{ "@context": "https://schema.org", "@type": "Organization", "name": "Brainscape", "url": "https://www.brainscape.com/", "logo": "https://www.brainscape.com/pks/images/cms/public-views/shared/Brainscape-logo-c4e172b280b4616f7fda.svg", "sameAs": [ "https://www.facebook.com/Brainscape", "https://x.com/brainscape", "https://www.linkedin.com/company/brainscape", "https://www.instagram.com/brainscape/", "https://www.tiktok.com/@brainscapeu", "https://www.pinterest.com/brainscape/", "https://www.youtube.com/@BrainscapeNY" ], "contactPoint": { "@type": "ContactPoint", "telephone": "(929) 334-4005", "contactType": "customer service", "availableLanguage": ["English"] }, "founder": { "@type": "Person", "name": "Andrew Cohen" }, "description": "Brainscape’s spaced repetition system is proven to DOUBLE learning results! Find, make, and study flashcards online or in our mobile app. Serious learners only.", "address": { "@type": "PostalAddress", "streetAddress": "159 W 25th St, Ste 517", "addressLocality": "New York", "addressRegion": "NY", "postalCode": "10001", "addressCountry": "USA" } }

Network Forensics Flashcards

(12 cards)

1
Q

What is a Switched Port Analyzer (SPAN) ?

A

Allows for the copying of ingress and/or egress communications from one or more switch ports to another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Packet Sniffer ?

A

A piece of hardware or software that records data from frames as they pass over network media using methods such as a mirrored port or tap device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Complete the sentence:

A network sniffer should be placed inside / outside a firewall or close to an important server

A

inside

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is tcpdump ?

A

A data-network packet analyzer computer program that runs under a command line interface.
It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Wireshark?

A

A free and open-source GUI-based packet analyzer that is used for network troubleshooting, analysis, software and communications protocol development, and education

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Full Packet Capture (FPC) ?

A

Captures the entire packet including the header and the payload for all traffic entering and leaving a network- entering and leaving - a lot of data!

Flow analysis tools provides network traffic statistics sampled by a collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Flow Collector ?

A

A means of recording metadata and statistics about network traffic rather than recording each frame

Flow analysis tools provides network traffic statistics sampled by a collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is NetFlow ?

A

A Cisco-developed means of reporting network flow information to structured database
Gathers:
● Network protocol interface
● Version and type of IP
● Source and destination IP
● Source and destination port
● IPs type of service
● NetFlow provides metadata while packet captures provide a complete record of what occurred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Zeek (Bro) ?

A

a hybrid tool that passively monitors a network like a sniffer and only logs data of potential interest.
Zeek performs normalization on the data.
stores data as tab-delimited or Java Script Object. Notation (JSON) formatted text files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Multi Router Traffic Grapher (MRTG) ?

A

Is a tool used to create graphs showing traffic flows through the network interfaces of routers and
switches by polling the appliances using the Simple Network Management Protocol (SNMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Known-bad IP Addresses ?

A

An IP address or range of addresses that appears on one or more blacklists.
Reputation-based risk intelligence is used to create IP/URL block lists
Attackers now use domain generation algorithms to overcome block lists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Domain Generation Algorithm (DGA) ?

A

A method used by malware to evade block lists by dynamically generating domain names for C2 networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly