Midterm Study 537 Computer Skills Questions And Answers

Midterm Study 537 Computer Skills Questions And Answers Which of the following is NOT an example of Packet Analysis Tools? Question 2 options: ngrep PSML Hex Editors Wireshark - ANS-PSML pg. 96 4.2.1 Footprint - ANS-the impact investigators has on the systems under investigation A list of strings, names, patterns, etc., that may be related to the suspicious activities within a network traffic under investigation is referred to as __________ Question 3 options: "packet protocol list" "flow record list" "string pattern list" "dirty word list" - ANS-"dirty word list" pg 100 4.2.2.1 Which of the following is NOT a fundamental technique used to analyze a packet? Question 4 options: Parsing Protocol Fields Packet Filtering Pattern Matching Packet Detail Markup - ANS-Packet Detail Markup pg 99 4.2.2 How to minimize your footprint? - ANS-You will always have one. Must be weighed against the need for expediency in data collection, always be conscious, and tread lightly DNS is a higher-layer query-response protocol - ANS-True pg 128 Which of the following is a means of identifying protocol? (Choose all that apply) Question 6 options: Leverage information in the encapsulating protocol Leverage the TCP/UDP port number, many of which are associated with standard default services Test for the presence of recognizable protocol structures Extract the contents of protocol fields. Search for common binary/hexadecimal/ASCII values that are typically associated with a specific protocol - ANS-- Search for common binary/hexadecimal/ASCII values that are typically associated with a specific protocol - Leverage the TCP/UDP port number, many of which are associated with standard default services - Test for the presence of recognizable protocol structures - Leverage information in the encapsulating protocol Header containing source port, destination port, sequence number, ack number - ANSTCP header Headers containing version, header length, total length, identification, fragment offset, ttl, protocol, header checksum, source address, destination address - ANS-IP header Network based digital evidence - ANS-digital evidence produced as a result of communication over a network Examining the contents and/or metadata of one or more protocols within a set of packets is referred to as ______. Question 7 options: Packet matching Flow Analysis Packet Analysis Protocol Analysis - ANS-Packet Analysis pg 95 4.2 The technique of interpreting the data in a frame according to a specific known structure, in order to correctly understand the meaning of each bit in the communication is known as ________. Question 8 options: Packet Analysis Protocol Analysis Protocol Decoding Packet Decoding - ANS-Protocol Decoding pg 90 4.1.3.2 OSCAR - ANS-network forensics investigative methodology includes obtain info, strategize, collect evidence, analyze, and report Which of the following is a technique in decoding network traffic according to a specific protocol specification? Question 9 options: Search for common binary/hexadecimal/ASCII values of the traffic protocol Refer to publicly available documentation and manually decode the traffic Leverage the TCP/UDP port number, Leverage information in the encapsulating protocol - ANS-Refer to publicly available documentation and manually decode the traffic pg 91 4.1 A flow is always mapped one-on-one to a transport connection. true false - ANS-False 4.3 pg 105 Cryptographic hash - ANS-A unique footprint to a piece of data. Used for the integrity of the data also known as checksum. If 2 have the same hash=broken Every network card on an Ethernet network has a ____________MAC address, assigned by the manufacturer. Question 12 options: 2-byte 64-byte 6-byte 32-byte - ANS-6-byte 4.4.1.2 pg 122 Examples of cryptographic hashes - ANS-SHAW1 (secure hashing algorithm 1) MD5 Capture network packets between computers and decode the packets so that one can view what is occurring during transmission - ANS-protocol analysis Which of the following is a technique used in conducting packet analysis? (Choose all that apply) Question 13 options: Separate packets based on the values of fields in protocol metadata. Extract the contents of protocol fields. Test for the presence of recognizable protocol structures Leverage information in the encapsulating protocol Identify packets of interest by matching specific values within the packet capture. - ANS- - Separate packets based on the values of fields in protocol metadata. - Identify packets of interest by matching specific values within the packet capture. - Extract the contents of protocol fields. 4.2.2 pg 99 Special devices designed to perform deeper inspection of network traffic in order to make more intelligent decisions as to what traffic should be forwarded and what traffic should be logged or dropped are called ___________