1. The chief information officer of an accounting firm believes sensitive
data is being exposed on the local network.
Which tool should the IT staff use to gather digital evidence about this
security vulnerability?: Sniffer
2. A police detective investigating a threat traces the source to a house.
The couple at the house shows the detective the only computer the family
owns, which is in their son's bedroom. The couple states that their son is
presently in class at a local middle school.
How should the detective legally gain access to the computer?: Obtain
consent to search from the parents
3. How should a forensic scientist obtain the network configuration from
a Windows PC before seizing it from a crime scene?: By using the
ipconfig command from a command prompt on the computer
4. The human resources manager of a small accounting firm believes he
may have been a victim of a phishing scam. The manager clicked on a link in
an email message that asked him to verify the logon credentials for the
firm's online bank account.
Which digital evidence should a forensic investigator collect to
investigate this incident?: Browser cache
5. After a company's single-purpose, dedicated messaging server is
hacked by a cybercriminal, a forensics expert is hired to investigate the
crime and collect evidence.
Which digital evidence should be collected?: Firewall logs
6. Thomas received an email stating that he needed to follow a link and
verify his bank account information to ensure it was secure. Shortly after
following the instructions, Thomas noticed money was missing from his
account.
Which digital evidence should be considered to determine how Thomas' ac-
count information was compromised?: Email messages
7. The chief executive officer (CEO) of a small computer company has
identi- fied a potential hacking attack from an outside competitor.
Which type of evidence should a forensics investigator use to identify
, WGU D431 Pre-Assessment Exam D431 - Laws & Regulations
Review Questions and Answers | 100% Pass Guaranteed | Graded
A+ |
the source of the hack?: Network transaction logs
8. A forensic scientist arrives at a crime scene to begin collecting evidence
What is the first thing the forensic scientist should do?: Photograph all
evidence in its original place
9. Which method of copying digital evidence ensures proper evidence
collec- tion?: Make the copy at the bit-level
10. A computer involved in a crime is infected with malware. The computer
is on and connected to the company's network. The forensic investigator
arrives at the scene.
Which action should be the investigator's first step?: Unplug the
computer's Ethernet cable
11.What are the three basic tasks that a systems forensic specialist must
keep in mind when handling evidence during a cybercrime investigation?:
Find evidence, Preserve evidence, and Prepare evidence
12.How do forensic specialists show that digital evidence was handled in a
protected, secure manner during the process of collecting and analyzing
the evidence?: Chain of custody
13.Which characteristic applies to magnetic drives compared to solid-
state drives (SSDs)?: Lower cost
14.Which characteristic applies to solid-state drives (SSDs) compared
to magnetic drives?: They are less susceptible to damage.
15.Which type of storage format should be transported in a special bag
to reduce electrostatic interference?: Magnetic media
16.Which Windows component is responsible for reading the boot.ini file
and displaying the boot loader menu on Windows XP during the boot
process?: - NTLDR
17. The following line of code is an example of how to make a forensic
copy of a suspect drive:
dd if=/dev/mem of=/evidence/image.memory1
Which operating system should be used to run this command?: Linux
18.Which file system is supported by Mac?: Hierarchical File System
Plus (HFS+)
19.Which law requires both parties to consent to the recording of a
conver- sation?: Electronic Communications Privacy Act (ECPA)
20.Which law is related to the disclosure of personally identifiable
protected health information (PHI)?: Health Insurance Portability and
Accountability Act (HIPAA)
21. Which U.S. law criminalizes the act of knowingly using a misleading do-
main name with the intent to deceive a minor into viewing harmful
material?-
: 18 U.S.C. 2252B
22.Which U.S. law protects journalists from turning over their work or
sources to law enforcement before the information is shared with the
public?: The Privacy Protection Act (PPA)
23.Which law or guideline lists the four states a mobile device can be in
when data is extracted from it?: NIST SP 800-72 Guidelines
24. Which law includes a provision permitting the wiretapping of VoIP calls?
: Communications Assistance to Law Enforcement Act (CALEA)
25.Which policy is included in the CAN-SPAM Act?: The email sender
must provide some mechanism whereby the receiver can opt out of
future emails and that method cannot require the receiver to pay in
order to opt out.
26.Which United States law requires telecommunications equipment
manu- facturers to provide built-in surveillance capabilities for federal
agencies?: - Communication Assistance to Law Enforcement Act
(CALEA)
27.Which law requires a search warrant or one of the recognized
expectations to the search warrant requirements for searching email
messages on a com- puter?: The Fourth Amendment to the U.S.
Constitution
28.What is one purpose of steganography?: To deliver information secretly
29. Which method is used to implement steganography through pictures?: -
LSB
30. The chief information security officer of a company believes that an
attack- er has infiltrated the company's network and is using steganography
to com- municate with external sources. A security team is investigating the
incident. They are told to start by focusing on the core elements of
steganography.
What are the core elements of steganography?: Payload, carrier, channel
31. A system administrator believes data are being leaked from the orga-
nization. The administrator decides to use steganography to hide
, WGU D431 Pre-Assessment Exam D431 - Laws & Regulations
Review Questions and Answers | 100% Pass Guaranteed | Graded
A+ |
tracking information in the types of files he thinks are being leaked.
Which steganographic term describes this tracking information?: Payload
32. A criminal organization has compromised a third-party web server and
is using it to control a botnet. The botnet server hides command and control
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller StarScoreGrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.89. You're not tied to anything after your purchase.
