Network Forensics Midterm
Studied by 0 people
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/23
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
24 Terms
What is network forensics?
The science of discovering and retrieving information from network traffic.
At what layer of the OSI model do major protocols operate?
The 4th layer (TCP and UDP)
What is deep packet inspection?
Analyzes application-layer data.
What does DPI stand for?
Deep Packet Inspection. A method of network traffic analysis that examines the data payload of packets, in addition to the header information, to identify, classify, and control traffic
What are the steps in a TCP handshake?
SYN, SYN-ACK, ACK, with sequence numbers SYN=1 and ACK=2.
What is the MAC address and at what OSI layer does it operate?
The Medium Access Control (MAC) address operates at the 2nd layer and is 48 bits long.
What is the function of a DNS lookup?
To send a request to the DNS server, which returns the IP address of a website.
What port does DNS run over?
Port 53.
How many flags does the TCP handshake use?
Only 2 flags.
What is DDoS?
Generates a lot of traffic on one port.
What field in a packet header indicates how long a packet can stay alive?
TTL (Time to Live).
What is soft computing?
Approximate solutions
What is a scanning tool?
Identifies open ports and services
What tools are commonly used to monitor network traffic?
Intrusion Detection Systems (IDS) such as Snort.
What is encryption?
Transforms a message into an unreadable format.
What is a basic file format in networking?
.pcap for packet capture files.
What is a challenge with IP traceback?
Determining who spoofed the IP address.
Misuse Detection
a security process that identifies and detects known attacks by comparing current activity against a database of known malicious patterns or signatures
Anomaly Detection
the process of identifying unusual data points or events that deviate from a normal pattern
What is NetFlow?
Operates at the 2nd or 3rd layers
What is port scanning?
Checks every port
What is hard computing?
Requires precise solutions
What is a vulnerability assessment tool?
Evaluates security weaknesses.
What is encoding?
Translates a known language
Note 
Flashcards (33)