Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system
Network forensics can reveal: (Select three answers)
A. Source of security incidents' and network attacks
B. Path of the attack
C. Intrusion techniques used by attackers
D. Hardware configuration of the attacker's system
TCP/IP (Transmission Control Protocol/Internet Protocol) is a communication protocol used to connect different hosts in the Internet. It contains four layers, namely the network interface layer. Internet layer, transport layer, and application layer.
Which of the following protocols works under the transport layer of TCP/IP?
A. UDP
B. HTTP
C. FTP
D. SNMP
What is a bit-stream copy?
A. Bit-Stream Copy is a bit-by-bit copy of the original storage medium and exact copy of the original disk
B. A bit-stream image is the file that contains the NTFS files and folders of all the data on a disk or partition
C. A bit-stream image is the file that contains the FAT32 files and folders of all the data on a disk or partition
D. Creating a bit-stream image transfers only non-deleted files from the original disk to the image disk
A system with a simple logging mechanism has not been given much attention during development, this system is now being targeted by attackers, if the attacker wants to perform a new line injection attack, what will he/she inject into the log file?
A. Plaintext
B. Single pipe character
C. Multiple pipe characters
D. HTML tags
Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?
A. Graph-based approach
B. Neural network-based approach
C. Rule-based approach
D. Automated field correlation approach
During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible
A. True
B. False
Which of the following is not a part of the technical specification of the laboratory-based imaging system?
A. High performance workstation PC
B. Remote preview and imaging pod
C. Anti-repudiation techniques
D. very low image capture rate
Which of the following is not an example of a cyber-crime?
A. Fraud achieved by the manipulation of the computer records
B. Firing an employee for misconduct
C. Deliberate circumvention of the computer security systems
D. Intellectual property theft, including software piracy
What is the smallest allocation unit of a hard disk?
A. Cluster
B. Spinning tracks
C. Disk platters
D. Slack space
What is the first step that needs to be carried out to crack the password?
A. A word list is created using a dictionary generator program or dictionaries
B. The list of dictionary words is hashed or encrypted
C. The hashed wordlist is compared against the target hashed password, generally one word at a time
D. If it matches, that password has been cracked and the password cracker displays the unencrypted version of the password