Download WGU C702 SCRIPT 2026 FULL SOLVED CONTENT and more Exams Forensics in PDF only on Docsity!
WGU C702 SCRIPT 2026 FULL SOLVED
CONTENT
◉What is a machine readable language used in major digital operations, such as sending and receiving emails? Answer: ASCII ◉What is JPEG an acronym of? Answer: Joint Photographic Experts Group ◉What is the proprietary Microsoft Office presentation file extension used in PowerPoint? Answer: PPT ◉Which of the following is an example of optical media? Answer: CD/DVD ◉In sector, addressing _______ determines the address of the individual sector on the disk. Answer: Cylinders, Heads, and Sectors (CHS) ◉______ is a 128 bit unique reference number used as an identifier in computer software? Answer: Global Unique Identifier (GUID)
◉Mac OS uses a hierarchical file system. Answer: True. ◉The main advantage of RAID is that if a single physical disk fails: Answer: The system will continue to function without loss of data. ◉The command "fsstat" displays the details associated with an image file. Answer: False. ◉What is the simplest RAID level that does not involve redundancy, and fragments the file into the user-defined stripe size of the array? Answer: RAID 0 ◉An investigator may commit some common mistakes while collecting data from the system that result in the loss of critical evidence. Which of the following is NOT a mistake that investigators commonly make? Answer: Use of correct cables and cabling techniques. ◉In Linux Standard Tools, forensic investigators use the following build-in Linux Commands to copy data from a disk drive: Answer: dd and dcfldd ◉Because they are always changing, the information in the registers or the processor cache are the most volatile data. Answer: True.
◉Where are deleted items stored on the Windows 2000, XP, and NT versions of Windows? Answer: Drive:\RECYCLER ◉What is the maximum size limit for the Recycle Bin in Windows prior to Windows Vista? Answer: 3.99GB ◉Which of the following is NOT a feature of the Recover My Files tool? Answer: recovering files from a network drive. ◉What tool is used for format recovery, unformatting and recovering deleted files emptied from the Recycle Bin, or data lost due to partition loss or damage, software crash, virus infection, or unexpected shutdown and supports hardware RAID Answer: EaseUS ◉Which tool undeletes and recovers lost files from hard drives, memory cards, and USB flash drives? Answer: Disk Digger ◉Which tool recovers files that have been lost, deleted, corrupted, and even deteriorated? Answer: Quick Recovery ◉Which tool recovers lost data from hard drives, RAID, photographs, deleted files, iPods, and removable disks connected via FireWire or USB? Answer: Total Recall
◉Which tool scans the entire system for deleted files and folders and recovers them? Answer: Advanced Disk Recovery ◉Which tool for MAC recovers files from a crashed or virus- corrupted hard drive? Answer: Data Rescue 4 ◉Which of the following are frequently left by criminals, assisting investigators in understanding the process of crime and the motive behind it, and allowing them to attempt to identify the person(s) who committed it? Answer: Fingerprints ◉In Detecting Rootkits, the following technique is used to compare characteristics of all system processes and executable files with a database of known rootkit fingerprints. Answer: Signature-Based Detection ◉In Anti Forensics Techniques, which of the following techniques is used to hide a secret message within an ordinary message and extract it at the destination to maintain confidentiality of data? Answer: Steganography ◉Which of the following consists of volatile storage? Answer: RAM
◉The value 0 associated with the registry entry Enable Prefetcher tells the system to use which prefetch? Answer: Prefetching is disabled. ◉What prefetch does value 1 from the registry entry EnablePrefetcher tell the system to use? Answer: Application prefetching is enabled. ◉What prefetch does value 2 from the registry entry EnablePrefetcher tell the system to use? Answer: Boot prefetching is enabled. ◉What prefetch does the value 3 from the registry entry EnablePrefetcher tell the system to use? Answer: Both application and boot prefetching are enabled. ◉What tool enables you to retrieve information about event logs and publishers in Windows 10? Answer: Wevtutil. ◉Intruders attempting to gain remote access to a system try to find the other systems connected to the network and visible to the compromised system. Answer: True. ◉________ command is used to display the network configuration of the NICs on the system. Answer: ipconfig /all
◉Investigators can use Linux commands to gather necessary information from the system. Identify the following shell command that is used to display the kernel ring buffer or information about device drivers loaded into the kernel. Answer: dmesg ◉What are the unique identification numbers assigned to Windows user account for granting user access to particular resources? Answer: Microsoft security ID. ◉In the Windows Event Log File internals, the following file is used to store the Databases related to the system: Answer: System.evtx ◉Thumbnails of images remain on computers even after files are deleted. Answer: True ◉What is NOT one of the three tiers a log management infrastructure typically comprises? Answer: Log rotation ◉Which is NOT a log management system function? Answer: Log generation. ◉What is NOT one of the three major concerns regarding log management? Answer: Log viewing
◉Which attack is specific to wireless networks? Answer: Jamming signal attack. ◉Where can congressional security standards and guidelines be found, along with an emphasis for federal agencies to develop, document, and implement organization-wide programs for information security? Answer: FISMA ◉What requires companies that offer financial products or services to protect customer information against security threats? Answer: GLBA ◉Which of the following includes security standards for health information? Answer: HIPAA ◉What is the act passed by the U.S. Congress to protect investors from the possibility of fraudulent accounting activities by corporations? Answer: SOX ◉What is a proprietary information security standard for organizations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards? Answer: PCI DSS
◉In what type of forensic examination do investigators perform an examination of logs to detect something that has already occurred in a network/device and determine what it is? Answer: Postmortem ◉What are the most common network attacks launched against wireless networks? Answer: AP MAC spoofing ◉In Event Correlation Approaches, which approach is used to monitor the computers and computer users behavior and provide an alert if something anomalous is found? Answer: Role-based approach ◉The investigator uses which of the following commands to view the ARP table in Windows? Answer: arp - a ◉Which is NOT an indication of a web attack? Answer: logs found to have no known anomalies. ◉Which is a threat to web applications? Answer: Cookie poisoning. ◉What layer of web application architecture includes all the web appliances, such as smartphones and PCs, where interaction with a web application deployed on a web server occurs? Answer: Client layer
◉Which web application threat refers to a drawback in a web application where it unintentionally reveals sensitive data to an unauthorized user? Answer: Information leakage. ◉Which web application threat arises when a web application is unable to handle technical issues properly and the website returns information, such as database dumps, stack traces, and codes? Answer: Improper error handling ◉Which web application threat refers to vulnerable management functions, including user updates, recovery of passwords, or resetting passwords? Answer: Broken account management ◉Which web application threat occurs when attackers exploit HTTP, gain access to unauthorized directories, and execute commands outside the web server's root directory? Answer: Directory traversal ◉Which web application threat occurs when attackers insert commands via input data and are able to tamper with the data? Answer: SQL injection ◉Which web application threat occurs when attackers intend to manipulate the communication exchanged between the client and
server to make changes in application data? Answer: parameter tampering ◉Which web application threat is a method intended to terminate website or server operations by making resources unavailable to clients? Answer: Denial of service ◉Which web application threat occurs when attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, or query strings? Answer: Unvalidated input. ◉Which web application threat occurs when attackers bypass the client's ID security mechanisms, gain access privileges, and inject malicious scripts into specific fields in web pages? Answer: Cross site scripting ◉Which web application threat occurs when attackers insert malicious code, commands, or scripts into the input gates of web applications, enabling the applications to interpret and run the newly supplied malicious input? Answer: Injection flaws ◉Which web application threat occurs when an authenticated user is forced to perform certain tasks on the web application chosen by an attacker? Answer: Cross site request forgery
◉What file format is used by Windows Vista and later versions to store event logs as simple text files in XML format? Answer: EVTX ◉What type of forensics takes actions when a security incident has occurred and both detection and analysis of the malicious activities performed by criminals over the SQL database file are required? Answer: MSSQL forensics ◉For Forensics Analysis, which of the following MySQL Utility Programs is used to export metadata, data, or both from one or more databases? Answer: mysqldbexport ◉Which command line utility is used to take a backup of the database? Answer: mysqldump ◉Which of the three different files storing data and logs in SQL servers is the starting point of a database and points to other files in the database? Answer: MDF ◉What cloud service offers a platform for developing applications and services? Answer: PaaS ◉What cloud service enables subscribers to use fundamental IT resources - such as computing power, virtualization, data storage, networ, etc. - on demand? Answer: IaaS
◉What cloud service offers application software to subscribers on demand or over the internet and is charged for by the provider on a pay per use basis, by subscription, by advertising, or by sharing among multiple users? Answer: SaaS ◉Which of the following is also known as an internal or corporate cloud infrastructure that a single organization operates? Answer: Private cloud ◉What is a cloud environment composed of two or more clouds that remain unique entities but are bound together to offer the benefits of multiple deployment models? Answer: Hybrid cloud ◉Which cloud environment is a multi tenant infrastructure shared among organization with common computing concerns, such as security, regulatory compliance, performance requirements, and jurisdiction? Answer: Community cloud ◉Which cloud environment allows the provider to make services- such as application, servers, and data storage-available to the public over the internet? Answer: Public cloud ◉Which of the following stakeholders includes professionals- such as cloud security architects, network administrators, security
◉Identify the following Cloud computing services that enable subscribers to use fundamental IT resources such as computing power, virtualization, data storage, network, and so on- on demand. Answer: Infrastructure-as-a-service (IaaS) ◉On Windows 10 OS, by default, the Google Drive Client is installed at which of the following locations? Answer: C:\Program Files (x86)\Google\Drive ◉Which of the following is a disadvantage of a private cloud? Answer: Expense ◉What is a common technique used to distribute malware on the web by injecting malware into legitimate looking websites to trick users into selecting them? Answer: Click jacking ◉What is a common technique used to distribute malware on the web with tactics such as keyword stuffing, doorway pages, page swapping, and adding unrelated keywords to get higher search engine ranking for malware pages? Answer: Blackhat SEO ◉What is a common technique used to distribute malware on the web by mimicking legitimate institutions in an attempt to steal passwords, credit cards, and account data? Answer: Spear phishing sites
◉What is a common technique used to distribute malware on the web by embedding malware-laden advertisements in authentic online advertising channels to spread onto systems of unsuspecting users? Answer: Malvertising
