Quiz: Module 10 Network Forensics

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/15

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

16 Terms

1
New cards

Where does a layered network defense strategy put the most valuable data?

a. In the demilitarized zone

b. In the outermost layer

c. In the innermost layer

d. None of the above

c. In the innermost layer

2
New cards

When do zero-day attacks occur? (Choose all that apply.)

a. On the day the application or OS is released

b. Before a patch is available

c. Before the vendor is aware of the vulnerability

d. On the day a patch is created

a. On the day the application or OS is released

b. Before a patch is available

c. Before the vendor is aware of the vulnerability

3
New cards

What types of information do packets contain?

a. Destination

b. Source

c. Protocol

d. All of the above

d. All of the above (Destination, Source, Protocol)

4
New cards

Honeypots are which of the following? (Choose all that apply.)

a. Computers used to deceive legitimate users of the network

b. Computers that collect data regarding attackers

c. Computers that appear to be legitimate parts of a network

d. Computers that redirect traffic

b. Computers that collect data regarding attackers

c. Computers that appear to be legitimate parts of a network

5
New cards

Tcpdump collects what type of information? (Choose all that apply.)

a. Source and destination

b. Time and size of data

c. Speed of connection

d. Only data

a. Source and destination

b. Time and size of data

6
New cards

Misconfigured servers may be the result of which of the following? (Choose all that apply.)

a. An untested patch

b. Port 1295 open

c. Port 80 open

d. Port 23 open

a. An untested patch

d. Port 23 open

7
New cards

Network administrators and digital forensics investigators need to consider which of the following regarding the data on a network? (Choose all that apply.)

a. How long data should be saved

b. Who can view the data

c. Content of the data

d. Jurisdiction governing any PII on the network

a. How long data should be saved

b. Who can view the data

c. Content of the data

d. Jurisdiction governing any PII on the network

8
New cards

Hardening a network involves which of the following? (Choose all that apply.)

a. Applying the latest patches

b. Putting the most valuable information in the innermost part of the network

c. Putting decoys on the network

d. Making sure the routers are on

a. Applying the latest patches

b. Putting the most valuable information in the innermost part of the network

9
New cards

Small companies must deal with which of the following in relation to their networks? (Choose all that apply.)

a. Internal threats

b. External threats

c. Lack of money

d. Having a small network

a. Internal threats

b. External threats

10
New cards

To minimize response time after an intrusion, organizations should do which of the following? (Choose all that apply.)

a. Destroy all data.

b. Have a standard installation image for systems on the network.

c. Have an incident response team.

d. Immediately reinstall the OS.

b. Have a standard installation image for systems on the network

c. Have an incident response team

11
New cards

Network forensics tools allow you to do which of the following? (Choose all that apply.)

a. Perform remote shutdown of devices.

b. Transmit data.

c. Harden systems.

d. Image devices remotely.

a. Perform remote shutdown of devices.

d. Image devices remotely

12
New cards

Network logs can be used to identify which of the following? (Choose all that apply.)

a. Which ports were accessed

b. Name of the person accessing a specific port

c. The Time a port was accessed

d. Destination IP address

a. Which ports were accessed

c. The Time a port was accessed

d. Destination IP address

13
New cards

Zombies are used in what type of attack?

a. Zero day

b. Malware

c. DDoS

d. Viral

c. DDoS

14
New cards

Dockers allow developers to do which of the following?

a. Create new programs.

b. Combine their applications in one container that is easily moved.

c. Bypass security protocols.

d. Create subroutine.

b. Combine their applications in one container that is easily moved

15
New cards

Tools that are useful to network administrators can also be used by hackers. True or False?

a. True

b. False

a. True

16
New cards

Variations in a company's typical network pattern can indicate which of the following?

a. New people have been hired.

b. A new application has been installed.

c. The network has been compromised.

d. None of the above

c. The network has been compromised