account information to ensure it was secure. Shortly
after following the instructions, Thomas noticed money was missing
from his account.
Which digital evidence should be considered to determine how
Thomas' account information was compromised?
A Social media accounts
B Router logs
C Flash drive contents
D Email messages Correct answer- D
The chief executive officer (CEO) of a small computer company has
identified a potential hacking attack from an outside competitor.
Which type of evidence should a forensics investigator use to identify
the source of the hack?
A Disk drive backups
B Network transaction logs
C Browser history
D Email headers Correct answer- B
A forensic scientist arrives at a crime scene to begin collecting evidence.
What is the first thing the forensic scientist should do?
A Turn off the power to the entire area being examined
B Unplug all network connections so data cannot be deleted remotely
C Gather up all physical evidence and move it out as quickly as possible
D Photograph all evidence in its original place Correct answer- D
, Which method of copying digital evidence ensures proper evidence
collection?
A Make the copy using file transfer
B Copy files using drag and drop
C Make the copy at the bit-level
D Copy the logical partitions Correct answer- C
A computer involved in a crime is infected with malware. The computer
is on and connected to the company's network. The forensic
investigator arrives at the scene.
Which action should be the investigator's first step?
A Remove the malware and secure the computer.
B Unplug the computer's power cord.
C Unplug the computer's Ethernet cable.
D Label all the attachments and secure the computer. Correct answer-
C
What are the three basic tasks that a systems forensic specialist must
keep in mind when handling evidence during a cybercrime
investigation?
Answer options may be used more than once or not at all. Select your
answers from the pull-down list.
1 Preserve evidence
2 Catalog evidence
3 Prepare evidence
4 Make multiple copies of evidence
5 Disseminate evidence
6 Prepare evidence report
Cybersecurity
The chief information officer of an accounting firm believes sensitive
data is being exposed on the local network. Which tool should the IT
staff use to gather digital evidence about this security vulnerability?
A Sniffer
B Disk analyzer
C Tracer
D Virus scanner Correct answer- A
A police detective investigating a threat traces the source to a house.
The couple at the house shows the detective the only computer the
family owns, which is in their son's bedroom. The couple states that
their son is presently in class at a local middle school.
How should the detective legally gain access to the computer?
A Obtain a search warrant from the police
B Seize the computer under the USA Patriot Act
C Obtain consent to search from the parents
D Seize the computer under the Computer Security Act Correct answer-
C
How should a forensic scientist obtain the network configuration from a
Windows PC before seizing it from a crime scene?
,A By using the ipconfig command from a command prompt on the
computer
B By using the tracert command from a command prompt on the
computer
C By logging into the router to which the PC is connected
D By installing a network packet sniffer on the computer Correct
answer- A
The human resources manager of a small accounting firm believes he
may have been a victim of a phishing scam. The manager clicked on a
link in an email message that asked him to verify the logon credentials
for the firm's online bank account.
Which digital evidence should a forensic investigator collect to
investigate this incident?
A System log
B Security log
C Disk cache
D Browser cache Correct answer- D
After a company's single-purpose, dedicated messaging server is
hacked by a cybercriminal, a forensics expert is hired to investigate the
crime and collect evidence.
Which digital evidence should be collected?
A Web server logs
B Firewall logs
C Phishing emails
D Spam messages Correct answer- B
,Thomas received an email stating that he needed to follow a link and
verify his bank account information to ensure it was secure. Shortly
after following the instructions, Thomas noticed money was missing
from his account.
Which digital evidence should be considered to determine how
Thomas' account information was compromised?
A Social media accounts
B Router logs
C Flash drive contents
D Email messages Correct answer- D
The chief executive officer (CEO) of a small computer company has
identified a potential hacking attack from an outside competitor.
Which type of evidence should a forensics investigator use to identify
the source of the hack?
A Disk drive backups
B Network transaction logs
C Browser history
D Email headers Correct answer- B
A forensic scientist arrives at a crime scene to begin collecting evidence.
What is the first thing the forensic scientist should do?
A Turn off the power to the entire area being examined
B Unplug all network connections so data cannot be deleted remotely
C Gather up all physical evidence and move it out as quickly as possible
D Photograph all evidence in its original place Correct answer- D
, Which method of copying digital evidence ensures proper evidence
collection?
A Make the copy using file transfer
B Copy files using drag and drop
C Make the copy at the bit-level
D Copy the logical partitions Correct answer- C
A computer involved in a crime is infected with malware. The computer
is on and connected to the company's network. The forensic
investigator arrives at the scene.
Which action should be the investigator's first step?
A Remove the malware and secure the computer.
B Unplug the computer's power cord.
C Unplug the computer's Ethernet cable.
D Label all the attachments and secure the computer. Correct answer-
C
What are the three basic tasks that a systems forensic specialist must
keep in mind when handling evidence during a cybercrime
investigation?
Answer options may be used more than once or not at all. Select your
answers from the pull-down list.
1 Preserve evidence
2 Catalog evidence
3 Prepare evidence
4 Make multiple copies of evidence
5 Disseminate evidence
6 Prepare evidence report
