Digital forensics chapter 10

The Honeynet Project was developed to make information widely available in an attempt to thwart Internet and network attackers. True False

True

The capability of type 1 hypervisors is limited only by the amount of available RAM, storage, and throughput. True False

True

The SANS Investigative Forensics Toolkit (SIFT) appliance can currently only be installed on what version of Ubuntu? a. 12.04 b. 13.11 c. 14.04 d. 14.11

a. 12.04

Select below the option that is not a common type 1 hypervisor: a. VM vSphere b. Microsoft Hyper-V c. Citrix XenServer d. Oracle VirtualBox

a. VMware vSphere

What Windows Registry key contains associations for file extensions? a. hkey_classes_root b. hkey_users c. hkey_local_machine d. hkey_current_config

a. hkey_classes_root

What file type below, associated with VMWare, stores VM paging files that are used as RAM for a virtual machine? a. .nvram b. .vmem c. .vmpage d. .vmx

b. .vmem

The __________ is the version of Pcap available for Linux based operating systems. a. Wincap b. Libpcap c. Tcpcap d. Netcap

b. Libpcap

In VirtualBox, _________ different types of virtual network adapters are possible, such as AMD and Intel Pro adapters. a. 2 b. 4 c. 6 d. 8

c. 6

In Windows, what PowerShell cmdlet can be used in conjunction with Get-VM to display a virtual machine's network adapters? a. Show-NetworkAdapters b. Query-ipconfig c. Get-VMNetworkAdapter d. Dump-Netconfig

c. Get-VMNetworkAdapter

What utility is best suited to examine e-mail headers or chat logs, or network communication between worms and viruses? a. tcpdump b. argus c. Ngrep d. Tcpsplice

c. Ngrep

What processor instruction set is required in order to utilize virtualization software? a. AMD-VT b. Intel VirtualBit c. Virtual Machine Extension (VMX) d. Virtual Hardware Extensions (VHX)

c. Virtual Machine Extensions (VMX)

Select the file below that is used in VirtualBox to create a virtual machine: a. .vdi b. .vbox c. .r0 d. .ova

d. .ova

The NSA's defense in depth (DiD) strategy contains three modes of protection. Which option below is not one of the three modes? a. People b. Technology c. Operations d. Management

d. Management

The Sysinternals Handle utility shows only file systems activity, but does not show what processes are using files on the file system. True False

False

Type 2 hypervisors are typically loaded on servers or workstations with a lot of RAM and storage. True False

False