Question 1

Select the file below that is used in VirtualBox to create a virtual machine:&#8203;&#10;A)&#8203;.vdi&#10;B)&#8203;.vbox&#10;C).r0&#10;D).ova

Accepted Answer

The .ova file is used in VirtualBox to create a virtual machine. It is essentially a pre-packaged virtual machine with all the necessary settings and configurations already in place. It can be imported into VirtualBox with a few clicks, making it the easiest and most convenient way to create a virtual machine.

Question 2

What utility is best suited to examine e-mail headers or chat logs, or network communication between worms and viruses?&#8203;&#10;A)&#8203;tcpdump&#10;B)&#8203;Argus&#10;C)Ngrep&#10;D)Tcpslice

Accepted Answer

Ngrep is a utility that allows users to match patterns in network traffic and display the results, making it an excellent choice for examining email headers or chat logs, or even network communication between worms and viruses. Tcpdump, Argus, and Tcpslice are other network analysis tools, but they are not as well-suited for these specific tasks.

Question 3

What virtual machine software supports all Windows and Linux OSs as well as Macintosh and Solaris, and is provided as shareware?&#8203;&#10;A)&#8203;KVM&#10;B)&#8203;Parallels&#10;C)Microsoft Virtual PC&#10;D)VirtualBox

Accepted Answer

VirtualBox is the only option listed that supports all Windows and Linux OSs as well as Macintosh and Solaris. It is also provided as shareware. KVM is a virtualization tool primarily for Linux systems, Parallels is mainly for Macintosh systems, and Microsoft Virtual PC only supports Windows operating systems.

Question 4

What file type below, associated with VMWare, stores VM paging files that are used as RAM for a virtual machine?&#8203;&#10;A)&#8203;.nvram&#10;B)&#8203;.vmem&#10;C) .&#8203;vmpage&#10;D).vmx

Accepted Answer

The .vmem file type stores VM paging files that are used as RAM for a virtual machine in VMWare.

Question 5

In VirtualBox, ____________ different types of virtual network adapters are possible, such as AMD and Intel Pro adapters.&#8203;&#10;A)&#8203;2&#10;B)&#8203;4&#10;C)6&#10;D)8

Accepted Answer

VirtualBox supports six different types of virtual network adapters, including AMD and Intel Pro adapters.

Question 6

Forensics tools can't directly mount VMs as external drives.&#8203;

Accepted Answer

Forensic tools can directly mount VMs (Virtual Machines) as external drives, allowing for the examination of the file system and data within the VM without running the actual VM. This is useful for digital forensic investigations.

Question 7

What processor instruction set is required in order to utilize virtualization software?&#8203;&#10;A)&#8203;AMD-VT&#10;B)&#8203;Intel VirtualBit&#10;C)Virtual Machine Extensions (VMX)&#10;D)Virtual Hardware Extensions (VHX)

Accepted Answer

Virtual Machine Extensions (VMX) is the Intel processor instruction set required to utilize virtualization software. It allows the creation of multiple virtual machines on a single physical machine and enables efficient sharing of hardware resources. AMD-VT is the equivalent instruction set for AMD processors. VirtualBit and VHX are not actual processor instruction sets.

Question 8

The _____________________ tool is an updated version of BackTrack, and contains more than 300 tools, such as password crackers, network sniffers, and freeware forensics tools.&#8203;&#10;A)&#8203;Kali Linux&#10;B)&#8203;Ubuntu&#10;C)OSForensics&#10;D)Sleuth Kit

Accepted Answer

Kali Linux is a popular and comprehensive cybersecurity and penetration testing platform that comes pre-installed with over 300 tools, including password crackers, network sniffers, and freeware forensics tools. It is an updated version of BackTrack, another popular penetration testing platform. Therefore, Kali Linux is the best answer.

Question 9

The ___________________ is a good tool for extracting information from large Libpcap files; you simply specify the time frame you want to examine.&#10;A)&#8203;Tcpdstat&#10;B)&#8203;Tcpslice&#10;C)Ngrep&#10;D)tcpdump

Accepted Answer

Tcpslice is a good tool for extracting information from large Libpcap files by specifying the time frame you want to examine. Tcpdstat analyzes TCP connections and displays information such as connection setup and teardown times, data flow, and retransmissions. Ngrep is a network grep tool that allows you to search for patterns in network traffic. Tcpdump is a command-line packet analyzer that captures and displays network traffic.

Question 10

What Windows Registry key contains associations for file extensions?&#8203;&#10;A)&#8203;HKEY_CLASSES_ROOT&#10;B)&#8203;HKEY_USERS&#10;C)HKEY_LOCAL_MACHINE&#10;D)HKEY_CURRENT_CONFIG

Accepted Answer

The HKEY_CLASSES_ROOT key contains the current file, folder, and application associations for file extensions in Windows Registry.

Question 11

In Windows, what PowerShell cmdlet can be used in conjunction with Get-VM&#8203; to display a virtual machine's network adapters?&#10;A)&#8203;Show-NetworkAdapters&#10;B)&#8203;Query-ipconfig&#10;C)Get-VMNetworkAdapter&#10;D)Dump-Netconfig

Accepted Answer

The answer of In Windows, what PowerShell cmdlet can be...

Question 12

Select below the program within the PsTools suite that allows you to run processes remotely:&#8203;&#10;A)&#8203;PsService&#10;B)&#8203;PsPasswd&#10;C)PsRemote&#10;D)PsExec

Accepted Answer

The answer of Select below the program within the PsTools...

Question 13

Select below the option that is not a common type 1 hypervisor:&#8203;&#10;A)&#8203;VMware vSphere&#10;B)&#8203;Microsoft Hyper-V&#10;C)Citirix XenServer&#10;D)Oracle VirtualBox

Accepted Answer

The answer of Select below the option that is not...

Question 14

The __________ disk image file format is associated with the VirtualBox hypervisor.&#8203;&#10;A).&#8203;vmdk&#10;B)&#8203;.hda&#10;C).vhd&#10;D).vdi

Accepted Answer

The answer of The __________ disk image file format is...

Question 15

The __________________ is the version of Pcap available for Linux based operating systems.&#8203;&#10;A)&#8203;Winpcap&#10;B)&#8203;Libpcap&#10;C)Tcpcap&#10;D)Netcap

Accepted Answer

The answer of The __________________ is the version of Pcap...

Question 16

The Honeynet Project was developed to make information widely available in an attempt to thwart Internet and network attackers.&#8203;

Accepted Answer

The answer of The Honeynet Project was developed to make...

Question 17

The NSA's defense in depth (DiD) strategy contains three modes of protection. Which option below is not one of the three modes?&#8203;&#10;A)&#8203;People&#10;B)&#8203;Technology&#10;C)Operations&#10;D)Management

Accepted Answer

The answer of The NSA's defense in depth (DiD) strategy...

Question 18

The capability of type 1 hypervisors is limited only by the amount of available RAM, storage, and throughput.&#8203;

Accepted Answer

The answer of The capability of type 1 hypervisors is...

Question 19

Type 2 hypervisors are typically loaded on servers or workstations with a lot of RAM and storage.&#8203;

Accepted Answer

The answer of Type 2 hypervisors are typically loaded on...

Question 20

The Sysinternals Handle utility shows only file system activity, but does not show what processes are using files on the file system.

Accepted Answer

The answer of The Sysinternals Handle utility shows only file...

Question 21

?Match the following terms with the correct definitions below:?

-An approach to network hardening that sets up several network layers to place the most valuable data at the innermost part of the network?

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 22

?Match the following terms with the correct definitions below:?

-A computer or network set up to lure an attacker.?

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 23

?Match the following terms with the correct definitions below:?

-?A type of DoS attack in which other online machines are used, without the owner's knowledge, to launch an attack.

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 24

In a __________ attack, the attacker keeps asking your server to establish a connection, with the intent of overloading a server with established connections.&#8203;&#10;A)smurf&#8203;&#10;B)&#8203;SYN flood&#10;C)spoof&#10;D)ghost

Accepted Answer

The answer of In a __________ attack, the attacker keeps...

Question 25

The ___________________ utility can be used to view network traffic graphically.&#8203;

Accepted Answer

The answer of The ___________________ utility can be used to...

Question 26

The &#8203;tcpdump and Wireshark utilities both use what well known packet capture format?&#10;A)&#8203;Netcap&#10;B)&#8203;Pcap&#10;C)Packetd&#10;D)RAW

Accepted Answer

The answer of The &#8203;tcpdump and Wireshark utilities both use...

Question 27

The ___________________ utility from Sysinternals shows what files, Registry keys, and DLLs are loaded at a specific time.&#8203;

Accepted Answer

The answer of The ___________________ utility from Sysinternals shows what...

Question 28

?The _______________ command line program is a common way of examining network traffic, which provides records of network activity while it is running, and produce hundreds or thousands of records.&#10;A)?netstat&#10;B)?ls&#10;C)ifconfig&#10;D)tcpdump&#10;

Accepted Answer

The answer of ?The _______________ command line program is a...

Question 29

The ________________ software lists all open network sockets, including those hidden by rootkits, and also works on both 32-bit and 64-bit systems.&#8203;

Accepted Answer

The answer of The ________________ software lists all open network...

Question 30

?Match the following terms with the correct definitions below:?

-A computer or network set up to lure an attacker.?

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 31

?Match the following terms with the correct definitions below:?

-?Intrusion prevention and monitoring systems that track what attackers do on honeypots.

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 32

?Match the following terms with the correct definitions below:?

-?A type of DoS attack in which other online machines are used, without the owner's knowledge, to launch an attack.

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 33

At what layers of the OSI model do most packet analyzers function?&#8203;&#10;A)&#8203;Layer 1 or 2&#10;B)&#8203;Layer 2 or 3&#10;C)Layer 3 or 4&#10;D)Layer 4 or 5

Accepted Answer

The answer of At what layers of the OSI model...

Question 34

?Match the following terms with the correct definitions below:?

-?The NSA's approach to implementing a layered network defense strategy. It focuses on three modes of protection: people, technology, and operations.

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 35

__________________ help offset hardware costs for companies and are handy when you want to run legacy or uncommon OSs and software along with the other software on your computer.&#8203;

Accepted Answer

The answer of __________________ help offset hardware costs for companies...

Question 36

?Match the following terms with the correct definitions below:?

-A computer or network set up to lure an attacker.?

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 37

?Match the following terms with the correct definitions below:?

-Attacks launched before vendors or network administrators have discovered vulnerabilities and patches for them have been released.?

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 38

Updating security patches, antivirus software, and OSs fall into the ________________ category of the defense in depth strategy.&#8203;

Accepted Answer

The answer of Updating security patches, antivirus software, and OSs...

Question 39

?Match the following terms with the correct definitions below:?

-A computer or network set up to lure an attacker.?

A)?defense in depth (DiD)
B)distributed denial-of-service (DDoS) attacks
C)?honeypot
D)honeywalls?
E)?layered network defense strategy
F)network forensics?
G)?type 1 hypervisor
H)type 2 hypervisor?
I)?zero day attacks
J)zombies

فتح الحزمة

افتح القفل للوصول البطاقات البالغ عددها 50 في هذه المجموعة.

فتح الحزمة

k this deck

Accepted Answer

The answer of ?Match the following terms with the correct...

Question 40

The SANS Investigative Forensics Toolkit (SIFT) appliance can currently only be installed on what version of Ubuntu?&#8203;&#10;A)&#8203;12.04&#10;B)&#8203;13.11&#10;C)14.04&#10;D)14.11

Accepted Answer

The answer of The SANS Investigative Forensics Toolkit (SIFT) appliance...

Question 41

Describe a zero day attack.&#8203;

Accepted Answer

The answer of Describe a zero day attack.&#8203;...

Question 42

What is a packet analyzer, and how is it used?&#8203;

Accepted Answer

The answer of What is a packet analyzer, and how...

Question 43

&#8203;Define network forensics, and explain how network forensics can be used.

Accepted Answer

The answer of &#8203;Define network forensics, and explain how network...

Question 44

What is a VM snapshot, and why is a live acquisition typically required for VMs?&#8203;

Accepted Answer

The answer of What is a VM snapshot, and why...

Question 45

Describe the defense in depth (DiD) strategy, and outline each of the three modes of protection.&#8203;

Accepted Answer

The answer of Describe the defense in depth (DiD) strategy,...

Question 46

What is the biggest problem with live acquisitions?&#8203;

Accepted Answer

The answer of What is the biggest problem with live...

Question 47

Explain the need for using established procedures for acquiring data after an attack or intrusion incident, and list some resources that address these needs.&#8203;

Accepted Answer

The answer of Explain the need for using established procedures...

Question 48

Describe the standard procedure for performing network forensics.&#8203;

Accepted Answer

The answer of Describe the standard procedure for performing network...

Question 49

Why are live acquisitions becoming a necessity, and why don't live acquisitions follow typical forensics procedures?&#8203;

Accepted Answer

The answer of Why are live acquisitions becoming a necessity,...

Question 50

What is the difference between a type 1 and a type 2 hypervisor?&#8203;

Accepted Answer

The answer of What is the difference between a type...

Deck 10: Virtual Machine and Cloud Forensics