Overview

Question 1

What is Encapsulation

Answer 1

Encapsulation refers to the process of protocol information being added to data as it moves through each layer of the OSI Model.

This is done in the form of a header

Question 1

What is a Firewall

Answer 1

A firewall is a security device that can be applied to a network.

Generally this is placed at the perimeter of the network and is used to filter inbound and outbound traffic by using a set of predefined rules.

Question 2

What is Spoofing

Answer 2

When a device pretends to be another device on a network.

This can be done through actions such as an attacker spoofing an IP or MAC address

Question 3

What is ACPO

Answer 3

Association of Chief of Police Officers

Created a set of guidelines for forensic investigators to ensure that they are being compliant and following a forensically sound process.

Question 4

What is De-Capsulation

Answer 4

De-capsulation process removes this information once the data is received at the corresponding layer on the destination computer.

Question 5

What is a Proxy

Answer 5

Device that can be added to the perimeter of a network which handles requests from clients, disguising the address/identity of the client on the internal network.

Question 6

What is a DDOS Attack

Answer 6

Distributed Denial of Service attack is an attack where a large amount of packets are sent to a single device where the intention is to render the device inoperable.

Question 7

What is the Digital Forensics Process

Answer 7

Incident Response

Managing Digital Evidence

Preparing Forensic Documentation

Question 8

What is a Switch

Answer 8

A networking device that is used in a Local Area Network to direct internal traffic.

Traditionally works at layer 2.

Helps to break up collision domains

Utilises physical (MAC) addresses in order to direct and forward traffic

Question 9

What is Authentication

Answer 9

Ensuring that an individual or device is in fact who they claim to be

Question 10

What is the Ethical Hacking Methodology

Answer 10

Reconnaissance

Scanning

Gaining Access

Maintaining Access

Covering Tracks

Question 11

What is the Incident Response

Answer 11

Including Securing the Crime Scene

Identifying Evidence

Question 12

What is a Router

Answer 12

A layer 3 device that carries out path determination and packet forwarding of network packets.

Traffic can not move to an external network without passing through a router first.

Uses IP addressing in order to direct traffic

Question 13

What is Biometrics

Answer 13

A method of identifying a user due to a physical characteristic that they have:

Fingerprint
Iris
Face
Voice

Question 14

What is Social Engineering

Answer 14

A technique used by attackers to trick users into giving out information that can assist in an attack on a system.

Question 15

What is Managing Digital Evidence

Answer 15

Acquiring Digital Evidence
Chain of Custody
Processing Evidence
Analysing Evidence

Question 16

What is the OSI Model

Answer 16

Application
Presentation
Session
Transport
Network
Data-Link
Physical

Question 17

What is Encryption

Answer 17

The process of changing data from plain text to cypher text so as unauthorised individuals cannot read the data.

Question 18

What is Reconnaissance

Answer 18

Consists of gathering information relating to the target system.

Can be done passively or actively.

Question 19

What is Preparing Forensic Documentation

Answer 19

A report documenting all actions, findings and justifications

Contemporaneous notes, as well as documentation regarding the chain of custody.

Question 20

What is Simplex

Answer 20

Refers to one way communication

Question 21

What is the CIA Triad

Answer 21

Confidentiality: Data is only accessible to those who have permission to access it

Integrity: Data should remain intact and not be manipulated

Availability: Data should be secure, but should also be available to those who have permission to access it whenever required

Question 22

What is Scanning

Answer 22

Involves an attacker scanning a system for live hosts, open ports and vulnerabilities in order to assist in the exploitation of a target

Question 23

What is Evidence Integrity

Answer 23

Important that the integrity of evidence remains intact, as well as proof of this being presented throughout an investigation.

This is to demonstrate that evidence is admissible in a court of law

Question 24

What is Full-Duplex

Answer 24

Refers to communication that is bi-directional. Furthermore, it can travel in both directions at the same time.

Question 25

What is AAA

Answer 25

Authentication: Ensuring that a person or device is who they claim to be. Authorization: Identifying that the authenticated person has permission to access the data that they request. Accounting: Ensures that a log of the actions carried out by an authenticated user is created.

Question 26

What is Gaining Access

Answer 26

This is the phase where a hacker will exploit a vulnerability that is found in the system.

Question 27

What is Forensic Soundness

Answer 27

A forensically sound investigation, ensures that it has been carried out in a scientific, repeatable and verifiable manner.

Question 28

What are IP Address

Answer 28

An IP (Internet Protocol) address is an address that is used across IP networks so that the location of a destination device is identifiable. Each IP address is made up of 2 portions, a host portion and a network portion. IPv4 is currently the dominant IP version that is used and is a 32 bit address.

Question 29

What is Symmetric Encryption

Answer 29

Symmetric encryption uses a single private key in order to encrypt and decrypt data. Both the sender and recipient must have access to the private key

Question 30

What is Covering Tracks

Answer 30

It is necessary for them to attempt to cover their tracks to ensure that the attack goes undetected. This can include actions such as deleting logs

Question 31

What is Contemporaneous Notes

Answer 31

Notes that are taken at the time so that the information is recorded as soon as possible and is as accurate as possible

Question 32

What is Half Duplex

Answer 32

Half-Duplex refers to communication that is bi-directional, however, traffic can only move in one direction at any onetime. An example of this is Walkie-Talkie

Question 33

What is Asymmetric Encryption

Answer 33

Asymmetric encryption utilises 2 keys , a private and a public key to encrypt and decrypt data

Question 34

What is Maintaining Access

Answer 34

Attacker attempts to remain persistent in the target system. Actions carried out to achieve this can include escalating privileges to an administrative user

Question 35

What is Continuity of Evidence

Answer 35

Refers to ensuring that the collection and actions carried out in regard to evidence is recorded. It also ensures that any person that is in contact with the evidence is also recorded as well as the physical location of the evidence.

Question 36

What is the Broadcast Address

Answer 36

The last address within an addressing scheme is reserved as the broadcast address. This address cannot be given to a host on the network, and any traffic that is sent to it will be received by all devices on the network.

Question 37

What is a Public Key

Answer 37

During the encryption/decryption process, a public key is a key that can be known by anybody

Question 38

What is Phishing

Answer 38

Attacker attempts to trick a user into surrendering confidential information by sending an email or link that appears to be from a legitimate source.

Question 39

What is Non – Volatile Data

Answer 39

Non-Volatile data refers to persistent data. This is data that is not lost when power to the system is removed. Common sources of non-volatile data include data stored on a HDD or USB

Question 40

What is a Network Address

Answer 40

The first address in the addressing scheme on an IP network is reserved as the network address. This address cannot be given to individual hosts on the network. It is the address that layer 3 devices such as routers use in order to identify the location of a network.

Question 41

What is a Private Key

Answer 41

During the encryption/decryption process, a private key is known only to the recipient and is used to decrypt data

Question 42

What is Whaling

Answer 42

An attack similar to phishing, although it targets individuals in an organisations that are in a senior position.

Question 43

What is Volatile Data

Answer 43

Volatile data refers to data that is lost once power has been removed from a computer system. An example of volatile data, is data that is stored in RAM. This data should be collected first during a forensic investigation.

Question 44

What is a Subnet Mask

Answer 44

A subnet mask is a mask that accompanies an IP address. It is split into 2 portions, the host portion and network portion and allows us to identify how many bits in an IP address belong to each.

Question 45

What is a Cyber Security Policies

Answer 45

It is important for an organisation to ensure that they have a number of policies in place when storing data . Some of these policies include: Cyber Security Policy Access Control Policy Disaster Recovery Policy Incident Response Policy

Question 46

What is a Worm

Answer 46

A form of malware that can spread or “worm” itself through a computer system without any interaction from the user or any other application.

Question 47

What is Live Forensics

Answer 47

Live Forensics is the term that is given when a investigation is taking place within a live system.

Question 48

What is a VLAN

Answer 48

Virtual Local Area Network. A way in which a network can be segregated by configuring VLANS within a LAN, from a device such as a switch. Reduces the broadcast domain of the network, allowing for greater network efficiency, increased security, and easier network management. Each VLAN is treated as a separate network, therefor in order for there to be inter-VLAN communication, a layer 3 device must be used.

Question 49

What is the ICO

Answer 49

Information Commissioners Office It is the responsibility of the ICO to uphold information rights. In the event of a data breach, an organisation has up to 72 hours to report this to the ICO

Question 50

What is a Virus

Answer 50

A type of malware can self replicate in the same way that a human virus can, in order to infect a system.

Question 51

What is CIDR

Answer 51

Classless Inter Domain Routing Replacement for the originally used Classful IP addressing system. Removes the restrictions presented from the Classful system, by allowing the number of networks and hosts to be chosen by an administrator.