Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Computer Forensics: CHFI and OA Exam Questions and Answers, Exams of Nursing

A comprehensive set of questions and answers related to the chfi and oa exams, covering key concepts in computer forensics. It explores topics such as evidence handling, investigation methodologies, digital data storage, and boot processes. Designed to help students prepare for their exams and gain a deeper understanding of computer forensics principles.

Typology: Exams

2024/2025

Available from 12/31/2024

kelvin-smith-3
kelvin-smith-3 🇺🇸

1

(1)

2K documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
GU C703 CHFI AND OA EXAM Questions
and Answers Latest Updated 2024
Guaranteed success TOP RATED A+
Which of the following is true regarding computer forensics? -
✓✓✓✓Computer forensics deals with the process of finding evidence related to a digital crime to
find the culprits and initiate legal action against them.
1. Which of the following is NOT a objective of computer forensics? -
✓✓✓✓Document vulnerabilities allowing further loss of intellectual property, finances, and
reputation during an attack.
2. Which of the following is true regarding Enterprise Theory of Investigation (ETI)? - ✓✓✓✓It
adopts a holistic approach toward any criminal activity as a criminal operation rather as a single
criminal act.
3. Forensic readiness refers to: - ✓✓✓✓An organization's ability to make optimal use of digital
evidence in a limited time period and with minimal investigation costs.
4. Which of the following is NOT a element of cybercrime? - ✓✓✓✓Evidence smaller in size.
5. Which of the following is true of cybercrimes? - ✓✓✓✓Investigators, with a warrant, have
the authority to forcibly seize the computing devices.
P a g e 1 | 32
WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed
Grade A+
6. Which of the following is true of cybercrimes? - ✓✓✓✓The initial reporting of the evidence
is usually informal.
7. Which of the following is NOT a consideration during a cybercrime investigation? -
✓✓✓✓Value or cost to the victim.
8. Which of the following is a user-created source of potential evidence? -
✓✓✓✓Address book.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download Computer Forensics: CHFI and OA Exam Questions and Answers and more Exams Nursing in PDF only on Docsity!

GU C70 3 CHFI AND OA EXAM Questions

and Answers Latest Updated 2024

Guaranteed success TOP RATED A+

Which of the following is true regarding computer forensics? - ✓✓✓✓Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them.

  1. Which of the following is NOT a objective of computer forensics? - ✓✓✓✓Document vulnerabilities allowing further loss of intellectual property, finances, and reputation during an attack.
  2. Which of the following is true regarding Enterprise Theory of Investigation (ETI)? - ✓✓✓✓It adopts a holistic approach toward any criminal activity as a criminal operation rather as a single criminal act.
  3. Forensic readiness refers to: - ✓✓✓✓An organization's ability to make optimal use of digital evidence in a limited time period and with minimal investigation costs.
  4. Which of the following is NOT a element of cybercrime? - ✓✓✓✓Evidence smaller in size.
  5. Which of the following is true of cybercrimes? - ✓✓✓✓Investigators, with a warrant, have the authority to forcibly seize the computing devices. P a g e 1 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  6. Which of the following is true of cybercrimes? - ✓✓✓✓The initial reporting of the evidence is usually informal.
  7. Which of the following is NOT a consideration during a cybercrime investigation? - ✓✓✓✓Value or cost to the victim.
  8. Which of the following is a user-created source of potential evidence? - ✓✓✓✓Address book.
  1. Which of the following is a computer-created source of potential evidence?
  • ✓✓✓✓Swap file.
  1. Which of the following is NOT where potential evidence may be located? - ✓✓✓✓Processor.
  2. Under which of the following conditions will duplicate evidence NOT suffice? - ✓✓✓✓When original evidence is in possession of the originator.
  3. Which of the following Federal Rules of Evidence governs proceedings in the courts of the United States? - ✓✓✓✓Rule 101.
  4. Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the proceedings justly determined? - ✓✓✓✓Rule 102. P a g e 2 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  5. Which of the following Federal Rules of Evidence contains rulings on evidence? - ✓✓✓✓Rule 103
  6. Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its proper scope and instruct the jury accordingly? - ✓✓✓✓Rule 105
  7. Which of the following refers to a set of methodological procedures and techniques to identify, gather, preserve, extract, interpret, document, and present evidence from computing equipment in such a manner that the discovered evidence is acceptable during a legal and/or administrative proceeding in a court of law? - ✓✓✓✓Computer Forensics.
  8. Computer Forensics deals with the process of finding related to a digital crime to find the culprits and initiate legal action against them. - ✓✓✓✓Evidence.
  9. Minimizing the tangible and intangible losses to the organization or an individual is considered an essential computer forensics use. - ✓✓✓✓True.
  10. Cybercrimes can be classified into the following two types of attacks, based on the line of attack. - ✓✓✓✓Internal and External.
  1. What is the role of an expert witness? - ✓✓✓✓To educate the public and court.
  2. Which of the following is NOT a legitimate authorizer of a search warrant? - ✓✓✓✓First Responder.
  3. Under which of the following circumstances has a court of law allowed investigators to perform searches without a warrant? - ✓✓✓✓Delay in obtaining a warrant may lead to the destruction of evidence and hamper the investigation process.
  4. Which of the following should be considered before planning and evaluating the budget for the forensic investigation case? - ✓✓✓✓Breakdown of costs into daily and annual expenditure. P a g e 5 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  5. Which of the following should be physical location and structural design considerations for forensics labs? - ✓✓✓✓Lab exteriors should have no windows.
  6. Which of the following should be work area considerations for forensics labs? - ✓✓✓✓Examiner station has an area of about 50-63 square feet.
  7. Which of the following is NOT part of the Computer Forensics Investigation Methodology? - ✓✓✓✓Testify as an expert defendant.
  8. Which of the following is NOT part of the Computer Forensics Investigation Methodology? - ✓✓✓✓Destroy the evidence.
  9. Investigators can immediately take action after receiving a report of a security incident. - ✓✓✓✓False.
  10. In forensics laws, "authenticating or identifying evidences" comes under which rule? - ✓✓✓✓Rule 901.
  11. Courts call knowledgable persons to testify to the accuracy of the investigative process. These people who tesify are known as the: - ✓✓✓✓Expert witnesses. P a g e 6 | 32

WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+

  1. A chain of custody is a critical document in the computer forensics investigation process because the document provides legal validation of appropriate evidence handling. - ✓✓✓✓True.
  2. Identify the following which was launched by the National Institute of Standards and Technology (NIST), that establishes a "methodology for testing computer forensics software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware." - ✓✓✓✓Computer Forensic Tool Testing Project (CFTTP)
  3. Which of the following is NOT a digital data storage type? - ✓✓✓✓Quantum storage devices.
  4. Which of the following is NOT a common computer file system? - ✓✓✓✓EFX
  5. Which field type refers to the volume descriptor as a primary? - ✓✓✓✓Number 1
  6. Which logical drive holds the information regarding the data and files that are stored in the disk? - ✓✓✓✓Extended partition.
  7. How large is the partition table structure that stores information about the partitions present on the hard disk? - ✓✓✓✓ 64 - byte. P a g e 7 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  8. How many bits are used by the MBR partition scheme for storing LBAs (Logical Block Addresses) and the size information on a 512-byte sector? - ✓✓✓✓32 bits
  9. in the GUID Partition Table, which Logical Block Address contains the Partition Entry Array? - ✓✓✓✓LBA 2
  10. Which of the following describes when the user restarts the system via the operating system? - ✓✓✓✓Warm booting.
  11. Which Windows operating system power on and starts up using either the traditional BIOS- MBR method or the newer UEFI-GPT method? -

WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+

  1. What UFS file system part is composed of a few blocks in the partition reserved at the beginning? - ✓✓✓✓Boot blocks.
  2. What is a machine readable language used in major digital operations, such as sending and receiving emails? - ✓✓✓✓ASCII
  3. What is JPEG an acronym of? - ✓✓✓✓Joint Photographic Experts Group
  4. What is the proprietary Microsoft Office presentation file extension used in PowerPoint? - ✓✓✓✓PPT
  5. Which of the following is an example of optical media? - ✓✓✓✓CD/DVD
  6. In sector, addressing determines the address of the individual sector on the disk. - ✓✓✓✓Cylinders, Heads, and Sectors (CHS)
  7. is a 128 bit unique reference number used as an identifier in computer software? - ✓✓✓✓Global Unique Identifier (GUID)
  8. Mac OS uses a hierarchical file system. - ✓✓✓✓True.
  9. The main advantage of RAID is that if a single physical disk fails: - ✓✓✓✓The system will continue to function without loss of data. P a g e 10 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  10. The command "fsstat" displays the details associated with an image file. - ✓✓✓✓False.
  11. What is the simplest RAID level that does not involve redundancy, and fragments the file into the user-defined stripe size of the array? - ✓✓✓✓RAID 0
  12. An investigator may commit some common mistakes while collecting data from the system that result in the loss of critical evidence. Which of the following is NOT a mistake that investigators commonly make? - ✓✓✓✓Use of correct cables and cabling techniques.
  1. In Linux Standard Tools, forensic investigators use the following build-in Linux Commands to copy data from a disk drive: - ✓✓✓✓dd and dcfldd
  2. Because they are always changing, the information in the registers or the processor cache are the most volatile data. - ✓✓✓✓True.
  3. Forensic data duplication involves the creation of a file that has every bit of information from the source in a raw bit-stream format. - ✓✓✓✓True.
  4. What document is used as a written record consisting of all processes involved in seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence? - ✓✓✓✓Chain of custody document. P a g e 11 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  5. What is the process of permanently deleting or destroying data from storage media? - ✓✓✓✓Media sanitization.
  6. The process of acquiring volatile data from working computers )locked or in sleep condition) that are already powered on is: - ✓✓✓✓Live data acquisition.
  7. Which of the following refers to the data stored in the registries, cache, and RAM of digital devices? - ✓✓✓✓Volatile information.
  8. Where are deleted items stored on Windows Vista and later versions of Windows? - ✓✓✓✓Drive;$Recycle.Bin
  9. Where are deleted items stored on Windows 98 and earlier versions of Windows? - ✓✓✓✓Drive:\RECYCLED
  10. Where are deleted items stored on the Windows 2000, XP, and NT versions of Windows? - ✓✓✓✓Drive:\RECYCLER
  11. What is the maximum size limit for the Recycle Bin in Windows prior to Windows Vista? - ✓✓✓✓3.99GB P a g e 12 | 32
  1. Which of the following consists of volatile storage? - ✓✓✓✓RAM
  2. What is NOT a command used to determine logged-on users? - ✓✓✓✓LoggedSessions
  3. What is NOT a command used to determine open files - ✓✓✓✓Open files
  4. What command is used to determine the NetBIOS name table cache in Windows? - ✓✓✓✓Nbtstat P a g e 14 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  5. Which tool helps collect information about network connections operative in a Windows system? - ✓✓✓✓Netstat
  6. Which of the following commands is NOT a command used to determine running processes in Windows? - ✓✓✓✓Netstat
  7. Which is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples? - ✓✓✓✓Volatility Framework
  8. The information about the system users is stored in which file? - ✓✓✓✓SAM database file
  9. The value 0 associated with the registry entry Enable Prefetcher tells the system to use which prefetch? - ✓✓✓✓Prefetching is disabled.
  10. What prefetch does value 1 from the registry entry EnablePrefetcher tell the system to use?
  • ✓✓✓✓Application prefetching is enabled.
  1. What prefetch does value 2 from the registry entry EnablePrefetcher tell the system to use?
  • ✓✓✓✓Boot prefetching is enabled.

P a g e 15 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+

  1. What prefetch does the value 3 from the registry entry EnablePrefetcher tell the system to use? - ✓✓✓✓Both application and boot prefetching are enabled.
  2. What tool enables you to retrieve information about event logs and publishers in Windows 10? - ✓✓✓✓Wevtutil.
  3. Intruders attempting to gain remote access to a system try to find the other systems connected to the network and visible to the compromised system. - ✓✓✓✓True.
  4. command is used to display the network configuration of the NICs on the system. - ✓✓✓✓ipconfig /all
  5. Investigators can use Linux commands to gather necessary information from the system. Identify the following shell command that is used to display the kernel ring buffer or information about device drivers loaded into the kernel. - ✓✓✓✓dmesg
  6. What are the unique identification numbers assigned to Windows user account for granting user access to particular resources? - ✓✓✓✓Microsoft security ID.
  7. In the Windows Event Log File internals, the following file is used to store the Databases related to the system: - ✓✓✓✓System.evtx P a g e 16 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  8. Thumbnails of images remain on computers even after files are deleted. - ✓✓✓✓True
  9. What is NOT one of the three tiers a log management infrastructure typically comprises? - ✓✓✓✓Log rotation
  10. Which is NOT a log management system function? - ✓✓✓✓Log generation.
  11. What is NOT one of the three major concerns regarding log management? - ✓✓✓✓Log viewing

fraudulent accounting activities by corporations? - ✓✓✓✓SOX

  1. What is a proprietary information security standard for organizations that handle cardholder information for major debit, credit, prepaid, e- purse, ATM, and POS cards? - ✓✓✓✓PCI DSS
  2. In what type of forensic examination do investigators perform an examination of logs to detect something that has already occurred in a network/device and determine what it is? - ✓✓✓✓Postmortem
  3. What are the most common network attacks launched against wireless networks? - ✓✓✓✓AP MAC spoofing
  4. In Event Correlation Approaches, which approach is used to monitor the computers and computer users behavior and provide an alert if something anomalous is found? - ✓✓✓✓Role-based approach
  5. The investigator uses which of the following commands to view the ARP table in Windows? - ✓✓✓✓arp - a
  6. Which is NOT an indication of a web attack? - ✓✓✓✓logs found to have no known anomalies. P a g e 19 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  7. Which is a threat to web applications? - ✓✓✓✓Cookie poisoning.
  8. What layer of web application architecture includes all the web appliances, such as smartphones and PCs, where interaction with a web application deployed on a web server occurs? - ✓✓✓✓Client layer
  9. What layer of web application architecture contains components that parse the request (HTTP Request Parser) coming in and forwards the response back? - ✓✓✓✓Web server layer
  10. What layer of web application architecture is responsible for the core functioning of the system and includes logic and application, such as .NET, used by developers to build websites according to client requirements? - ✓✓✓✓Business layer
  1. What layer of web application architecture is composed of cloud services that hold all commercial transactions and a server that supplies an organization's production data in a structured form? - ✓✓✓✓Database layer
  2. Which web application threat occurs when the application fails to guard memory properly and allows writing beyond maximum size? - ✓✓✓✓Buffer overflow P a g e 20 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  3. Which web application threat refers to the modification of a website's remnant data for bypassing security measures or gaining unauthorized information? - ✓✓✓✓Cookie poisoning
  4. Which web application threat occurs when an attacker is allowed to gain access as a legitimate user to a web application or dad such as account records, credit card numbers, passwords, or other authenticated information? - ✓✓✓✓Insecure storage.
  5. Which web application threat refers to a drawback in a web application where it unintentionally reveals sensitive data to an unauthorized user? - ✓✓✓✓Information leakage.
  6. Which web application threat arises when a web application is unable to handle technical issues properly and the website returns information, such as database dumps, stack traces, and codes? - ✓✓✓✓Improper error handling
  7. Which web application threat refers to vulnerable management functions, including user updates, recovery of passwords, or resetting passwords? - ✓✓✓✓Broken account management
  8. Which web application threat occurs when attackers exploit HTTP, gain access to unauthorized directories, and execute commands outside the web server's root directory? - ✓✓✓✓Directory traversal P a g e 21 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  9. Which web application threat occurs when attackers insert commands via input data and are able to tamper with the data? - ✓✓✓✓SQL injection
  10. Which web application threat occurs when attackers intend to manipulate the
  1. Which command is used to find if TCP and UDP ports have unusual listening? - ✓✓✓✓netstat - na
  2. Which of the three different files storing data and logs in SQL servers holds the entire log information associated with the database? - ✓✓✓✓LDF P a g e 23 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  3. Which of the three different files storing data and logs in SQL servers is optional - ✓✓✓✓NDF
  4. What file format is used by Windows Vista and later versions to store event logs as simple text files in XML format? - ✓✓✓✓EVTX
  5. What type of forensics takes actions when a security incident has occurred and both detection and analysis of the malicious activities performed by criminals over the SQL database file are required? - ✓✓✓✓MSSQL forensics
  6. For Forensics Analysis, which of the following MySQL Utility Programs is used to export metadata, data, or both from one or more databases? - ✓✓✓✓mysqldbexport
  7. Which command line utility is used to take a backup of the database?
  • ✓✓✓✓mysqldump
  1. Which of the three different files storing data and logs in SQL servers is the starting point of a database and points to other files in the database?
  • ✓✓✓✓MDF
  1. What cloud service offers a platform for developing applications and services? - ✓✓✓✓PaaS P a g e 24 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  2. What cloud service enables subscribers to use fundamental IT resources - such as computing power, virtualization, data storage, networ, etc. - on demand? - ✓✓✓✓IaaS
  1. What cloud service offers application software to subscribers on demand or over the internet and is charged for by the provider on a pay per use basis, by subscription, by advertising, or by sharing among multiple users? - ✓✓✓✓SaaS
  2. Which of the following is also known as an internal or corporate cloud infrastructure that a single organization operates? - ✓✓✓✓Private cloud
  3. What is a cloud environment composed of two or more clouds that remain unique entities but are bound together to offer the benefits of multiple deployment models? - ✓✓✓✓Hybrid cloud
  4. Which cloud environment is a multi tenant infrastructure shared among organization with common computing concerns, such as security, regulatory compliance, performance requirements, and jurisdiction? - ✓✓✓✓Community cloud
  5. Which cloud environment allows the provider to make services- such as application, servers, and data storage-available to the public over the internet? - ✓✓✓✓Public cloud P a g e 25 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  6. Which of the following stakeholders includes professionals- such as cloud security architects, network administrators, security administrators, and ethical hackers-responsible for managing and maintaining all aspects of the cloud? - ✓✓✓✓IT professionals
  7. Which of the following stakeholders is responsible for conducting forensic examinations against allegations made regarding wrongdoings, found vulnerabilities, and attacks over the cloud? - ✓✓✓✓Investigators
  8. Which of the following stakeholders are the first responders for all the security events or occurrences taking place on a cloud? - ✓✓✓✓Incident handlers
  9. Which of the following stakeholders are responsible to make sure all the forensic activities are within the jurisdiction and not violating any regulations or agreements? - ✓✓✓✓Law advisors
  10. What type of cloud testing should organizations perform regularly to monitor their security posture? - ✓✓✓✓Pen testing
  1. What is a common technique used to distribute malware on the web when an attacker exploits flaws in browser software to install malware just by merely visiting a website? - ✓✓✓✓Drive by downloads
  2. When a reputable website is infected with malware that secretly installs itself on a visitor's system and thereafter carries out malicious activities, it is an example of which common technique used by hackers to distribute malware? - ✓✓✓✓Compromised legitimate websites
  3. Why is it safe to conduct static analysis? - ✓✓✓✓The investigator does not install or execute the suspect file.
  4. In Port Monitoring, the following command is used to look for connections established to unknown or suspicious IP addresses. - ✓✓✓✓Netstat - an
  5. What is NOT one of CAN-SPAM's main requirements for senders? - ✓✓✓✓Honor recipients opt-out request within 30 business days. P a g e 28 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  6. Which is a violation of the Controlling the Assault of Non-Solicited Pornography and Marketing Act? - ✓✓✓✓Retransmitting spam messages through a computer to mislead others about the origin of the message.
  7. What is the first step an investigator should take to carry out the on- site examination of an email server? - ✓✓✓✓Obtain a search warrant application in the appropriate language.
  8. What is the primary information required for starting an email investigation? - ✓✓✓✓The unique IP address.
  9. What is NOT true of email crimes? - ✓✓✓✓Email crime is not limited by the email organization.
  10. Which RFC defines normal email communication? - ✓✓✓✓RFC 5322
  11. Which of the following is an internet protocol that's designed for transmitting email over IP networks? - ✓✓✓✓Simple Mail Transfer Protocol (SMTP)
  1. Where do email archives store received and sent emails? - ✓✓✓✓On the system hard drive. P a g e 29 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  2. An email client connects with a POP3 server via which of the following? - ✓✓✓✓Port 110.
  3. What is considered the biggest threat to mobile devices? - ✓✓✓✓Data loss.
  4. Which architectural layer of mobile device environments represents any program that runs on the Android platform? - ✓✓✓✓Client application
  5. Which architectural layer of mobile device environments simplifies the process of interacting with web services and other applications such as email, internet, and SMS? - ✓✓✓✓Communication API
  6. Which architectural layer of mobile device environments is responsible for creating menus and sub-menus in designing applications? - ✓✓✓✓GUI API
  7. Which architectural layer of mobile device environments provides telephony service related to the mobile carrier operator such as making calls, receiving call, and SMS? - ✓✓✓✓Phone API
  8. Which architectural layer of mobile device environments offers utilities for scheduling multiple tasks, memory management tasks, synchronization, and priority allocation? - ✓✓✓✓Operating system. P a g e 30 | 32 WGU C702 CHFI and OA Verified Questions and Answers (2024) Latest Updated 2024.Guaranteed Grade A+
  9. Which architectural layer of mobile device environments contains items that are responsible for mobile operations - such as a display device, keypad, RAM, flash, embedded processor, and media processor? - ✓✓✓✓Hardware
  10. Which architectural layer of mobile device environments allow a mobile device to