Question 1

____ hide the most valuable data at the innermost part of the network.

Accepted Answer

A)   Layered network defense strategies
B)   Firewalls
C)   Protocols
D)   NATE) C) and D)
F) None of the above

Question 2

The U.K. Honeynet Project has created the ____________________. It contains the honeywall and honeypot on a bootable memory stick.

Accepted Answer

The answer of The U.K. Honeynet Project has created the...

Question 3

____________________ is a layered network defense strategy developed by the National Security Agency (NSA).

Accepted Answer

Defense in depth (Di...

Question 4

The Knoppix STD tool ____ enables you to reset passwords on a Windows computer, including the administrator password

Accepted Answer

A)   chntpw
B)   john
C)   oinkmaster
D)   memfetchE) All of the above
F) A) and B)

Question 5

____ is the text version of Ethereal, a packet sniffer tool.

Accepted Answer

A)   Tcpdump
B)   Ethertext
C)   Etherape
D)   TetherealE) None of the above
F) All of the above

Question 6

____ is a good tool for extracting information from large Libpcap files.

Accepted Answer

A)   Nmap
B)   Tcpslice
C)   Pcap
D)   TCPcapE) C) and D)
F) A) and D)

Question 7

Match each item with a statement below:
-type of malware

Accepted Answer

A)  Cyberforensics
B)  Ethereal
C)  Tripwire
D)  PsGetSid
E)  PsLoggedOnF) Trojan horseG) KnoppixH) PsShutdownI) oinkmasterJ) B) and I)
K) D) and E)

Question 8

How should you proceed if your network forensic investigation involves other companies?

Accepted Answer

As with all investigations, keep preserv...

Question 9

____ is a suite of tools created by Sysinternals.

Accepted Answer

A)   EnCase
B)   PsTools
C)   R-Tools
D)   KnoppixE) A) and D)
F) All of the above

Question 10

Match each item with a statement below:
-an audit control program that detects anomalies in traffic and sends an alert automatically

Accepted Answer

A)  Cyberforensics
B)  Ethereal
C)  Tripwire
D)  PsGetSid
E)  PsLoggedOnF) Trojan horseG) KnoppixH) PsShutdownI) oinkmasterJ) F) and H)
K) F) and I)

Question 11

Most packet sniffer tools can read anything captured in ____ format.

Accepted Answer

A)   SYN
B)   DOPI
C)   PCAP
D)   AIATPE) None of the above
F) A) and C)

Question 12

____ can be used to create a bootable forensic CD and perform a live acquisition.

Accepted Answer

A)   Helix
B)   DTDD
C)   Inquisitor
D)   NeonE) B) and D)
F) C) and D)

Question 13

Detail a standard procedure for network forensics investigations.

Accepted Answer

A standard procedure you might use in ne...

Question 14

When intruders break into a network, they rarely leave a trail behind.

Accepted Answer

A) True 
 B)False

Question 15

____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program.

Accepted Answer

A)   Broadcast forensics
B)   Network forensics
C)   Computer forensics
D)   Traffic forensicsE) All of the above
F) C) and D)

Question 16

____ is a Sysinternals command that shows all Registry data in real time on a Windows computer.

Accepted Answer

A)   PsReg
B)   RegExplorer
C)   RegMon
D)   RegHandleE) A) and B)
F) A) and C)

Question 17

____________________ logs record traffic in and out of a network.

Accepted Answer

The answer of ____________________ logs record traffic in and out...

Question 18

Match each item with a statement below:
-a bootable Linux CD intended for computer and network forensics

Accepted Answer

A)  Cyberforensics
B)  Ethereal
C)  Tripwire
D)  PsGetSid
E)  PsLoggedOnF) Trojan horseG) KnoppixH) PsShutdownI) oinkmasterJ) B) and G)
K) A) and H)

Question 19

Explain The Auditor tool.

Accepted Answer

Another good Linux tool is The Auditor (...

Question 20

PsList from PsTools allows you to list detailed information about processes.

Accepted Answer

A) True 
 B)False

Exam 11: Virtual Machines, Network Forensics, and Live Acquisitions

____________________ logs record traffic in and out of a network.

Correct AnswerverifiedShow Answer

____ is a suite of tools created by Sysinternals.

Correct AnswerverifiedShow Answer

Match each item with a statement below: -type of malware

Correct AnswerverifiedShow Answer

____ is a Sysinternals command that shows all Registry data in real time on a Windows computer.

Correct AnswerverifiedShow Answer

When intruders break into a network, they rarely leave a trail behind.

Correct AnswerverifiedShow Answer

Detail a standard procedure for network forensics investigations.

Correct AnswerverifiedA standard procedure you might use in ne...View AnswerShow Answer

____ is the text version of Ethereal, a packet sniffer tool.

Correct AnswerverifiedShow Answer

Match each item with a statement below: -an audit control program that detects anomalies in traffic and sends an alert automatically

Correct AnswerverifiedShow Answer

Explain The Auditor tool.

Correct AnswerverifiedAnother good Linux tool is The Auditor (...View AnswerShow Answer

PsList from PsTools allows you to list detailed information about processes.

Correct AnswerverifiedShow Answer

____ hide the most valuable data at the innermost part of the network.

Correct AnswerverifiedShow Answer

____________________ is a layered network defense strategy developed by the National Security Agency (NSA).

Correct AnswerverifiedDefense in depth (Di...View AnswerShow Answer

How should you proceed if your network forensic investigation involves other companies?

Correct AnswerverifiedAs with all investigations, keep preserv...View AnswerShow Answer

The Knoppix STD tool ____ enables you to reset passwords on a Windows computer, including the administrator password

Correct AnswerverifiedShow Answer

____ is a good tool for extracting information from large Libpcap files.

Correct AnswerverifiedShow Answer

Match each item with a statement below: -a bootable Linux CD intended for computer and network forensics

Correct AnswerverifiedShow Answer

Most packet sniffer tools can read anything captured in ____ format.

Correct AnswerverifiedShow Answer

____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program.

Correct AnswerverifiedShow Answer

The U.K. Honeynet Project has created the ____________________. It contains the honeywall and honeypot on a bootable memory stick.

Correct AnswerverifiedShow Answer

____ can be used to create a bootable forensic CD and perform a live acquisition.

Correct AnswerverifiedShow Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
A standard procedure you might use in ne...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
Another good Linux tool is The Auditor (...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
Defense in depth (Di...
View Answer

Correct Answer
verified
As with all investigations, keep preserv...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified