Virtual Machine Forensics, Live Acquisitions, and Network Forensics

Question 1

Type 2 hypervisors cannot be used on laptops

Answer 1

False

Question 2

Which tool lists all open network sockets, including those hidden by rootkits?

Answer 2

Memoryze

Question 3

Network logs record traffic in and out of a network

Answer 3

True

Question 4

Virtual machines (VMs) help offset hardware costs for companies

Answer 4

True

Question 5

When intruders break into a network, they rarely leave a trail behind

Answer 5

False

Question 6

In network forensics, you have to restore the drive to see how malware that attackers have installed on the system works

Answer 6

True

Question 7

Which project was developed to make information widely available in an attempt to thwart Internet and network hackers?

Answer 7

Honeynet

Question 8

Which product responded to the need for security and performance by producing different CPU designs?

Answer 8

Virtualization Technology (VT)

Question 9

Which type of forensics can help you determine whether a system is truly under attack or a user has inadvertently installed an untested patch or custom program?

Answer 9

Network Forensics

Question 10

Which network protocol analyzer can be programmed to examine TCP headers to find the SYN flag?

Answer 10

Tethereal

Question 11

On which OSI model layers do most packet analyzers operate?

Answer 11

Layers 2 and 3

Question 12

Which network defense strategy, developed by the National Security Agency (NSA), has three modes of protection?

Answer 12

Defense in Depth

Question 13

In which type of attack does the attacker keep asking the server to establish a connection?

Answer 13

SYN flood

Question 14

Before attempting to install a type 2 hypervisor, you need to enable virtualization in the BIOS before attempting to create a VM

Answer 14

True

Question 15

Which format can be read by most packet analyzer tools?

Answer 15

Pcap

Question 16

Which tool was designed as an easy-to-use interface for inspecting and analyzing large tcpdump files?

Answer 16

Netdude

Question 17

Virtual machines are now common for both personal and business use

Answer 17

True

Question 18

What term is used for the machines used in a DDoS attack?

Answer 18

Zombies

Question 19

Which tool is useful for extracting information from large Libpcap files?

Answer 19

Tcpslice

Question 20

What type of software runs virtual machines?

Answer 20

A Hypervisor

Question 21

What determines how long a piece of information lasts on a system?

Answer 21

Order of volatility

Question 22

A honeywall is a computer set up to look like any other machine on your network, but it lures the attack to it

Answer 22

False

Question 23

Type 1 hypervisors are usually the ones you find loaded on a suspect machine

Answer 23

False

Question 24

Which tool allows network traffic to be viewed graphically

Answer 24

Etherape

Question 25

Which type of virtual machine software is typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage?

Answer 25

Type 1

Question 26

A forensic image of a VM includes all snapshots

Answer 26

False

Question 27

To find network adapters, you use ____________ command in Windows and the ____________ command in Linux

Answer 27

ipconfig, ifconfig

Question 28

A layered network defense strategy puts the most valuable data where?

Answer 28

In the innermost layer

Question 29

Packet analyzers examine what layers of the OSI model?

Answer 29

Layer 2 and 3

Question 30

Which of the following file extensions are associated with VMware virtual machines?

Answer 30

.vmx, .log, and .nvram

Question 31

In VirtualBox, a(n) ________ file contains settings for virtual hard drives

Answer 31

.vbox

Question 32

Which Registry key contains associations for file extensions?

Answer 32

HKEY_CLASSES_ROOT

Question 33

The number of VMs that can be supported per host by a type 1 hypervisor is generally determined by the amount of _____________ and ____________.

Answer 33

RAM, storage

Question 34

When do zero day attacks occur?

Answer 34

On the day the application or OS is released, before the vendor is aware of the vulnerability

Question 35

You can expect to find a type 2 hypervisor on what type of device?

Answer 35

Desktop, Smartphone, Tablet

Question 36

Which of the following is a clue that a virtual machine has been installed on a host system?

Answer 36

Virtual network adapter

Question 37

Virtual Machine Extensions (VMX) are part of which of the following?

Answer 37

Intel Virtualized Technology

Question 38

What are the three modes of protection in the DiD strategy?

Answer 38

People, Technology, Operations

Question 39

Tcpslice can be used to retrieve specific timeframes of packet captures

Answer 39

True