WGU - C702 Forensics and Network
Intrusion Exam Study Guide| Pass
Guaranteed
Net Commands - ✔Net Config;
Net file;
Net Use;
Net View;
Net Name;
Net start;
Net sessions;
Net Config: - ✔Use the net config command to show information about the configuration of
the Server or Workstation service
Net File: - ✔Displays the names of all open shared files on a server and the number of file
locks, if any, on each file
Net Use: - ✔The net use command is used to display information about shared resources on
the network that you're currently connected to, as well as open sessions on other systems
Net View: - ✔Net view is used to show a list of computers and network devices on the network
Net Name: - ✔Net name is used to add or delete a messaging alias at a computer
Net Start: - ✔The net start command is used to start a network service or list running
network services
,Net Sessions: - ✔The net session command is used to list or disconnect sessions between
the computer and others on the network
Slack Space: - ✔The unused space in a disk cluster. The DOS and Windows file systems use
fixed-size clusters. Even if the actual data being stored requires less storage than the cluster
size, an entire cluster is reserved for the file. The unused space is called the slack space
Swap Space: - ✔used when the amount of physical memory [RAM] is full. If the system needs
more memory resources and the RAM is full, inactive pages in memory are moved to the swap
space, called pagefile.sys [Swap file where evidence from RAM can be located] and is located
in the root of the C:\.
Buffer Overflow: - ✔is an anomaly where a program, while writing data to a buffer, overruns
the buffer's boundary and overwrites adjacent memory. This is a special case of violation of
memory safety. Buffer overflows can be triggered by inputs that are designed to execute code,
or alter the way the program operates. This may result in erratic program behavior, including
memory access errors, incorrect results, a crash, or a breach of system security.
IP Spoofing: - ✔Is the creation of Internet Protocol packets with a spoofed source IP
address, with the purpose of concealing the identity of the sender or impersonating another
person or computer system
Session Hijacking: - ✔is the exploitation of a valid computer session, sometimes also called
a session key, to gain unauthorized access to information or services in a computer system
Cross-Site Request Forgery [CSRF] Attack: - ✔an attack that forces an end user to execute
unwanted actions on a web application in which they're currently authenticated. Through social
engineering an attacker may trick the users of a web application into executing actions of the
attacker's choosing.
Cross-Site Scripting [XSS] Attack: - ✔a type of injection, in which malicious scripts are
injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses
a web application to send malicious code, generally in the form of a browser side script, to a
different end user
, Directory Traversal Attack: - ✔Aims to access restricted files and directories that are stored
outside the web root folder. By browsing the application, the attacker looks for absolute links
to files stored on the web server. It can be identified by several forward slashes such as
//////////////////
Hidden Field Manipulation Attack: - ✔Hidden fields is a poor coding practice that has been
known and publicized for some time, although it still continues. It's the practice of using hidden
HTML fields as the sole mechanism for assigning price or obscuring a value. These fields can be
manipulated by the attacker
Denial of Service [DOS] Attack: - ✔A denial of service [DoS] attack is a malicious attempt to
make a server or a network resource unavailable to users, usually by temporarily interrupting or
suspending the services of a host connected to the Internet
Man in the middle Attack: - ✔Is an attack where the attacker secretly relays and possibly
alters the communication between two parties who believe they are directly communicating
with each other
Dumpster Diving: - ✔Is the practice of sifting through commercial or residential waste to
find items that have been discarded by their owners, but that may prove useful to the garbage
picker or hacker. This can include any sensitive information related to computer systems.
Microsoft Outlook / Express: - ✔Microsoft Outlook uses .pst and .ost data files. While
Microsoft Outlook Express uses .idx and .dbx data files
E-mail Spoofing: - ✔the creation of email messages with a forged sender address. It is easy
to do because the core protocols do not have any mechanism for authentication. It can be
accomplished from within a LAN or from an external environment using Trojan horses. It can
also be forged in the e-mail header
Common E-mail Headers - ✔Content-Transfer-Encoding;
Errors-To;
Content-Type;
Intrusion Exam Study Guide| Pass
Guaranteed
Net Commands - ✔Net Config;
Net file;
Net Use;
Net View;
Net Name;
Net start;
Net sessions;
Net Config: - ✔Use the net config command to show information about the configuration of
the Server or Workstation service
Net File: - ✔Displays the names of all open shared files on a server and the number of file
locks, if any, on each file
Net Use: - ✔The net use command is used to display information about shared resources on
the network that you're currently connected to, as well as open sessions on other systems
Net View: - ✔Net view is used to show a list of computers and network devices on the network
Net Name: - ✔Net name is used to add or delete a messaging alias at a computer
Net Start: - ✔The net start command is used to start a network service or list running
network services
,Net Sessions: - ✔The net session command is used to list or disconnect sessions between
the computer and others on the network
Slack Space: - ✔The unused space in a disk cluster. The DOS and Windows file systems use
fixed-size clusters. Even if the actual data being stored requires less storage than the cluster
size, an entire cluster is reserved for the file. The unused space is called the slack space
Swap Space: - ✔used when the amount of physical memory [RAM] is full. If the system needs
more memory resources and the RAM is full, inactive pages in memory are moved to the swap
space, called pagefile.sys [Swap file where evidence from RAM can be located] and is located
in the root of the C:\.
Buffer Overflow: - ✔is an anomaly where a program, while writing data to a buffer, overruns
the buffer's boundary and overwrites adjacent memory. This is a special case of violation of
memory safety. Buffer overflows can be triggered by inputs that are designed to execute code,
or alter the way the program operates. This may result in erratic program behavior, including
memory access errors, incorrect results, a crash, or a breach of system security.
IP Spoofing: - ✔Is the creation of Internet Protocol packets with a spoofed source IP
address, with the purpose of concealing the identity of the sender or impersonating another
person or computer system
Session Hijacking: - ✔is the exploitation of a valid computer session, sometimes also called
a session key, to gain unauthorized access to information or services in a computer system
Cross-Site Request Forgery [CSRF] Attack: - ✔an attack that forces an end user to execute
unwanted actions on a web application in which they're currently authenticated. Through social
engineering an attacker may trick the users of a web application into executing actions of the
attacker's choosing.
Cross-Site Scripting [XSS] Attack: - ✔a type of injection, in which malicious scripts are
injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses
a web application to send malicious code, generally in the form of a browser side script, to a
different end user
, Directory Traversal Attack: - ✔Aims to access restricted files and directories that are stored
outside the web root folder. By browsing the application, the attacker looks for absolute links
to files stored on the web server. It can be identified by several forward slashes such as
//////////////////
Hidden Field Manipulation Attack: - ✔Hidden fields is a poor coding practice that has been
known and publicized for some time, although it still continues. It's the practice of using hidden
HTML fields as the sole mechanism for assigning price or obscuring a value. These fields can be
manipulated by the attacker
Denial of Service [DOS] Attack: - ✔A denial of service [DoS] attack is a malicious attempt to
make a server or a network resource unavailable to users, usually by temporarily interrupting or
suspending the services of a host connected to the Internet
Man in the middle Attack: - ✔Is an attack where the attacker secretly relays and possibly
alters the communication between two parties who believe they are directly communicating
with each other
Dumpster Diving: - ✔Is the practice of sifting through commercial or residential waste to
find items that have been discarded by their owners, but that may prove useful to the garbage
picker or hacker. This can include any sensitive information related to computer systems.
Microsoft Outlook / Express: - ✔Microsoft Outlook uses .pst and .ost data files. While
Microsoft Outlook Express uses .idx and .dbx data files
E-mail Spoofing: - ✔the creation of email messages with a forged sender address. It is easy
to do because the core protocols do not have any mechanism for authentication. It can be
accomplished from within a LAN or from an external environment using Trojan horses. It can
also be forged in the e-mail header
Common E-mail Headers - ✔Content-Transfer-Encoding;
Errors-To;
Content-Type;
