Network Forensics Exam 2
According to the author, only active acquisition and not live acquisitions will modify network devices.
False
All evdeince stored on network devices are non-volitale and must always be collected while the system is not running.
False
The Secure Shell protocol (SSH) is a common way for network investigators to connect through the console port and gain command-line access to network-based evidence.
False
According to the author evidence lives in many places throughout a network and we may choose to gather evidence from network devices which includes
All of the above
What is the DHCP message when the client to server relinquishing the network address?
DHCPRELEASE
According to the author, both SSH and telnet implements the Secure Copy Protocol (SCP) designed to transfer files between networked systems.
False
According to the author, it is best to connect remotely to a network device rather than connecting directly to the console
False
The HTTP protocol uses ______ to perform operations.
Methods
The author states that HTTP operates according to a _______ and ________ model
Request and Response
By default, HTTP servers operate over the protocol of ___ and port number __.
TCP, 80
Tshark uses wireshark's protocol dissection code and the default output displays
The information produced by PSML
According to the author the HyperText Markup Language was developed by
Tim Berners-Lee
According to the author, the Hypertext Transfer Protocol (HTTP) was originally developed in the early's 1900s by
Tim Berners-Lee
According to the author the first web browser was developed by
Tim Berners-Lees
What is the acronym which the author indicates is a string used to specify the location of a resource?
URI
Wireshark displays packets in three (3) panels and the packet ________ shows packets that have been captured, one per line, with very brief details
list
