0% found this document useful (0 votes)
59 views15 pages

Unit5 Mcqs

The document provides a series of questions and answers related to network forensic investigations, focusing on OSI layers, protocols, and forensic tools. Key topics include the relevance of the Transport and Network layers, the significance of email protocols like SMTP, and the importance of tools such as Wireshark for analyzing network traffic. Additionally, it addresses challenges in forensic analysis, such as dealing with encrypted traffic and identifying unauthorized access.

Uploaded by

Ravi Gorli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
59 views15 pages

Unit5 Mcqs

The document provides a series of questions and answers related to network forensic investigations, focusing on OSI layers, protocols, and forensic tools. Key topics include the relevance of the Transport and Network layers, the significance of email protocols like SMTP, and the importance of tools such as Wireshark for analyzing network traffic. Additionally, it addresses challenges in forensic analysis, such as dealing with encrypted traffic and identifying unauthorized access.

Uploaded by

Ravi Gorli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 15

Which OSI layer is most relevant in network forensic investigations involving

packet capture?
A. Application
B. Transport
C. Network
D. Data Link
ANSWER: C

Which protocol is often analyzed in digital forensics to trace email headers?


A. FTP
B. SMTP
C. ICMP
D. ARP
ANSWER: B

What type of forensic evidence can be gathered from the Transport Layer?
A. MAC addresses
B. IP addresses
C. TCP/UDP session details
D. Physical device information
ANSWER: C

Which network device operates at Layer 3 and is crucial for forensic packet
tracing?
A. Switch
B. Router
C. Hub
D. Repeater
ANSWER: B

Which OSI layer is responsible for ensuring reliable data transmission, making it
useful in forensic analysis of dropped packets?
A. Physical
B. Data Link
C. Transport
D. Network
ANSWER: C

Which command is useful in forensic investigations to trace the path packets take
through a network?
A. nslookup
B. traceroute
C. netstat
D. ipconfig
ANSWER: B

What forensic artifact is found at the Data Link Layer?


A. IP address
B. MAC address
C. Domain name
D. HTTP headers
ANSWER: B

Which OSI layer handles encryption and compression, making it significant in


forensic analysis of secure communications?
A. Transport
B. Network
C. Presentation
D. Data Link
ANSWER: C

Which forensic tool is commonly used to analyze network traffic and extract
packets?
A. Wireshark
B. Metasploit
C. Autopsy
D. FTK
ANSWER: A

What digital forensic evidence can be obtained from the Application Layer?
A. Packet fragmentation data
B. TCP sequence numbers
C. HTTP requests and responses
D. Routing tables
ANSWER: C

Which of the following is a primary concern in forensic analysis of wireless


networks?
A. IP packet headers
B. Signal interference
C. MAC address spoofing
D. Bandwidth allocation
ANSWER: C

Which command-line tool helps in forensic analysis by displaying open network


connections?
A. nslookup
B. netstat
C. ping
D. whois
ANSWER: B

Which protocol is most relevant for forensic investigations into real-time


communication applications?
A. FTP
B. SNMP
C. SIP
D. IMAP
ANSWER: C

Which forensic technique is used to analyze network logs for suspicious activities?
A. Memory forensics
B. Log correlation
C. Disk imaging
D. File carving
ANSWER: B

What is the purpose of deep packet inspection in digital forensics?


A. To analyze packet headers only
B. To capture and examine packet contents
C. To encrypt sensitive data
D. To speed up network performance
ANSWER: B

Which forensic challenge arises when analyzing encrypted network traffic?


A. Identifying MAC addresses
B. Deciphering packet payloads
C. Tracing hop counts
D. Detecting IP fragmentation
ANSWER: B

Which OSI layer is responsible for logical addressing, which is critical for
tracking network activity in forensic investigations?
A. Transport
B. Network
C. Data Link
D. Application
ANSWER: B

Which protocol is commonly analyzed in forensic investigations to track domain name


resolution?
A. ICMP
B. DNS
C. SSH
D. Telnet
ANSWER: B

What type of digital forensic evidence can be obtained from packet capture at the
Physical Layer?
A. Signal strength and timing
B. IP routing tables
C. Email headers
D. TCP connection status
ANSWER: A

Which forensic tool is used to extract and analyze email headers in an


investigation?
A. Wireshark
B. ExifTool
C. FTK
D. Xplico
ANSWER: D

Which protocol is used to retrieve emails and is significant in forensic email


investigations?
A. SMTP
B. POP3
C. SNMP
D. ICMP
ANSWER: B

What is the significance of a firewall log in network forensics?


A. It stores encrypted emails
B. It records network traffic passing through a firewall
C. It captures images from network traffic
D. It detects physical device tampering
ANSWER: B

Which attack technique is commonly analyzed in forensic investigations of


unauthorized network access?
A. SQL Injection
B. Man-in-the-middle attack
C. Buffer overflow
D. Social engineering
ANSWER: B

Which OSI layer plays a key role in forensic investigation of intercepted VoIP
communications?
A. Transport
B. Network
C. Data Link
D. Application
ANSWER: D

Which type of log file is most useful in analyzing failed login attempts in a
forensic investigation?
A. HTTP access logs
B. DNS query logs
C. System authentication logs
D. ARP cache logs
ANSWER: C

Which forensic method is used to identify unauthorized devices on a network?


A. Traffic shaping
B. Network scanning
C. Disk imaging
D. Steganography
ANSWER: B

Which of the following is an indicator of potential network-based cyber threats?


A. Frequent ARP requests
B. High CPU temperature
C. Low disk space
D. File permission changes
ANSWER: A

Which forensic tool is used to analyze TCP/IP connections and find malicious
network activity?
A. Nmap
B. FTK Imager
C. Volatility
D. Autopsy
ANSWER: A

What is the primary challenge when performing forensic analysis on cloud-based


network traffic?
A. Lack of physical evidence
B. Low storage capacity
C. Unreliable timestamps
D. Slow data transfer speeds
ANSWER: A

Which OSI layer is crucial when analyzing VPN traffic in a forensic investigation?
A. Data Link
B. Network
C. Transport
D. Application
ANSWER: C
Which protocol is most commonly analyzed in forensic investigations of web traffic?
A. FTP
B. HTTP
C. SMTP
D. SNMP
ANSWER: B

Which forensic tool is used to capture and analyze network traffic?


A. Wireshark
B. Metasploit
C. Autopsy
D. Volatility
ANSWER: A

Which Internet service is commonly investigated in forensic analysis of social


media activity?
A. DNS
B. HTTP
C. VPN
D. FTP
ANSWER: B

What forensic information can be extracted from an email header?


A. IP address of the sender
B. Encrypted attachments
C. Contents of the email body
D. MAC address of the sender
ANSWER: A

Which command is used to determine the IP address of a domain in forensic analysis?


A. ping
B. nslookup
C. netstat
D. traceroute
ANSWER: B

Which log file is useful in tracing web activity in forensic investigations?


A. System log
B. HTTP access log
C. DNS cache log
D. Event viewer log
ANSWER: B

Which forensic technique is used to track an IP address to its approximate


location?
A. Traceroute
B. Whois lookup
C. Geolocation tracking
D. ARP poisoning
ANSWER: C

What digital forensic evidence can be obtained from a DNS query log?
A. Websites visited
B. MAC address of the user
C. Physical location of the device
D. Email sender details
ANSWER: A

Which of the following can be used to trace the ownership of an IP address?


A. Whois lookup
B. Ping
C. Netstat
D. ARP table
ANSWER: A

Which protocol is used to transfer files and is often analyzed in forensic


investigations?
A. FTP
B. SMTP
C. SNMP
D. DHCP
ANSWER: A

Which of the following is a challenge in forensic investigations of VPN traffic?


A. Lack of encryption
B. Obfuscation of real IP addresses
C. Easy decryption of traffic
D. Lack of authentication logs
ANSWER: B

Which forensic artifact is useful in tracing an attacker's identity in an HTTP


request?
A. User-Agent string
B. File size
C. MAC address
D. Packet sequence number
ANSWER: A

Which protocol is commonly used to send emails and is relevant in forensic email
investigations?
A. HTTP
B. FTP
C. SMTP
D. IMAP
ANSWER: C

Which tool can be used to check domain registration details in a forensic


investigation?
A. netstat
B. whois
C. ifconfig
D. ping
ANSWER: B

Which digital forensic evidence is typically extracted from browser history?


A. Visited websites
B. MAC addresses
C. Physical memory dumps
D. BIOS settings
ANSWER: A

What information can be obtained from a forensic analysis of an IP packet header?


A. Source and destination IP addresses
B. Email attachments
C. File metadata
D. Password hashes
ANSWER: A

Which of the following is a common method attackers use to hide their real IP
address?
A. VPN
B. Ping flood
C. ARP spoofing
D. DNS poisoning
ANSWER: A
What forensic challenge is associated with tracing Tor network activity?
A. Lack of encryption
B. Frequent IP address changes
C. Open network traffic
D. Lack of HTTP logs
ANSWER: B

Which log file is critical in forensic investigations of unauthorized remote


access?
A. Firewall logs
B. Printer logs
C. USB access logs
D. Bluetooth logs
ANSWER: A

Which forensic tool is used to map the route that packets take to a destination?
A. nslookup
B. traceroute
C. whois
D. netstat
ANSWER: B

Which type of log can help trace phishing attempts in an email investigation?
A. Web server logs
B. Email server logs
C. Printer logs
D. Bluetooth logs
ANSWER: B

What is the primary forensic concern when investigating cloud-based email services?
A. Local storage limitations
B. Lack of encryption
C. Data stored on third-party servers
D. Absence of browser history
ANSWER: C

Which forensic technique is useful for detecting hidden communications within


normal network traffic?
A. Steganography analysis
B. File carving
C. Hash analysis
D. Disk imaging
ANSWER: A

What can forensic investigators use to determine if a suspect has used an


anonymizing proxy?
A. Checking browser cache
B. Analyzing User-Agent strings
C. Investigating IP address inconsistencies
D. Reviewing printer logs
ANSWER: C

Which of the following is a potential source of forensic evidence for tracing an


email scam?
A. Email headers
B. USB device logs
C. CPU temperature logs
D. RAM dumps
ANSWER: A
Which digital forensic technique is used to reconstruct deleted web browsing
history?
A. Memory forensics
B. Cache analysis
C. Hash comparison
D. Live system analysis
ANSWER: B

Which protocol is typically examined in forensic investigations of instant


messaging applications?
A. FTP
B. SIP
C. XMPP
D. SNMP
ANSWER: C

Which forensic method helps identify the geographic location of an attacker?


A. IP geolocation
B. MAC address lookup
C. Packet fragmentation analysis
D. Hash value comparison
ANSWER: A

Which of the following is a challenge when investigating DNS-based cyber attacks?


A. Lack of DNS records
B. Encrypted DNS queries
C. Slow DNS resolution
D. Lack of WHOIS data
ANSWER: B
Which of the following is the primary goal of the collection phase in digital
forensics?
A. Analyzing digital evidence
B. Identifying and preserving digital evidence
C. Modifying system files
D. Deleting redundant data
ANSWER: B

What is the first step in local acquisition of digital evidence?


A. Creating a forensic image
B. Turning off the device
C. Running an antivirus scan
D. Formatting the storage media
ANSWER: A

Which forensic technique is used to create an exact replica of a storage device


without modifying the original data?
A. File carving
B. Disk imaging
C. Steganography
D. Data wiping
ANSWER: B

Which tool is commonly used for disk imaging in forensic investigations?


A. Wireshark
B. Autopsy
C. FTK Imager
D. Nessus
ANSWER: C
Which of the following best describes volatile data?
A. Data stored in cloud services
B. Data that remains after a system shutdown
C. Data lost when a system is powered off
D. Data saved on external hard drives
ANSWER: C

Which command is used to collect network connection details during network


acquisition?
A. ipconfig
B. netstat
C. whois
D. tracert
ANSWER: B

Which network forensic technique captures real-time network traffic?


A. Packet sniffing
B. Disk imaging
C. Steganography
D. Hashing
ANSWER: A

Which tool is commonly used for network packet capture in forensic analysis?
A. EnCase
B. Wireshark
C. FTK
D. Autopsy
ANSWER: B

What is the primary purpose of hashing in local acquisition?


A. To encrypt evidence
B. To compare data integrity
C. To delete duplicate files
D. To compress forensic images
ANSWER: B

Which of the following is an example of non-volatile data?


A. RAM contents
B. Running processes
C. Open network connections
D. Hard drive contents
ANSWER: D

Which forensic tool is used to collect live memory data?


A. Wireshark
B. Volatility
C. Nmap
D. Nessus
ANSWER: B

Which acquisition method captures all active network connections?


A. Static acquisition
B. Full disk imaging
C. Live network capture
D. Log file analysis
ANSWER: C

Which command is useful for identifying open ports during network acquisition?
A. ping
B. nslookup
C. netstat
D. tracert
ANSWER: C

Which network acquisition technique involves examining router logs for forensic
evidence?
A. Memory forensics
B. Live network capture
C. Log file analysis
D. File carving
ANSWER: C

Which method is used to ensure the integrity of collected forensic data?


A. Modifying file timestamps
B. Using hash values
C. Editing metadata
D. Encrypting data
ANSWER: B

Which type of data collection requires pulling logs from network devices like
firewalls and routers?
A. Local acquisition
B. Network acquisition
C. Memory acquisition
D. Mobile device acquisition
ANSWER: B

Which forensic artifact is commonly collected from volatile memory?


A. Deleted files
B. Running processes
C. System logs
D. Disk partitions
ANSWER: B

Which tool is commonly used to collect logs from remote systems?


A. Netcat
B. Wireshark
C. FTK Imager
D. Volatility
ANSWER: A

Which forensic process involves extracting deleted files from storage media?
A. Network sniffing
B. File carving
C. Packet analysis
D. Log correlation
ANSWER: B

Which command provides details about the current user’s network connections?
A. ifconfig
B. netstat
C. tracert
D. nslookup
ANSWER: B

Which type of evidence is crucial in forensic analysis of a hacking attempt over a


network?
A. Network traffic logs
B. CPU temperature logs
C. Printer logs
D. USB access logs
ANSWER: A

Which acquisition method is preferred when dealing with a powered-on system?


A. Static acquisition
B. Live acquisition
C. Cloud acquisition
D. Hybrid acquisition
ANSWER: B

Which forensic challenge is commonly associated with network acquisition?


A. Lack of log files
B. Data encryption
C. Physical damage to hard drives
D. Lack of disk space
ANSWER: B

Which type of forensic acquisition focuses on collecting data from cloud services?
A. Network acquisition
B. Local acquisition
C. Cloud acquisition
D. Static acquisition
ANSWER: C

Which of the following must be considered when conducting a forensic network


acquisition?
A. Bandwidth usage
B. System boot time
C. File permission changes
D. USB device logs
ANSWER: A

Which digital forensic tool is used to collect logs from a Windows machine?
A. Event Viewer
B. Wireshark
C. Nmap
D. Netcat
ANSWER: A

What is the main challenge when collecting evidence from a live network?
A. Data volatility
B. Hard drive corruption
C. Lack of encryption
D. Printer connectivity
ANSWER: A

Which method is most suitable for forensic acquisition of a router’s configuration?


A. Disk imaging
B. Log file extraction
C. Memory dumping
D. File carving
ANSWER: B

Which type of forensic acquisition is performed when copying an entire hard drive?
A. Live acquisition
B. Static acquisition
C. Cloud acquisition
D. Network acquisition
ANSWER: B
What is the primary objective of the examination phase in network forensics?
A. Identifying and preserving evidence
B. Analyzing collected data for anomalies
C. Destroying unnecessary data
D. Encrypting forensic images
ANSWER: B

Which tool is commonly used for network traffic analysis in forensic


investigations?
A. Wireshark
B. Autopsy
C. FTK Imager
D. Nessus
ANSWER: A

Which log file is most useful for examining unauthorized access attempts in network
forensics?
A. Firewall logs
B. Printer logs
C. USB access logs
D. BIOS logs
ANSWER: A

Which network forensic technique is used to reconstruct web browsing activity?


A. Packet analysis
B. Memory forensics
C. File carving
D. Log correlation
ANSWER: A

Which of the following can indicate a potential network intrusion?


A. Increased CPU temperature
B. Multiple failed login attempts
C. A decrease in available RAM
D. Frequent printer access
ANSWER: B

What type of evidence is most critical when analyzing a Distributed Denial of


Service (DDoS) attack?
A. Network traffic logs
B. USB device logs
C. Email metadata
D. File system timestamps
ANSWER: A

Which forensic tool is used for deep packet inspection in network analysis?
A. Snort
B. Metasploit
C. VeraCrypt
D. Recuva
ANSWER: A

Which network forensic artifact helps in identifying an attacker's geographical


location?
A. DNS cache
B. IP address logs
C. RAM dumps
D. File system metadata
ANSWER: B

Which of the following is an important aspect of log file analysis in network


forensics?
A. Identifying anomalies in event logs
B. Changing timestamps of network events
C. Deleting old log files
D. Encrypting all network packets
ANSWER: A

Which forensic method is used to detect hidden communication channels in a network?


A. Steganography analysis
B. File carving
C. Disk imaging
D. Hash comparison
ANSWER: A

What is the purpose of session reconstruction in network forensics?


A. To analyze user activities
B. To delete log files
C. To encrypt traffic logs
D. To create new network packets
ANSWER: A

Which of the following is an example of non-volatile network evidence?


A. RAM contents
B. Open network connections
C. Log files
D. Running processes
ANSWER: C

Which of the following is a key challenge in network forensic analysis?


A. Log file corruption
B. Lack of encrypted data
C. Easy identification of attackers
D. Limited forensic tools
ANSWER: A

Which network forensic technique helps in detecting unauthorized data transfers?


A. Packet sniffing
B. Hard disk cloning
C. USB forensics
D. File hashing
ANSWER: A

Which protocol is often examined in forensic investigations of email-based


cybercrimes?
A. SMTP
B. FTP
C. SNMP
D. ARP
ANSWER: A

Which tool is commonly used to detect network intrusions?


A. Snort
B. FTK Imager
C. Autopsy
D. Recuva
ANSWER: A

Which forensic artifact can help trace an attacker using a proxy?


A. IP logs
B. Printer queue logs
C. BIOS logs
D. System restore points
ANSWER: A

Which of the following is a key forensic challenge when examining encrypted network
traffic?
A. Lack of encryption keys
B. Unreliable hashing algorithms
C. Incomplete network logs
D. Excessive log storage
ANSWER: A

Which method is used to detect anomalies in network traffic?


A. Intrusion Detection System (IDS)
B. USB forensic analysis
C. Memory carving
D. Password cracking
ANSWER: A

Which type of analysis helps in reconstructing an attack timeline in network


forensics?
A. Event correlation
B. File hashing
C. Physical disk imaging
D. RAM analysis
ANSWER: A

Which tool is commonly used for examining firewall logs in forensic investigations?
A. Splunk
B. VeraCrypt
C. Nmap
D. GIMP
ANSWER: A

Which forensic approach is used to identify compromised devices on a network?


A. Network traffic analysis
B. USB forensics
C. Hard drive imaging
D. File carving
ANSWER: A

Which of the following is a common indicator of malware activity in a network?


A. Unusual outbound traffic
B. Increased system uptime
C. Low CPU usage
D. Frequent user logouts
ANSWER: A

What is the purpose of analyzing DNS logs in network forensics?


A. To identify malicious domain requests
B. To change the MAC address
C. To disable network encryption
D. To remove user credentials
ANSWER: A

Which network forensic technique is used to analyze past network activity?


A. Log file examination
B. Real-time packet capture
C. Network latency testing
D. Disk wiping
ANSWER: A

Which type of attack can be detected through network log correlation?


A. Man-in-the-Middle attack
B. USB injection attack
C. BIOS firmware attack
D. Physical tampering attack
ANSWER: A

Which forensic artifact can indicate an exfiltration attempt?


A. Large outbound data transfers
B. Frequent software updates
C. Decreased network bandwidth usage
D. Increased print queue logs
ANSWER: A

Which forensic method is used to examine a suspect’s browsing history on a network?


A. Proxy log analysis
B. File system examination
C. Physical memory dump
D. Hash verification
ANSWER: A

Which of the following helps in detecting lateral movement in a compromised


network?
A. Network session analysis
B. Disk imaging
C. Steganography detection
D. USB activity monitoring
ANSWER: A

You might also like