Networking Chapter 10 What Snapshot And Why Live Acquisition Typically

subject Type Homework Help
subject Pages 8
subject Words 2057
subject Textbook Guide to Computer Forensics and Investigations 5th Edition
subject Authors Amelia Phillips, Bill Nelson, Christopher Steuart
search this document

Unlock document.

This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
page-pf1
Name:
Class:
Date:
Indicate whether the statement is true or false.
1. The capability of type 1 hypervisors is limited only by the amount of available RAM, storage, and throughput.
a.
True
b.
False
2. Type 2 hypervisors are typically loaded on servers or workstations with a lot of RAM and storage.
a.
True
b.
False
3. The Honeynet Project was developed to make information widely available in an attempt to thwart Internet and network
attackers.
a.
True
b.
False
4. The Sysinternals Handle utility shows only file system activity, but does not show what processes are using files on the
file system.
a.
True
b.
False
5. Forensics tools can't directly mount VMs as external drives.
a.
True
b.
False
Indicate the answer choice that best completes the statement or answers the question.
6. The NSA's defense in depth (DiD) strategy contains three modes of protection. Which option below is not one of the
three modes?
a.
People
b.
Technology
c.
Operations
d.
Management
7. The __________________ is the version of Pcap available for Linux based operating systems.
a.
Winpcap
b.
Libpcap
c.
Tcpcap
d.
Netcap
8. The ___________________ is a good tool for extracting information from large Libpcap files; you simply specify the
time frame you want to examine.
a.
Tcpdstat
b.
Tcpslice
c.
Ngrep
d.
tcpdump
page-pf2
Name:
Class:
Date:
9. In Windows, what PowerShell cmdlet can be used in conjunction with Get-VM to display a virtual machine's network
adapters?
a.
Show-NetworkAdapters
b.
Query-ipconfig
c.
Get-VMNetworkAdapter
d.
Dump-Netconfig
10. Select below the program within the PsTools suite that allows you to run processes remotely:
a.
PsService
b.
PsPasswd
c.
PsRemote
d.
PsExec
11. What processor instruction set is required in order to utilize virtualization software?
a.
AMD-VT
b.
Intel VirtualBit
c.
Virtual Machine Extensions (VMX)
d.
Virtual Hardware Extensions (VHX)
12. What utility is best suited to examine e-mail headers or chat logs, or network communication between worms and
viruses?
a.
tcpdump
b.
Argus
c.
Ngrep
d.
Tcpslice
13. The __________ disk image file format is associated with the VirtualBox hypervisor.
a.
.vmdk
b.
.hda
c.
.vhd
d.
.vdi
14. Select below the option that is not a common type 1 hypervisor:
a.
VMware vSphere
b.
Microsoft Hyper-V
c.
Citirix XenServer
d.
Oracle VirtualBox
15. Select the file below that is used in VirtualBox to create a virtual machine:
a.
.vdi
b.
.vbox
c.
.r0
d.
.ova
16. What virtual machine software supports all Windows and Linux OSs as well as Macintosh and Solaris, and is provided
page-pf3
Name:
Class:
Date:
as shareware?
a.
KVM
b.
Parallels
c.
Microsoft Virtual PC
d.
VirtualBox
17. What Windows Registry key contains associations for file extensions?
a.
HKEY_CLASSES_ROOT
b.
HKEY_USERS
c.
HKEY_LOCAL_MACHINE
d.
HKEY_CURRENT_CONFIG
18. In VirtualBox, ____________ different types of virtual network adapters are possible, such as AMD and Intel Pro
adapters.
a.
2
b.
4
c.
6
d.
8
19. The _____________________ tool is an updated version of BackTrack, and contains more than 300 tools, such as
password crackers, network sniffers, and freeware forensics tools.
a.
Kali Linux
b.
Ubuntu
c.
OSForensics
d.
Sleuth Kit
20. What file type below, associated with VMWare, stores VM paging files that are used as RAM for a virtual machine?
a.
.nvram
b.
.vmem
c.
.vmpage
d.
.vmx
21. The tcpdump and Wireshark utilities both use what well known packet capture format?
a.
Netcap
b.
Pcap
c.
Packetd
d.
RAW
22. At what layers of the OSI model do most packet analyzers function?
a.
Layer 1 or 2
b.
Layer 2 or 3
c.
Layer 3 or 4
d.
Layer 4 or 5
23. In a __________ attack, the attacker keeps asking your server to establish a connection, with the intent of overloading
page-pf4
Name:
Class:
Date:
a server with established connections.
a.
smurf
b.
SYN flood
c.
spoof
d.
ghost
24. The SANS Investigative Forensics Toolkit (SIFT) appliance can currently only be installed on what version of
Ubuntu?
a.
12.04
b.
13.11
c.
14.04
d.
14.11
25. The _______________ command line program is a common way of examining network traffic, which provides
records of network activity while it is running, and produce hundreds or thousands of records.
a.
netstat
b.
ls
c.
ifconfig
d.
tcpdump
Enter the appropriate word(s) to complete the statement.
26. The ___________________ utility can be used to view network traffic graphically.
27. Updating security patches, antivirus software, and OSs fall into the ________________ category of the defense in
depth strategy.
28. The ________________ software lists all open network sockets, including those hidden by rootkits, and also works on
both 32-bit and 64-bit systems.
29. __________________ help offset hardware costs for companies and are handy when you want to run legacy or
uncommon OSs and software along with the other software on your computer.
30. The ___________________ utility from Sysinternals shows what files, Registry keys, and DLLs are loaded at a
specific time.
Match the following terms with the correct definitions below:
a.
defense in depth (DiD)
b.
distributed denial-of-service (DDoS) attacks
c.
honeypot
d.
honeywalls
e.
layered network defense strategy
f.
network forensics
g.
type 1 hypervisor
h.
type 2 hypervisor
i.
zero day attacks
j.
zombies
31. A type of DoS attack in which other online machines are used, without the owner's knowledge, to launch an attack.
32. An approach to network hardening that sets up several network layers to place the most valuable data at the innermost
page-pf5
Name:
Class:
Date:
part of the network
33. A virtual machine interface that's loaded on top of an existing OS.
34. The NSA's approach to implementing a layered network defense strategy. It focuses on three modes of protection:
people, technology, and operations.
35. The process of collecting and analyzing raw network data and systematically tracking network traffic to determine
how security incidents occur.
36. Computers used without the owners' knowledge in a DDoS attack.
37. Intrusion prevention and monitoring systems that track what attackers do on honeypots.
38. Attacks launched before vendors or network administrators have discovered vulnerabilities and patches for them have
been released.
39. A virtual machine interface that loads on physical hardware and contains its own OS.
40. A computer or network set up to lure an attacker.
41. Why are live acquisitions becoming a necessity, and why don't live acquisitions follow typical forensics procedures?
42. Define network forensics, and explain how network forensics can be used.
43. Describe the defense in depth (DiD) strategy, and outline each of the three modes of protection.
44. What is a VM snapshot, and why is a live acquisition typically required for VMs?
45. What is the biggest problem with live acquisitions?
46. Describe the standard procedure for performing network forensics.
47. Explain the need for using established procedures for acquiring data after an attack or intrusion incident, and list some
resources that address these needs.
48. What is a packet analyzer, and how is it used?
49. What is the difference between a type 1 and a type 2 hypervisor?
50. Describe a zero day attack.
page-pf6
Name:
Class:
Date:
page-pf7
Name:
Class:
Date:
page-pf8
Name:
Class:
Date:

Trusted by Thousands of
Students

Here are what students say about us.

Resources
Company
Legal

Copyright ©2022 All rights reserved. | CoursePaper is not sponsored or endorsed by any college or university.