WGU Course C840 - Digital Forensics in Cybersecurity ALL CORRECT

Document Content and Description Below

WGU Course C840 - Digital Forensics in Cybersecurity ALL CORRECT Malware forensics is also known as internet forensics. A True B False Correct Answer: B The Privacy Protection Act (PPA) of ... 1980 protects journalists from being required to turn over to law enforcement any work product or documentary material, including sources, before it is disseminated to the public. A True B False Correct Answer: A The term testimonial evidence refers to the process of examining malicious computer code. A True B False Correct Answer: B Evidence need not be locked if it is at a police station. A True B False Correct Answer: B Real evidence means physical objects that can be touched, held, or directly observed, such as a laptop with a suspect's fingerprints on it, or a handwritten note. A True B False Correct Answer: A The FBI is the premier federal agency tasked with combating cybercrime. A True B False Correct Answer: B When cataloging digital evidence, the primary goal is to do what? A Make bitstream images of all hard drives. B Keep the computer from being turned off. C Keep evidence from being removed from the scene. D Preserve evidence integrity. Correct Answer: D Your roommate can give consent to search your computer. A True B False Correct Answer: B The Windows Registry is essentially a repository of all settings, software, and parameters for Windows. A True B False Correct Answer: A The term internet forensics refers to information that forensic specialists use to support or interpret real or documentary evidence; for example, to demonstrate that the fingerprints found on a keyboard are those of a specific individual. A True B False Correct Answer: B PROM can be programmed only once. Data is not lost when power is removed. A True B False Correct Answer: A In a computer forensics investigation, ________ describes the route that evidence takes from the time you find it until the case is closed or goes to court. A Policy of separation B Rules of evidence C Law of probability D Chain of custody Correct Answer: D The objective in computer forensics is to recover, analyze, and present computer-based material in such a way that it can be used as evidence in a court of law. A True B False Correct Answer: A Demonstrative evidence means information that helps explain other evidence. An example of demonstrative evidence is a chart that explains a technical concept to the judge and jury. A True B False Correct Answer: A Which of the following are important to the investigator regarding logging? A Location of stored logs B Log retention C The logging methods D All of these Correct Answer: D A sector is the basic unit of data storage on a hard disk, which is usually 64 KB. A True B False Correct Answer: A The term digital evidence describes the process of piecing together where and when a user has been on the Internet. A True B False Correct Answer: B When computer forensics first began, most investigations were conducted according to the whim of the investigator rather than through a standardized methodology. A True B False Correct Answer: A If the computer is turned on when you arrive, what does the Secret Service recommend you do? A Begin your investigation immediately. B Shut down according to recommended Secret Service procedure. C Transport the computer with power on. D Unplug the machine immediately. Correct Answer: B The process of acquiring and analyzing information stored on physical storage media, such as computer hard drives or smartphones is the definition of anti-forensics. A True B False Correct Answer: B What is the essence of the Daubert standard? A That only experts can testify at trial B That the chain of custody must be preserved C That only tools or techniques that have been accepted by the scientific community are admissible at trial D That an expert must affirm that a tool or technique is valid Correct Answer: C The Telecommunications Act of 1996 allows for collection and use of "empty" communications, which means nonverbal and nontext communications, such as GPS information. A True B False Correct Answer: B Volatile memory is computer memory that requires power to maintain the data it holds, and can be changed. A True B False Correct Answer: A Computer forensics is the exclusive domain of law enforcement. A True B False Correct Answer: B Why should you note all cable connections for a computer you want to seize as evidence? A To know what hardware existed B To know what peripheral devices existed C In case other devices were connected D To know what outside connections existed Correct Answer: C Documentary evidence is data stored in written form, on paper, or in electronic files, such as e-mail messages and telephone call-detail records. A True B False Correct Answer: A Section 816 of the USA Patriot Act, titled the "Development and Support of Cybersecurity Forensic Capabilities," does what? A Calls for investigation of all cybercrimes as acts of terrorism B Calls for the establishment of regional computer forensic laboratories C Establishes guidelines for seizing hard drives D Establishes guidelines for intercepting e-mail Correct Answer: B In September 2005, the FCC ruled that providers of broadband Internet access and interconnected VoIP services are telecommunications carriers under CALEA and, therefore, extended CALEA to the Web and broadband access for the purpose of wiretap ability. A True B False Correct Answer: A According to the Electronic Communications Privacy Act of 1986, when will a law enforcement officer need a warrant to intercept e-mail? A Never B Anytime e-mail will be intercepted C Only when seizing it from the server D Only when seizing it in transit Correct Answer: B WGU Course C840 - Digital Forensics in Cybersecurity ALL CORRECT Malware forensics is also known as internet forensics. A True B False Correct Answer: B The Privacy Protection Act (PPA) of 1980 protects journalists from being required to turn over to law enforcement any work product or documentary material, including sources, before it is disseminated to the public. A True B False Correct Answer: A The term testimonial evidence refers to the process of examining malicious computer code. A True B False Correct Answer: B Evidence need not be locked if it is at a police station. A True B False Correct Answer: B Real evidence means physical objects that can be touched, held, or directly observed, such as a laptop with a suspect's fingerprints on it, or a handwritten note. A True B False Correct Answer: A The FBI is the premier federal agency tasked with combating cybercrime. A True B False Correct Answer: B When cataloging digital evidence, the primary goal is to do what? A Make bitstream images of all hard drives. B Keep the computer from being turned off. C Keep evidence from being removed from the scene. D Preserve evidence integrity. Correct Answer: D Your roommate can give consent to search your computer. A True B False Correct Answer: B The Windows Registry is essentially a repository of all settings, software, and parameters for Windows. A True B False Correct Answer: A The term internet forensics refers to information that forensic specialists use to support or interpret real or documentary evidence; for example, to demonstrate that the fingerprints found on a keyboard are those of a specific individual. A True B False Correct Answer: B PROM can be programmed only once. Data is not lost when power is removed. A True B False Correct Answer: A In a computer forensics investigation, ________ describes the route that evidence takes from the time you find it until the case is closed or goes to court. A Policy of separation B Rules of evidence C Law of probability D Chain of custody Correct Answer: D The objective in computer forensics is to recover, analyze, and present computer-based material in such a way that it can be used as evidence in a court of law. A True B False Correct Answer: A Demonstrative evidence means information that helps explain other evidence. An example of demonstrative evidence is a chart that explains a technical concept to the judge and jury. A True B False Correct Answer: A Which of the following are important to the investigator regarding logging? A Location of stored logs B Log retention C The logging methods D All of these Correct Answer: D A sector is the basic unit of data storage on a hard disk, which is usually 64 KB. A True B False Correct Answer: A The term digital evidence describes the process of piecing together where and when a user has been on the Internet. A True B False Correct Answer: B When computer forensics first began, most investigations were conducted according to the whim of the investigator rather than through a standardized methodology. A True B False Correct Answer: A If the computer is turned on when you arrive, what does the Secret Service recommend you do? A Begin your investigation immediately. B Shut down according to recommended Secret Service procedure. C Transport the computer with power on. D Unplug the machine immediately. Correct Answer: B The process of acquiring and analyzing information stored on physical storage media, such as computer hard drives or smartphones is the definition of anti-forensics. A True B False Correct Answer: B What is the essence of the Daubert standard? A That only experts can testify at trial B That the chain of custody must be preserved C That only tools or techniques that have been accepted by the scientific community are admissible at trial D That an expert must affirm that a tool or technique is valid Correct Answer: C The Telecommunications Act of 1996 allows for collection and use of "empty" communications, which means nonverbal and nontext communications, such as GPS information. A True B False Correct Answer: B Volatile memory is computer memory that requires power to maintain the data it holds, and can be changed. A True B False Correct Answer: A Computer forensics is the exclusive domain of law enforcement. A True B False Correct Answer: B Why should you note all cable connections for a computer you want to seize as evidence? A To know what hardware existed B To know what peripheral devices existed C In case other devices were connected D To know what outside connections existed Correct Answer: C Documentary evidence is data stored in written form, on paper, or in electronic files, such as e-mail messages and telephone call-detail records. A True B False Correct Answer: A Section 816 of the USA Patriot Act, titled the "Development and Support of Cybersecurity Forensic Capabilities," does what? A Calls for investigation of all cybercrimes as acts of terrorism B Calls for the establishment of regional computer forensic laboratories C Establishes guidelines for seizing hard drives D Establishes guidelines for intercepting e-mail Correct Answer: B In September 2005, the FCC ruled that providers of broadband Internet access and interconnected VoIP services are telecommunications carriers under CALEA and, therefore, extended CALEA to the Web and broadband access for the purpose of wiretap ability. A True B False Correct Answer: A According to the Electronic Communications Privacy Act of 1986, when will a law enforcement officer need a warrant to intercept e-mail? A Never B Anytime e-mail will be intercepted C Only when seizing it from the server D Only when seizing it in transit Correct Answer: B [Show More]

Last updated: 1 year ago

Preview 1 out of 16 pages