100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
2024 C702 FULL EXAM WITH CORRECT ANSWERS  $28.99   Add to cart

Exam (elaborations)

2024 C702 FULL EXAM WITH CORRECT ANSWERS 

 8 views  0 purchase
  • Course
  • C702
  • Institution
  • C702

2024 C702 FULL EXAM WITH CORRECT ANSWERS 

Preview 4 out of 128  pages

  • October 17, 2024
  • 128
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • foren
  • C702
  • C702
avatar-seller
Elitaa
2024 C702 FULL EXAM WITH
CORRECT ANSWERS



Which of the following is not an objective of computer forensics?

A. Computer forensics deals with the process of finding evidence related to a
digital crime to find the victims and prevent legal action against them.
B. Computer forensics deals with the process of finding evidence related to a
crime to find the culprits and initiate legal action against them.
C. Computer forensics deals with the process of finding evidence related to a
digital crime to find the culprits and initiate legal action against them.
D. Computer forensics deals with the process of finding evidence related to a
digital crime to find the culprits and avoid legal action against them. -
CORRECT-ANSWERSC

Which of the following is not an objective of computer forensics?

A. Track and prosecute the perpetrators in a court of law.
B. Identify, gather, and preserve the evidence of a cybercrime.
C. Interpret, document, and present the evidence to be admissible during
prosecution.
D. Document vulnerabilities allowing further loss of intellectual property,
finances, and reputation during an attack. - CORRECT-ANSWERSD
Which legal document allows law enforcement to search an office, place of
business, or other locale for evidence relating to an alleged crime?

A. bench warrant
B. search warrant
C. wire tap
D. subpoena - CORRECT-ANSWERSB

Before you are called to testify as an expert, what must an attorney do first?

A. read your curriculum vitae to the jury
B. engage in damage control
C. qualify you as an expert witness
D. prove that the tools you used to conduct your examination are perfect -
CORRECT-ANSWERSC

A state department site was recently attacked and all the servers had their
hard disks erased. The incident response team sealed the area and

,commenced investigation. During evidence collection, they came across a
zip disk that did not have the standard labeling on it. The incident team ran
the disk on an isolated system and found that the system disk was
accidentally erased. They decided to call in the FBI for further investigation.
Meanwhile, they short listed possible suspects including three summer
interns. Where did the incident team go wrong?

A. They examined the actual evidence on an unrelated system
B. They called in the FBI without correlating with the fingerprint data
C. They attempted to implicate personnel without proof
D. They tampered with the evidence by using it - CORRECT-ANSWERSD

During the course of an investigation, you locate evidence that may prove
the innocence of the suspect of the
investigation. You must maintain an unbiased opinion and be objective in
your entire fact finding process. Therefore you report this evidence. This type
of evidence is known as:

A. Mandatory evidence
B. Exculpatory evidence
C. Inculpatory evidence
D. Terrible evidence - CORRECT-ANSWERSB

Jason is the security administrator of ACMA metal Corporation. One day he
notices that the company's Oracle database server has been compromised
and the customer information along with financial data has been stolen. The
financial loss will be in millions of dollars if the database gets into the hands
of the competitors. Jason wants to report this crime to the law enforcement
agencies immediately. Which organization coordinates computer crimes
investigations throughout the United States?

A. CERT Coordination Center
B. Internet Fraud Complaint Center
C. National Infrastructure Protection Center
D. Local or national office of the U.S. Secret Service - CORRECT-ANSWERSC

When performing a forensics analysis, what device is used to prevent the
system from recording data on an evidence disk?

A. a protocol analyzer
B. a disk editor
C. a write-blocker
D. a firewall - CORRECT-ANSWERSC

What should you do when approached by a reporter about a case that you
are working on or have worked on?

,A. refer the reporter to the attorney that retained you
B. say, "no comment"
C. answer only the questions that help your case
D. answer all the reporters questions as completely as possible - CORRECT-
ANSWERSA

If you plan to startup a suspect's computer, you must modify the ___________
to ensure that you do not contaminate or alter data on the suspect's hard
drive by booting to the hard drive.

A. Boot.sys
B. CMOS
C. deltree command
D. Scandisk utility - CORRECT-ANSWERSB

When reviewing web logs, you see an entry for resource not found in the
HTTP status code field. What is the actual error code that you would see in
the log for resource not found?

A. 606
B. 404
C. 202
D. 909 - CORRECT-ANSWERSB

During the course of a corporate investigation, you find that an employee is
committing a crime. Can the employer file a criminal complain with the
police?

A. no, because the investigation was conducted without following standard
police procedures B. no, because the investigation was conducted without a
warrant
C. yes, but only if you turn the evidence over to a federal law enforcement
agencyD. yes, and all evidence can be turned over to the police - CORRECT-
ANSWERSD

You are assigned to work in the computer forensics lab of a state police
agency. While working on a high profile criminal case, you have followed
every applicable procedure, however your boss is still concerned that the
defense attorney might question wheather evidence has been changed while
at the lab. What can you do to prove that the evidence is the same as it was
when it first entered the lab?

A. make an MD5 hash of the evidence and compare it with the original MD5
hash that was taken when the evidence first entered the lab

, B. there is no reason to worry about this possible claim because state labs
are certified
C. sign a statement attesting that the evidence is the same as it was when it
entered the lab
D. make an MD5 hash of the evidence and compare it to the standard
database developed by NIST - CORRECT-ANSWERSA

Windows identifies which application to open a file with by examining which
of the following?

A. The file extension
B. The file signature at the beginning of the file
C. The file attributes
D. The file signature at the end of the file - CORRECT-ANSWERSA


Which of the following is true regarding the enterprise theory of investigation
(ETI) ?

A. It adopts a holistic approach toward any criminal activity as a criminal
operation rather than as a single criminal act.
B. It adopts an approach toward criminal activity as a criminal act.
C. It differs from traditional investigative methods, and it is less complex and
less time-consuming.
D. It encourages reactive action on the structure of the criminal enterprise. -
CORRECT-ANSWERSA

Forensic readiness referrers to:

A. having no impact on prospects of successful legal action
B. replacing the need to meet all regulatory requirements
C. the establishment of specific incident response procedures and
designated trained personnel to prevent a breach
D. an organization's ability to make optimal use of digital evidence in a
limited time period and with minimal investigation costs - CORRECT-
ANSWERSD

Which of the following is not an element of cybercrime?

A. anonymity through masquerading
B. fast-paced speed
C. volatile evidence
D. evidence smaller in size - CORRECT-ANSWERSD

Which of the following is true of cyber crimes?

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Elitaa. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $28.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79223 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$28.99
  • (0)
  Add to cart