Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 9: Internet and Network Forensics and Intrusion Detection

Full screen (f)
exit full mode
Question
What is designed to collect data straight from the network media?

A)Packet analyzers
B)Packet sniffers
C)Packet sifters
D)Packet lifters
Use Space or
up arrow
down arrow
to flip the card.
Question
Which of the following is considered the BEST answer in defining DHCP?

A)They dynamically assign IP addresses.
B)They dynamically assign IP addresses to servers.
C)They dynamically assign IP addresses to computers.
D)They dynamically assign IP addresses to computers on a network.
Question
Which of the following is NOT a component of an NFAT system?

A)Agents
B)Server
C)Logs
D)Examiner computer
Question
NFAT tools discussed in this chapter include all of the following features EXCEPT

A)Real-time network data capture
B)Command-line interface
C)Content analysis
D)Reporting
Question
Which type of firewall acts as a mediator between internal hosts and external connections such as the Internet?

A)Network layer firewall
B)Application layer firewall
C)Proxy firewall
D)Internet firewall
Question
What is considered as the first attempt to address the increasing number of attacks on networks?

A)MIDs
B)GUIDs
C)NATs
D)IDSs
Question
?What is considered as the primary problem associated with enterprise-level IDS tools?

A)The slowing of the network
B)The complexity of the program
C)The amount of data collected
D)The cost
Question
What is considered to be the first line of defense for networks?

A)IDSs
B)Firewalls
C)Routers
D)Switches
Question
The ________ is a major source of forensic data in both the stand-alone and network forensic fields.
Question
NFAT systems generally require large amounts of storage space,such as a(n)________ system.
Question
An IDS is considered by most system administrators to be a(n)________ security system.
Question
A(n)________ is the standard operation procedures of the network when it is running normally.
Question
Which of the following data-capture methods uses a filtering system approach?

A)Stop,look,and listen
B)Catch it as you can
C)Filter as you scan
D)Detect and filter
Question
The newest NFAT systems are a combination of

A)IDS and application software
B)IDS and forensic software
C)Agents and application software
D)DHCP servers and IDSs
Question
What device holds two network interface cards and records all data passing through it?

A)WAP
B)TAP
C)SPAN
D)Host inline device
Question
The NFAT software usually contains a query language such as

A)IMS
B)IIS
C)SQL
D)PHP
Question
Identifying situations such as regular spikes in late-night traffic is an example of

A)Pattern analysis
B)Content analysis
C)Playback analysis
D)Timeline sequencing analysis
Question
________ have the capability to map internal IP addresses in such a way that they appear to be part of another network.
Question
Using an NFAT system,an event or security breach can be

A)Detected
B)Monitored
C)Traced in real-time
D)All are correct
Question
Determining the date and time of an event can be a problem with multiple devices on a network because

A)Only certain devices record dates and times
B)Device clocks tend to drift slightly
C)It can be a challenge to locate where the date and time are recorded
D)Time stamps cannot be used for network devices
Question
________ transmit and receive data via radio frequency in the open.
Question
________ Software allows you to forensically search for data on your entire network using nothing more than keywords or phrases.
Question
Software clients called ________ installed on network devices are designed to collect information from the host.
Question
________ analysis is also known as deep packet inspection.
Question
NFAT software can be configured to accept input from almost any device that generates a(n)________ file.
Question
A(n)________ repeats all data received on any port to the remaining ports;it is gradually being replaced by switches and SPAN systems.
Question
The generation of logs on devices such as routers,proxies,and firewalls should always be set to the ________ at which your network can operate.
Question
The feature of modern switches called ________ duplicates the information going into a port to the SPAN port.
Question
A problem that can occur with IDS alerts is ________,when an IDS mistakenly flags an innocent file as being suspicious.
Question
_______ Software has taken steps to preserve the integrity of the data collected from the agents via encryption both from agent to server and from the examiner's station to server.
Question
Match between columns
Premises:
Responses:
Agents
Where the analysis is performed
Agents
Contains a large database
Agents
Modules installed on hosts
Question
Match between columns
Premises:
Responses:
Content
Uses a baseline to detect abnormalities
Content
Uses sophisticated algorithms
Content
Can recreate entire “conversations”
Content
Correlates events in a chronological order
Playback
Uses a baseline to detect abnormalities
Playback
Uses sophisticated algorithms
Playback
Can recreate entire “conversations”
Playback
Correlates events in a chronological order
Pattern
Uses a baseline to detect abnormalities
Pattern
Uses sophisticated algorithms
Pattern
Can recreate entire “conversations”
Pattern
Correlates events in a chronological order
Timeline sequencing
Uses a baseline to detect abnormalities
Timeline sequencing
Uses sophisticated algorithms
Timeline sequencing
Can recreate entire “conversations”
Timeline sequencing
Correlates events in a chronological order
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/32
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 9: Internet and Network Forensics and Intrusion Detection
1
What is designed to collect data straight from the network media?

A)Packet analyzers
B)Packet sniffers
C)Packet sifters
D)Packet lifters
B
2
Which of the following is considered the BEST answer in defining DHCP?

A)They dynamically assign IP addresses.
B)They dynamically assign IP addresses to servers.
C)They dynamically assign IP addresses to computers.
D)They dynamically assign IP addresses to computers on a network.
D
3
Which of the following is NOT a component of an NFAT system?

A)Agents
B)Server
C)Logs
D)Examiner computer
C
4
NFAT tools discussed in this chapter include all of the following features EXCEPT

A)Real-time network data capture
B)Command-line interface
C)Content analysis
D)Reporting
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
5
Which type of firewall acts as a mediator between internal hosts and external connections such as the Internet?

A)Network layer firewall
B)Application layer firewall
C)Proxy firewall
D)Internet firewall
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
6
What is considered as the first attempt to address the increasing number of attacks on networks?

A)MIDs
B)GUIDs
C)NATs
D)IDSs
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
7
?What is considered as the primary problem associated with enterprise-level IDS tools?

A)The slowing of the network
B)The complexity of the program
C)The amount of data collected
D)The cost
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
8
What is considered to be the first line of defense for networks?

A)IDSs
B)Firewalls
C)Routers
D)Switches
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
9
The ________ is a major source of forensic data in both the stand-alone and network forensic fields.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
10
NFAT systems generally require large amounts of storage space,such as a(n)________ system.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
11
An IDS is considered by most system administrators to be a(n)________ security system.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
12
A(n)________ is the standard operation procedures of the network when it is running normally.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following data-capture methods uses a filtering system approach?

A)Stop,look,and listen
B)Catch it as you can
C)Filter as you scan
D)Detect and filter
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
14
The newest NFAT systems are a combination of

A)IDS and application software
B)IDS and forensic software
C)Agents and application software
D)DHCP servers and IDSs
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
15
What device holds two network interface cards and records all data passing through it?

A)WAP
B)TAP
C)SPAN
D)Host inline device
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
16
The NFAT software usually contains a query language such as

A)IMS
B)IIS
C)SQL
D)PHP
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
17
Identifying situations such as regular spikes in late-night traffic is an example of

A)Pattern analysis
B)Content analysis
C)Playback analysis
D)Timeline sequencing analysis
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
18
________ have the capability to map internal IP addresses in such a way that they appear to be part of another network.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
19
Using an NFAT system,an event or security breach can be

A)Detected
B)Monitored
C)Traced in real-time
D)All are correct
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
20
Determining the date and time of an event can be a problem with multiple devices on a network because

A)Only certain devices record dates and times
B)Device clocks tend to drift slightly
C)It can be a challenge to locate where the date and time are recorded
D)Time stamps cannot be used for network devices
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
21
________ transmit and receive data via radio frequency in the open.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
22
________ Software allows you to forensically search for data on your entire network using nothing more than keywords or phrases.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
23
Software clients called ________ installed on network devices are designed to collect information from the host.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
24
________ analysis is also known as deep packet inspection.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
25
NFAT software can be configured to accept input from almost any device that generates a(n)________ file.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
26
A(n)________ repeats all data received on any port to the remaining ports;it is gradually being replaced by switches and SPAN systems.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
27
The generation of logs on devices such as routers,proxies,and firewalls should always be set to the ________ at which your network can operate.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
28
The feature of modern switches called ________ duplicates the information going into a port to the SPAN port.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
29
A problem that can occur with IDS alerts is ________,when an IDS mistakenly flags an innocent file as being suspicious.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
30
_______ Software has taken steps to preserve the integrity of the data collected from the agents via encryption both from agent to server and from the examiner's station to server.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
31
Match between columns
Premises:
Responses:
Agents
Where the analysis is performed
Agents
Contains a large database
Agents
Modules installed on hosts
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
32
Match between columns
Premises:
Responses:
Content
Uses a baseline to detect abnormalities
Content
Uses sophisticated algorithms
Content
Can recreate entire “conversations”
Content
Correlates events in a chronological order
Playback
Uses a baseline to detect abnormalities
Playback
Uses sophisticated algorithms
Playback
Can recreate entire “conversations”
Playback
Correlates events in a chronological order
Pattern
Uses a baseline to detect abnormalities
Pattern
Uses sophisticated algorithms
Pattern
Can recreate entire “conversations”
Pattern
Correlates events in a chronological order
Timeline sequencing
Uses a baseline to detect abnormalities
Timeline sequencing
Uses sophisticated algorithms
Timeline sequencing
Can recreate entire “conversations”
Timeline sequencing
Correlates events in a chronological order
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree