Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

DFIR Chapter 14 > DFIR Chapter 14 > Flashcards

DFIR Chapter 14 Flashcards

1
Q

What is called a when the network is monitored and network data is stored for a certain amount of time? This allows Network Forensics to be performed.

A

Retention time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the three main ways that traffic data can be captured?

A
  1. Through packet Captures 2. Logs and 3. NetFlow
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the most efficient method and the most difficult to maintain to capture traffic data?

A

Packet capture is the most efficient method and most difficult to maintain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What form of traffic data can be collected from host and network devices deployed on the network such as firewall and IPS devices?

A

Network Logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is network protocol developed by Cisco, that monitors network traffic and collects IP traffic information?

A

NetFlow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a common tool used for network capture and investigation that is installed by default on most servers and network equipment and can be run via CLI(command Line Interace)?

A

Tcpdump
(it displays TCP/IP and additional packets that are received or transmitted over the network. It can be used for live , on-demand captures or to save network captures as .pcap files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can be used for live, on-demand captures or to save network captures as .pcap files?

A

Tcpdump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What supports several flags for a more focused collection of network data as well as filters for the collected data?

A

Tcp dump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What Tcpdump Flag is for (Interface to listen on)?

A

-i (interface)

[sudo tcpdump -i eth0 -v port 80
-i eth0 - Select eth0 as the interface that the capture is to take place on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What Tcpdump flag is for (Packets to capture)?

A

-c (packets)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What Tcpdump flag is for (Verbose output)?

A

-v (Verbose)

[sudo tcpdump -i eth0 -v port 80
-v - verbose output that increases the amount of detail shown in the
output, often showing more protocol-specific information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What Tcpdump flag is for (Host to filter by source and destination)?

A

host (host)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What Tcpdump flag is for (port to filter by source and destination)?

A

tcp port (port)

sudo tcpdump -i eth0 -v port 80

port 80 - port filter to capture only traffic on port 80 (http).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What Tcpdump flag is for (boolean operators for complex rules)?

A

and/or

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is it possible to create a packet capture when a rule is triggered?

A

Yes, on advanced routers and firewalls.

Packet captures can also be configured to start automatically when an event or chain of events are triggered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What acts as a gateway between you and the internet. It’s an intermediary server separating end users from the websites they browse. It provides varying levels of functionality, security, and privacy depending on your case, needs, or company policy?

A

Proxy Server

DFIR Chapter 14 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions