Digital Forensics in Cybersecurity (D431/C840) Course Exam (Digital-Forensics-in-Cybersecurity) Free Practice Test

Question 1

While collecting digital evidence from a running computer involved in a cybercrime, the forensic investigator makes a list of items that need to be collected.
Which piece of digital evidence should be collected first?

A. Recently accessed files

B. Security logs

C. Temporary Internet files

D. Chat room logs

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

How should a forensic scientist obtain the network configuration from a Windows PC before seizing it from a crime scene?

A. By using the ipconfig command from a command prompt on the computer

B. By opening the Network and Sharing Center

C. By checking the system properties

D. By rebooting the computer into safe mode

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Which file stores local Windows passwords in the Windows\System32\ directory and is subject to being cracked by using a live CD?

A. SAM

B. IPSec

C. Ntidr

D. HAL

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which law or guideline lists the four states a mobile device can be in when data is extracted from it?

A. Communications Assistance to Law Enforcement Act (CALEA)

B. Electronic Communications Privacy Act (ECPA)

C. NIST SP 800-72 Guidelines

D. Health Insurance Portability and Accountability Act (HIPAA)

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

What is a reason to use steganography?

A. To save secret data

B. To highlight secret data

C. To erase secret data

D. To delete secret data

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Which file system is supported by Mac?

A. FAT32

B. NTFS

C. EXT4

D. Hierarchical File System Plus (HFS+)

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

A computer involved in a crime is infected with malware. The computer is on and connected to the company's network. The forensic investigator arrives at the scene.
Which action should be the investigator's first step?

A. Copy files to external media

B. Unplug the computer's Ethernet cable

C. Turn off the computer

D. Run malware removal tools

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

The following line of code is an example of how to make a forensic copy of a suspect drive:
dd if=/dev/mem of=/evidence/image.memory1
Which operating system should be used to run this command?

A. Windows

B. Unix

C. Linux

D. MacOS

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

A cybercriminal hacked into an Apple iPad that belongs to a company's chief executive officer (CEO). The cybercriminal deleted some important files on the data volume that must be retrieved.
Which hidden folder will contain the digital evidence?

A. /lost+found

B. /.Trashes/501

C. /Private/etc

D. /etc

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

WGU Digital Forensics in Cybersecurity (D431/C840) Course (Digital-Forensics-in-Cybersecurity) Free Practice Test