Packy Quizzes For Test 1
Which of the following statements BEST describes why a network investigator may use the Wireshark filter for DNS Transaction IDs (TXID) in packet analysis?
The DNS Transaction ID filter will allow an investigator to examine both the request to a DNS server and the response packets to a network client of the DNS transaction.
The essential IPv6 routing information required for forward and route packets is stored in ____
The IPv6 Fixed Header
The Linux operating system is based on which of the following proprietary operating systems?
UNIX
An open source Linux distribution designed to support web sites focusing on usability and prioritizing modern features over stability and security.
Ubuntu
All of the following statements BEST provides protection from intruders intercepting or modifying zone transfer data.
Use Public key encryption.
The goal is to get the most reliable MAC address evidence. Which of the following sources are MOST reliable?
Use a packet sniffer.
Which of the following statements is an effective way to secure DNS servers:
Use firewalls to control access protected DNS servers
All of the following statements describes the concepts or uses of network flow analysis, except
Uses Deep packet inspection (DPI) technologies to inspect the content of the packet data to extract metadata such as application or website names.
All of the following statements concerning the capture of live network forensic evidence are TRUE, except:
Using Flow analysis will reduce the amount of storage resources and requirements to collect network forensic data.
A community-based, tested, free Linux distribution focused on quick releases of new features and functionality, with no technical support but versions are rarely backward compatible for more than 2 years.
Fedora
All of the following will provide sources of network DNS forensic evidence, except
Firewall logs
Which of the following statements BEST describes the difference between Open Source software and Free Software?
Free Source software may be downloaded from web sites like SourceForge, BitBucket, Github, and Tigris; whereas, Open Source software may be downloaded from Google Play or the Apple Store
The type of license which ensures that the source code of the program is freely available, yet allows the original author of the source code to have some control over changes made to the source code is called
GNU public license
Which of the following statements BEST describe the use of ARP in IPv6?
ICMPv6 Neighbor Discovery Protocol replaced ARP
Which of the following statements BEST describes the concept of Dynamic ARP Inspection (DAI)?
May dynamically learn MAC-to-IP Bindings, but limits the number of MAC address assigned to a port based on its history of use on the MAC address discovered.
Which of the following statements BEST compares the security benefits of network address translation to firewalls?
NAT offers more security for private client identification.
You are using Network Address Translation (NAT). You have implemented IPSec for all Internet-bound traffic. However, Internet access is no longer possible. What is the likely cause of the problem?
Network Address Translation (NAT) does not work with IPsec.
Given the following domain name kali182.infs4180.rmu.edu. Which of the following best represents the concept of a DNS root server?
None of the above.
Layer 2 switches store MAC addresses in a system memory MAC address table. Another name for the MAC address tables is called
a CAM table
To limit the type of network traffic packets captured or displayed, a network forensic analyst would use?
a filter
To store captured network traffic packets, a network forensic analyst would use?
a pcap file
Given the following domain name kali182.infs4180.rmu.edu. Which of the following best represents the concept of a top-level DNS server?
edu
A disadvantage of Network Address Translation is __________IP traceability will be limited.
end-to-end
Switches forward:
frames
Which of the following concepts describes a TCP/IP transmission from one node addressed specifically to another node?
unicast
A commercial, security-emphasized enterprise Linux distribution designed to execute on an IBM z13 mainframe which requires annual tiered-license fees and is backward stability to10 years or more.
zLinux
The ____ meta-character can also be used to refer to the current user's home directory.
~
You execute the Linux command pwd and you see the /home/xyz displayed. Which of the following statements BEST describes the function of /home/xyz directory?
/home/xyz is the current directory
How many bits are in an IPv6 address?
128-bits
How many bits are in an IPv4 address?
32-bits
Which of the following statements BEST describes the concept of DNS Zone?
A boundary of authority and database storage for domain name space.
Which of the following statements BEST describes the concept of ARP?
A communication protocol that that maps (assigns) a MAC address to a specific IP address (MAC-to-IP Binding) and stores this information and transmits this information to other computers, network devices and servers.
Which of the following statements BEST describes the concept of ARP Flooding Poisoning?
A denial of service attack that links multiple IP addresses with a single target's MAC address. As a result, traffic that is intended for many different IP addresses will be redirected to the target's MAC address, overloading the target with traffic.
Which of the following statements BEST describes a SPAN port?
A network management port typically available on most switches, which are used to analyze Ethernet frames and switch traffic.
Which of the following statements BEST describes the concept of Secondary DNS Server?
A portion of the DNS namespace that store DNS information in a database that contain which cannot be edited or modified, and represents the authoritative source of a DNS information.
Which of the following statements BEST describes the concept of Primary DNS Server?
A portion of the DNS namespace that stores DNS information database that may be edited or updated, and represents the authoritative source of a DNS information.
Which of the following statements BEST describes a Virtual Private Network?
A private network security design that transmits private IP network address across a public network
Which of the following statements BEST describes the concept of DNS resolution?
A process of converting a domain name into an IP address.
Which of the following statements BEST describes DNS hijacking and rouge DNS servers?
A rogue DNS server translates domain names of desirable websites (search engines, banks, brokers, etc.) into IP addresses of sites with unintended content, even malicious websites.
Which of the following is an example of a valid MAC address?
AE:09:33:00:23:B5
How can you easily distinguish between an IPv4 and IPv6 address?
All of the above
Which of the following statements BEST describes a CAM table?
An area of memory in a switch or router which store MAC addresses which are used to connect a source device to a destination device.
Which of the following statements BEST describes the concept of ARP Poisoning?
An attack that sends falsified ARP (Address Resolution Protocol) messages over a local area network by linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.
Which of the following statements BEST describes the concept of a magic number in the context of forensic evidence.
An invisible number embedded at or near the beginning of a file that indicates the type of file, or file format it is).
How does IPv6 provide faster routing and forwarding?
By moving all routing information to the beginning of the header
All of the following statements concerning a Magic Number are true, except
Can be viewed and edited by Wireshark or tcpdump, tshark and Wireshark
All of the following statements describes Private Networks, except
Cannot rely on private addresses for packet or log analysis, hence MAC address analysis must be used
Most operating authentication logs will record the MAC address of the network device to logon. Since a MAC address may be spoofed, which of the following sources of network forensic evidence can provide the BEST correlation evidence?
DHCP log
Which best describes the use of DHCP services?
DHCP reduces the possibility for duplicate addresses.
All of the following are true concerning preparing baselining DNS evidence for security and network forensic analysis, EXCEPT.
DNS baseline evidence may be used to prevent DNS or IP spoofing
Ubuntu Linux is based on which of the following open source, more stable Linux operating systems
Debian
All of the following are advantages of open source software, EXCEPT
Developed by individuals, not by companies.
Which of the following statements BEST describes the function of the Linux uname -a command?
Displays the file name and version of the Linux Kernel
Which of the following statements BEST describes the function of the Linux who command?
Displays the lists of user names currently logon
Which of the following statements BEST describes the function of the Linux whoami command?
Displays the name of the current logon user
Which of the following statements BEST describes the concept of "promiscuous mode" in use the network capture packet tools?
Enables the capturing network device to capture all network packet traffic on a network segment.
What network security protocol is built into IPv6 by default?
IPsec
What security protocol does IPv6 use for security?
IPsec
Which of the following statements is NOT an advantage of IPv6 as compared to IPv4 protocols?
IPv6 can provide protection against DNS flooding, hijacking and tunneling attacks
Which of the following is NOT an advantage associated with IPv6 as opposed to IPv4:
Improved Broadcasts
All of the following are disadvantages of open source software, EXCEPT
Inability to customize or modify the original application code.
Which of the following statements BEST describes why companies, such as, IBM, Redhat Oracle, Adobe, Docker, or Intel, will benefit from sponsoring open-source projects?
Internal open source software development may enjoy the benefits of open-source community collaboration and acceptance, as new more advanced proprietary versions are developed
What is a drawback of using Anycast?
It's possible for a server to partially fail while still showing as "available" on the network
An open source Linux distribution designed to support Penetration Testing and Security.
Kali
An open source, security-emphasized enterprise grade Linux distribution designed to execute on an IBM z13 mainframe
LinuxOne
Which of the following statements BEST describes the concept of MAC locking?
Manually limits the MAC addresses which may use a switch port
What is the first phase in an open source project?
Person identifies a need and begins writing a program
Concerning Private IP addresses which of the following statements is false?
Private IP addresses are not routable on either a private or public internet
A client computer may be provided a DNS IP address to resolve DNA queries by manual of DHCP configuration. Anycast DNS permits any one of a number of DNS servers can respond to DNS queries, and typically the one that is geographically closest will provide the response. Anycast DNS may reduce latency and improve uptime for the DNS resolving services. An additional security benefit of anycasting a secondary DNS services is:
Provides protection from DNS Denial-of-service attacks.
A security administrator decides to set the local Windows or Linux client to not search the local hosts files or to require DNS queries to be first directed to configured primary or secondary DNS addresses. Which of the following statements BEST describes the security benefits of this DNS security strategy?
Provides protection from DNS hijacking attacks
A security administrator decides to limit zone transfers for specific IP addresses. Which of the following statements BEST describes the security benefits of this DNS security strategy?
Provides protection from intercepting or modifying zone transfer data.
A commercial, security-emphasized enterprise grade Linux distribution and runs on most hardware platforms, which requires annual tiered-license fees and is backward stability to10 years or more.
Redhat RHEL
A commercial, security-emphasized, administrator-friendly enterprise Linux distribution designed to execute on any hardware platform designed to support Open Stack Cloud services
SUSE
Assume that a network investigator is concerned that a rouge DNS server may have been installed in its local network. Which of the following statements BEST describes how a network investigator would use Wireshark capture and analyze DNS network traffic?
Set the Wireshark capture or display filter to "port 53"
Which of the following statements BEST describes why the analysis of CAM tables are important sources for network forensic evidence.
Since a CAM table maps stores source and destination MAC one can trace connections to specific network jack or MAC address
Which of the following statements BEST describes the concept of "open source"?
Source code is free to users
A TCP session assigns a 32-bit sequence number to each packet. Which of the following statements BEST describes the reason the TCP sequence number important to Wireshark and forensic evidence analysis.
The TCP sequence number is used to analyze flows.
Which of the following statements BEST describes the concept of DNS Zone Transfer?
The process of coping DNS database between name servers
All of the following statements describes an appropriate uses of gathering network forensic evidence, except
To document malicious authentication attempts to access operating systems.
Which is the BEST reason why a domain name, such as facebook.com, may have multiple DNS A records?
To enable multiple DNS servers to resolve the facebook.com domain name.
Which of the following statements BEST describes the primary function of the DNS network protocol?
Translates a domain name into an IP address
Examples of logical TCP conversations, flows and streams, include all of the following, except
Video streaming
Which of the following statements BEST describes the differences between Wireshark and Snort?
Wireshark can capture network traffic; whereas, snort is an intrusion detection system which can issue alerts and specify actions for malicious network traffic.
Which of the following statements BEST describes the differences between Wireshark and nmap?
Wireshark can capture network traffic; whereas, snort is an intrusion detection system which can issue alerts and specify actions for malicious network traffic.
Which of the following statements BEST describes the differences between Wireshark and Tshark?
Wireshark is a GUI network protocol analyzer; whereas, Tshark is a command-line network protocol analyzer.
Which of the following are reasons for using NAT?
both a and c
Which of the following concepts describes a TCP/IP transmission from one node that is intended for transmission to all other nodes on the network?
broadcast
All of the following statements concerning a Windows MAC address are True, except
by running IFCONFIG /ALL utility at the command prompt
A special type of file that that Linux uses to store and organize files is called
directory
Which Linux concept BEST describes the Fedora, Kali, Red Hat Enterprise, IBM LINUXONE, Ubuntu and SuSE?
distribution
Which Linux concept BEST describes the combination of a Linux operating system kernel, middleware, administrative utilities, desktops, and compilers?
distribution
The main reason why IPv6 was introduced was to
increase in the number of IP addresses
Which Linux command provided the following output?[rmui001@eptg155 ~]$ ????????????. assign3 .bash_profile fstab .kde .xemacs.. assign4 .bashrc fstab_copy myimages zorroassign1 .bash_history .canna .gtkrc resumes .zshrcassign2 .bash_logout .emacs infs3236 thingstodo
ls
Which of the following concepts describes a TCP/IP transmission from one node that addressed to a special group address? Devices that are interested in this group register to receive packets addressed to the group.
multicast
Which of the following would most likely be used in several users engaged in a video or other shared conference, e.g. GoTo Meeting, using TCP/IP?
multicast
Libcap or WinPcap is a collection of network tools that are used to capture network packets by many network tools. All of the following network tools use the libpcap library, except
nmap
The ____ command will confirm the directory that you are currently in on the system.
pwd
Which Linux command provided the following output?[rmui001@eptg155 ~]$ ???????????? /var/www/html
pwd
Which of the following devices depends on MAC addresses to forward packets?
switches
The type of directory that Linux assumes that you want to store or access files, or to be affected by file commands, e.g., ls, mkdir, and rm, is called
the current directory