Computer forensics chapter 8 Exam 20 Questions with Verified Answers
Which of the following attacks involves the capture of traffic flowing through a
... [Show More] network to obtain sensitive information such as usernames and passwords? - CORRECT ANSWER Packet sniffing
Kasen, a professional hacker, performed an attack against a company's web server by flooding it with large amounts of invalid traffic; thereafter, the webserver stopped responding to legitimate incoming requests. Identify the type of attack performed by Kasen in the above scenario. - CORRECT ANSWER Denial-of-service attack
Stetson, a professional hacker, targeted an organization to secretly listen to a client's conversation with a development team. In this process, he secretly installed a sniffing device in the organization's network, which allowed him to listen to voice messages actively. Identify the type of attack performed by Stetson in the above scenario. - CORRECT ANSWER Eavesdropping
Which of the following refers to an analysis of logs performed to detect and study an incident that may have already occurred in a network or device, to determine what exactly occurred, and to identify the source of the event? - CORRECT ANSWER Postmortem
In which of the following attacks does the attacker establish independent connections with users and relays the messages being transferred among them, thereby tricking them into assuming that their conversation is direct? - CORRECT ANSWER Man-in-the-middle attack
Renit, a professional hacker, is attempting to obtain sensitiveinformation from a target network. In this process, he employsa technique to collect information such as network topology,live hosts, and potential vulnerabilities in host systems.Identify the technique employed by Renit in the above scenario. - CORRECT ANSWER Enumeration
Bruce, an attacker, targeted a Wi-Fi zone to temporarily block users from accessing the Wi-Fi network. To achieve this, Bruce used a specially designed radio transmitter that emits radio signals to overwhelm the access point. Which of the following types of attack has Bruce performed in the above scenario? - CORRECT ANSWER Jamming attack
Which of the following layers of TCP/IP is responsible for selecting the best path through the network for data flow between the source and destination? - CORRECT ANSWER Internet layer
Which of the following is a digital forensic artifact that helps investigators detect a security incident that as occurred on a host system and includes logs related to systems, applications, networks, and firewalls? - CORRECT ANSWER Indicators of compromise
Which of the following types of data is triggered by toolssuch as Snort IDS and Suricata that inspect network trafficflow and report potential security events as alerts? - CORRECT ANSWER Alert Data
Identify the technique that refers to missing eventsrelated to systems downstream from a failed systemand avoids events that can cause the system to crash. - CORRECT ANSWER Event masking
Raphael, a forensics expert at an organization, was askedto analyze an issue that blocked devices from accessingthe organization's network. In this process, Raphael employed anetwork behavior monitoring tool to identify and categorizedifferent events and determine the events that caused the issue.In which of the following event correlation steps did Raphaelidentify the reason behind the issue? - CORRECT ANSWER Root cause analysis
Identify the approach that assists forensic officers in correlating specific packets with otherpackets and comparing them with attack signatures to list new potential attacks on the network.Field-based approachOpen-port-based correlationGraph-based approachPayload correlation - CORRECT ANSWER Payload correlation
Identify the approach that helps users identify whether asystem serves as a relay to a hacker and aids in gathering aseries of data sets from forensic event data. - CORRECT ANSWER Fingerprint-based approach
Albert, a network security specialist, was instructed to implement the best event correlation approach for the security event monitoring system. He employed an approach that correlates events according to a specified set of conditions. Identify the event correlation approach employed by Albert in the above scenario. - CORRECT ANSWER Rule-based approach
Identify the color code in a Check Point firewallthat signifies traffic detected as suspicious but accepted by the firewall. - CORRECT ANSWER orange
Identify the numeric code that indicates the error condition message inCisco IOS router logs. - CORRECT ANSWER 3
Jude, a forensics expert, was inspecting a Cisco routeras part of an investigation process. During analysis, Judefrequently received syslog messages describing the systemunusable message on the Cisco router with number code 0.Identify the severity level of the syslog message in the above scenario. - CORRECT ANSWER Emergency
In which of the following attacks does the attacker connect to a port on a switch and flood its interface by sending a large volume of Ethernet frames from various fake hardware addresses? - CORRECT ANSWER MAC flooding
Identify the packet sniffing tool that assists forensic specialists in browsing data packets from a live network traffic interactively. - CORRECT ANSWER Wireshark [Show Less]