WGU MASTER'S COURSE C702 INFORMATION SECURITY GOVERNANCE PROGRAM VALIDATION STRATEGY MODUL, Exams of Information and Communications Technology (ICT)

WGU MASTER'S COURSE C702 INFORMATION SECURITY GOVERNANCE PROGRAM VALIDATION STRATEGY MODULE 2026.

Typology: Exams

2025/2026

Available from 12/01/2025

HighMark_Prep
HighMark_Prep 🇺🇸

5

(3)

27K documents

1 / 166

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
WGU MASTER'S COURSE C702 INFORMATION
SECURITY GOVERNANCE PROGRAM
VALIDATION STRATEGY MODULE 2026.
Which model or legislation applies a holistic approach toward any
criminal activity as a criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting Answer: A
What does a forensic investigator need to obtain before seizing a
computing device in a criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission Answer: A
Which activity should be used to check whether an application has
ever been installed on a computer?
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download WGU MASTER'S COURSE C702 INFORMATION SECURITY GOVERNANCE PROGRAM VALIDATION STRATEGY MODUL and more Exams Information and Communications Technology (ICT) in PDF only on Docsity!

WGU MASTER'S COURSE C702 INFORMATION

SECURITY GOVERNANCE PROGRAM

VALIDATION STRATEGY MODULE 2026.

⫸ Which model or legislation applies a holistic approach toward any criminal activity as a criminal operation? A Enterprise Theory of Investigation B Racketeer Influenced and Corrupt Organizations Act C Evidence Examination D Law Enforcement Cyber Incident Reporting Answer: A ⫸ What does a forensic investigator need to obtain before seizing a computing device in a criminal case? A Court warrant B Completed crime report C Chain of custody document D Plaintiff's permission Answer: A ⫸ Which activity should be used to check whether an application has ever been installed on a computer?

A Penetration test B Risk analysis C Log review D Security review Answer: C ⫸ Which characteristic describes an organization's forensic readiness in the context of cybercrimes? A It includes moral considerations. B It includes cost considerations. C It excludes nontechnical actions. D It excludes technical actions. Answer: B ⫸ A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick containing emails as a primary piece of evidence. Who must sign the chain of custody document once the USB stick is in evidence? A Those who obtain access to the device B Anyone who has ever used the device C Recipients of emails on the device D Authors of emails on the device Answer: A

⫸ How can a forensic investigator verify an Android mobile device is on, without potentially changing the original evidence or interacting with the operating system? A Check to see if it is plugged into a computer B Tap the screen multiple times C Look for flashing lights D Hold down the power button Answer: C ⫸ What should a forensic investigator use to protect a mobile device if a Faraday bag is not available? A Aluminum foil B Sturdy container C Cardboard box D Bubble wrap Answer: A ⫸ Which criterion determines whether a technology used by government to obtain information in a computer search is considered innovative and requires a search warrant? A Availability to the general public B Dependency on third-party software C Implementation based on open source software D Use of cloud-based machine learning Answer: A

⫸ Which situation allows a law enforcement officer to seize a hard drive from a residence without obtaining a search warrant? A The computer is left unattended. B The front door is wide open. C The occupant is acting suspicious. D The evidence is in imminent danger. Answer: D ⫸ Which legal document contains a summary of findings and is used to prosecute? A Investigation report B Search warrant C Search and seizure D Chain of custody Answer: A ⫸ What should an investigator use to prevent any signals from reaching a mobile phone? A Faraday bag B Dry bag C Anti-static container D Lock box Answer: A

⫸ Which path should a forensic investigator use to look for system logs in a Mac? A /var/log/cups/access_log B /var/log/ C /var/audit/ D /var/log/install.log Answer: B ⫸ Which tool should a forensic investigator use to view information from Linux kernel ring buffers? A arp B dmesg C fsck D grep Answer: B ⫸ A forensic investigator makes a bit-stream copy of a Windows hard drive that has been reformatted. The investigator needs to locate only the Adobe PDF files on the hard drive. Which tool should this investigator use? A Quick Recovery B Handy Recovery C EaseUS Data Recovery

D Stellar Data Recovery Answer: C ⫸ Which hexadecimal value should an investigator search for to find JPEG images on a device? A 0x424D B 0xD0CF11E0A1B11AE C 0x504B D 0xFFD8 Answer: D ⫸ Which type of steganography allows the user to physically move a file but keep the associated files in their original location for recovery? A Whitespace B Folder C Image D Web Answer: B ⫸ An employee steals a sensitive text file by embedding it into a PNG file. The employee then sends this file via an instant chat message to an accomplice. Which type of steganography did this employee use?

A Linux B OS X C UNIX D Windows Answer: B ⫸ Which password cracker is used to recover passwords on an OS X operating system? A Cain and Abel B DaveGrohl C L0phtCrack D Ophcrack Answer: B ⫸ Which tool allows a forensic investigator to process Transmission Control Protocol (TCP) streams for analysis of malicious traffic? A Kibana B OSSEC C Syslog-ng D Wireshark Answer: D ⫸ Which tool allows an investigator to review or process information in a Windows environment but does not rely on the Windows API?

A EnCase B netstat C dd D LogMeister Answer: A ⫸ A computer forensic investigator finds an unauthorized wireless access point connected to an organization's network switch. This access point's wireless network has a random name with a hidden service set identifier (SSID). What is this set-up designed to do? A Create a backdoor that a perpetrator can use by connecting wirelessly to the network B Jam the wireless signals to stop all legitimate traffic from using the wireless network C Activate the wireless cards in the laptops of victims to gain access to their data and network D Transmit high-power signals that force users to connect to the rogue wireless network Answer: A ⫸ Which web-based application attack corrupts the execution stack of a web application? A Buffer overflow B Cookie poisoning

⫸ Which tool should a forensic investigator use on a Windows computer to locate all the data on a computer disk, protect evidence, and create evidentiary reports for use in legal proceedings? A Wireshark B OmniPeek C ProDiscover D Capsa Answer: C ⫸ What is the purpose of hashing tools during data acquisition? A Dumping the original RAM contents to a forensically sterile removable device B Enabling write protection on the original media to preserve the original evidence C Validating the collected digital evidence by comparing the original and copied file message digests D Creating a replica of the original source to prevent the inadvertent alteration of the original Answer: C ⫸ Which software-based tool is used to prevent writes to storage devices on a computer? A CRU WiebeTech B ILook Investigator C SAFE Block

D USB WriteBlocker Answer: C ⫸ Which tool should a forensic team use to research unauthorized changes in a database? A ApexSQL DBA B Gargoyle Investigator Forensic Pro C LSASecretsView D RSA NetWitness Investigator Answer: A ⫸ Which graphical tool should investigators use to identify publicly available information about a public IP address? A AWStats B GoAccess C SmartWhois D NsLookup Answer: C ⫸ Which tool is used to search and analyze PC messaging logs? A Chat Stick B File Viewer C SnowBatch D Zamzar Answer: A

C Decrypt the evidence by cracking passwords D Detect malware present on the evidence Answer: A ⫸ Which step preserves the forensic integrity of volatile evidence when a device is discovered in the powered-on state? A Documenting the procedures for shutting down the system B Collecting information with a secure command shell C Using the built-in backup utility to gather information D Copying the file with the keyboard shortcut Ctrl+C Answer: B ⫸ Which action maintains the integrity of evidence when a forensic laptop is used to acquire data from a compromised computer? A Connecting the machines with a straight through cable B Connecting the machines with a crossover cable C Enabling a hardware write blocker D Enabling administrative control Answer: C ⫸ What should an investigator do while collecting evidence from a device? A Turn off the computer to protect the data B Install antivirus software to protect information

C Begin documenting the chain of custody D Close any open documents and applications Answer: C ⫸ Why should investigators use the bit-stream disk-to-disk data acquisition method rather than the disk-to-image method? A Ensures that integrity is not compromised B Preserves the required chain of custody C Addresses potential errors and incompatibilities D Avoids the possibility of running out of space Answer: C ⫸ Which anti-forensic defense technique allows a forensic investigator to determine if the system's kernel is compromised? A Performing a brute-force attack B Conducting steganalysis C Performing BIOS bypass D Conducting rootkit detection Answer: D ⫸ Which anti-forensic defense technique allows a forensic investigator to gain access to files protected with Encrypting File System (EFS)? A Installing a recovery certificate B Detecting hosts in promiscuous mode

⫸ A forensic investigator receives dozens of log-in failure events within a few minutes. A security attack event is generated. What is the goal when performing event correlation? A Data aggregation B Content reduction C Explorative data analysis D Root cause identification Answer: D ⫸ A computer forensic investigator is preparing an affidavit statement. Which type of report should this investigator prepare? A Formal verbal B Informal verbal C Formal written D Informal written Answer: C ⫸ A forensic investigator is preparing a report in response to a security breach. The report is augmented by documentation provided by a third party.

Which optional section in the report serves as a gesture of thanks for the third-party support? A Acknowledgments B References C Conclusions D Appendices Answer: A ⫸ A network log from a remote system is entered into evidence, and the proper steps are taken to protect the integrity of the data. The log contains network intrusion data but does not contain any information about the log. What must an investigator document about this log in the forensic report? A Name of the server B Number of records in the file C Name of the server administrator D Number of bytes in the file Answer: A ⫸ What should an investigator do to ensure that creating a forensic hard drive image does not alter the drive? A Make a duplicate using the dd command