Question 1

Using an NFAT system,an event or security breach can be

Accepted Answer

A) Detected 
B) Monitored 
C) Traced in real-time 
D) All are correct 
A) Detected 
B) Monitored 
C) Traced in real-time 
D) All are correct D

Question 2

Which type of firewall acts as a mediator between internal hosts and external connections such as the Internet?

Accepted Answer

A) Network layer firewall 
B) Application layer firewall 
C) Proxy firewall 
D) Internet firewall 
A) Network layer firewall 
B) Application layer firewall 
C) Proxy firewall 
D) Internet firewall C

Question 3

What is considered to be the first line of defense for networks?

Accepted Answer

A) IDSs 
B) Firewalls 
C) Routers 
D) Switches 
A) IDSs 
B) Firewalls 
C) Routers 
D) Switches B

Question 4

Which of the following is NOT a component of an NFAT system?

Accepted Answer

A) Agents 
B) Server 
C) Logs 
D) Examiner computer 
A) Agents 
B) Server 
C) Logs 
D) Examiner computer

Question 5

________ Software allows you to forensically search for data on your entire network using nothing more than keywords or phrases.

Accepted Answer

The answer of ________ Software allows you to forensically search...

Question 6

The NFAT software usually contains a query language such as

Accepted Answer

A) IMS 
B) IIS 
C) SQL 
D) PHP 
A) IMS 
B) IIS 
C) SQL 
D) PHP

Question 7

________ have the capability to map internal IP addresses in such a way that they appear to be part of another network.

Accepted Answer

The answer of ________ have the capability to map internal...

Question 8

Match the NFAT components with their description.
-Examiner computer

Accepted Answer

A) Where the analysis is performed 
B) Contains a large database 
C) Modules installed on hosts 
A) Where the analysis is performed 
B) Contains a large database 
C) Modules installed on hosts

Question 9

A problem that can occur with IDS alerts is ________,when an IDS mistakenly flags an innocent file as being suspicious.

Accepted Answer

The answer of A problem that can occur with IDS...

Question 10

Which of the following is considered the BEST answer in defining DHCP?

Accepted Answer

A) They dynamically assign IP addresses. 
B) They dynamically assign IP addresses to servers. 
C) They dynamically assign IP addresses to computers. 
D) They dynamically assign IP addresses to computers on a network. 
A) They dynamically assign IP addresses. 
B) They dynamically assign IP addresses to servers. 
C) They dynamically assign IP addresses to computers. 
D) They dynamically assign IP addresses to computers on a network.

Question 11

_______ Software has taken steps to preserve the integrity of the data collected from the agents via encryption both from agent to server and from the examiner's station to server.

Accepted Answer

The answer of _______ Software has taken steps to preserve...

Question 12

The newest NFAT systems are a combination of

Accepted Answer

A) IDS and application software 
B) IDS and forensic software 
C) Agents and application software 
D) DHCP servers and IDSs 
A) IDS and application software 
B) IDS and forensic software 
C) Agents and application software 
D) DHCP servers and IDSs

Question 13

Determining the date and time of an event can be a problem with multiple devices on a network because

Accepted Answer

A) Only certain devices record dates and times 
B) Device clocks tend to drift slightly 
C) It can be a challenge to locate where the date and time are recorded 
D) Time stamps cannot be used for network devices 
A) Only certain devices record dates and times 
B) Device clocks tend to drift slightly 
C) It can be a challenge to locate where the date and time are recorded 
D) Time stamps cannot be used for network devices

Question 14

Match the device to its description
-WAP

Accepted Answer

A) Repeats any and all data 
B) Duplicates data on any port and forwards it to the NFAT 
C) Transmits and receives RF 
D) Used like a cable splice 
A) Repeats any and all data 
B) Duplicates data on any port and forwards it to the NFAT 
C) Transmits and receives RF 
D) Used like a cable splice

Question 15

Match the device to its description
-SPAN

Accepted Answer

A) Repeats any and all data 
B) Duplicates data on any port and forwards it to the NFAT 
C) Transmits and receives RF 
D) Used like a cable splice 
A) Repeats any and all data 
B) Duplicates data on any port and forwards it to the NFAT 
C) Transmits and receives RF 
D) Used like a cable splice

Question 16

Match between columns
                        Premises: Agents

Accepted Answer

The Answer of Modules installed on hosts and Contains a is...

Question 17

What device holds two network interface cards and records all data passing through it?

Accepted Answer

A) WAP 
B) TAP 
C) SPAN 
D) Host inline device 
A) WAP 
B) TAP 
C) SPAN 
D) Host inline device

Question 18

What is designed to collect data straight from the network media?

Accepted Answer

A) Packet analyzers 
B) Packet sniffers 
C) Packet sifters 
D) Packet lifters 
A) Packet analyzers 
B) Packet sniffers 
C) Packet sifters 
D) Packet lifters

Question 19

NFAT tools discussed in this chapter include all of the following features EXCEPT

Accepted Answer

A) Real-time network data capture 
B) Command-line interface 
C) Content analysis 
D) Reporting 
A) Real-time network data capture 
B) Command-line interface 
C) Content analysis 
D) Reporting

Question 20

Match the device to its description
-Hub

Accepted Answer

A) Repeats any and all data 
B) Duplicates data on any port and forwards it to the NFAT 
C) Transmits and receives RF 
D) Used like a cable splice 
A) Repeats any and all data 
B) Duplicates data on any port and forwards it to the NFAT 
C) Transmits and receives RF 
D) Used like a cable splice

Using an NFAT system,an event or security breach can be

Which type of firewall acts as a mediator between internal hosts and external connections such as the Internet?

What is considered to be the first line of defense for networks?

Which of the following is NOT a component of an NFAT system?

________ Software allows you to forensically search for data on your entire network using nothing more than keywords or phrases.

The NFAT software usually contains a query language such as

________ have the capability to map internal IP addresses in such a way that they appear to be part of another network.

Match the NFAT components with their description. -Examiner computer

A problem that can occur with IDS alerts is ________,when an IDS mistakenly flags an innocent file as being suspicious.

Which of the following is considered the BEST answer in defining DHCP?

_______ Software has taken steps to preserve the integrity of the data collected from the agents via encryption both from agent to server and from the examiner's station to server.

The newest NFAT systems are a combination of

Determining the date and time of an event can be a problem with multiple devices on a network because

Match the device to its description -WAP

Match the device to its description -SPAN

What device holds two network interface cards and records all data passing through it?

What is designed to collect data straight from the network media?

NFAT tools discussed in this chapter include all of the following features EXCEPT

Match the device to its description -Hub

Forensic Evidence and Crime Investigation

Computer Forensics Anddigital Detective Work

Tools, Environments, Equipment, and Certifications

Policies and Procedures

Data, PDA, and Cell Phone Forensics

Operating Systems and Data Transmission Basics for Digital Investigations

Investigating Windows, linux, and Graphic Files

E-Mail and Webmail Forensics

Tracking Down Those Who Intend to Do Harm on a Large Scale

Fraud and Forensic Accounting Investigation

Federal Rules and Criminal Codes

Ethical and Professional Responsibility in Testimony

Filters

Exam 9: Internet and Network Forensics and Intrusion Detection

Using an NFAT system,an event or security breach can be

Which type of firewall acts as a mediator between internal hosts and external connections such as the Internet?

What is considered to be the first line of defense for networks?

Which of the following is NOT a component of an NFAT system?

________ Software allows you to forensically search for data on your entire network using nothing more than keywords or phrases.

The NFAT software usually contains a query language such as

________ have the capability to map internal IP addresses in such a way that they appear to be part of another network.

Match the NFAT components with their description. -Examiner computer

A problem that can occur with IDS alerts is ________,when an IDS mistakenly flags an innocent file as being suspicious.

Which of the following is considered the BEST answer in defining DHCP?

_______ Software has taken steps to preserve the integrity of the data collected from the agents via encryption both from agent to server and from the examiner's station to server.

The newest NFAT systems are a combination of

Determining the date and time of an event can be a problem with multiple devices on a network because

Match the device to its description -WAP

Match the device to its description -SPAN

What device holds two network interface cards and records all data passing through it?

What is designed to collect data straight from the network media?

NFAT tools discussed in this chapter include all of the following features EXCEPT

Match the device to its description -Hub

Forensic Evidence and Crime Investigation

Computer Forensics Anddigital Detective Work

Tools, Environments, Equipment, and Certifications

Policies and Procedures

Data, PDA, and Cell Phone Forensics

Operating Systems and Data Transmission Basics for Digital Investigations

Investigating Windows, linux, and Graphic Files

E-Mail and Webmail Forensics

Tracking Down Those Who Intend to Do Harm on a Large Scale

Fraud and Forensic Accounting Investigation

Federal Rules and Criminal Codes

Ethical and Professional Responsibility in Testimony

Filters