Download CNIT 420 Final Exam QUESTIONS WITH COMPLETE 100% VERIFIED SOLUTIONS 2024/2025 and more Exams Computer Networks in PDF only on Docsity! CNIT 420 Final Exam QUESTIONS WITH COMPLETE 100% VERIFIED SOLUTIONS 2024/2025 bitmap images graphics files, collection of dots vector graphics graphics files, based on mathematical instructions metafile graphics graphics files, combination of bitmap and vector, combine raster and vector bitmap images stores graphic information as grids of individual pixels (picture elements) raster images also collections of pixels stored in rows, better for printing resolution image quality, determines amount of detail raw, exif produce digital photos in ? or ? format raw file format referred to as a digital negative, typically found on many higher-end digital cameras, maintains the best picture quality, it's proprietary demosaicing the process of converting raw picture data to another format is referred to as exif format commonly used to store digital pictures, developed as a standard for storing metadata in JPEG and TIF files True T/F: Exif format collects metadata False - they do (BMP doesn't) T/F: Gif and JPEG do not compress their data data compression coding data from a larger to a smaller form lossless and lossy two types of data compression lossless compression reduces file size without removing data (GIF and PNG) False - lossless WinZip, PKZip, StuffIt, and FreeZip are all examples of lossy compression lossy compression permanently discards bits of information (JPEG) vector quantization deetermines what data to discard based on vectors in the graphics file (Utility: LZip) Carving/Salvaging recovering any type of file fragments unique header value Each graphics file has a FF D8 JFIF header value true - this can be done by comparing the hexadecimal values of known graphics file formats with the pattern of the file header you found T/F: If header data is partially overwritten, you must reconstruct the header to make it readable false positives false hits when searching for and recovering digital photograph evidence - Recover more file pieces if needed - Examine the file header (compare with good header sample and manually insert corrected hexadecimal values) - test corrected file Steps to rebuild file header False - there is no one view to do that, having many different viewer programs is best T/F: There is one view that can read every file format insertion and substitution two main forms of steganography insertion HKEY_LOCAL_MACHINE/[person's name] where are hashed passwords stored on Windows machines? /etc/shadow where are hashed passwords stored on Linux machines? brute force Target and Dictionary attacks are examples of ? attacks Hypervisor the software that runs virtual machines Type 1 hypervisor loads on physical hardware and doesn't require a separate OS, typically loaded on servers or workstations with a lot of RAM and storage Type 2 hypervisor rests on top of an existing OS, usually the kind you find loaded on a suspect machine Parallels Desktop one of the most widely used type 2 hypervisors, created for Mac users who also use Windows application KVM (Kernel-based VM) one of the most widely used type 2 hypervisors for linux OS Microsoft virtual machine one of the most widely used type 2 hypervisors, the most recent versions support only VMs that run Windows VMware Workstation and Player one of the most widely used type 2 hypervisors, can be installed on any device, including tablets, can install Microsoft Hyper-V Server on it, can support up to 16 CPUs, 8 TB storage, and 20 VMs, can create encrypted VMs C:\\Users\[username]\Documents\Virtual Machines\[VM name] the default location of vmware Player files on Windows /var/lib/vmware/virtual machines the default location of vmware Player files on Windows .vmdk files stores the virtual hard drive's content .vmx stores configuration files VirtualBox type 2 hypervisor, open source software, 64-bit guests, full virtualization, can be used on Linux, Windows, Mac, DOS, etc., Cross platform host support, VMware tools, allows you to select different virtual hard drive types .ova or .ovf file used to create a virtual machine .vdi disk image file .vbox saved settings of virtual hard drives log files By linking the VM's IP address with the ?, you may determine what websites the VM accessed Users and Documents folder, Users and Directories, host's registry, virtual adapter To detect whether a VM is on a host computer, look in the ? (in Windows) or ? (/usr in Linux), check the ? for clues that the VMs are installed or uninstalled, existence of a ? USB drives When conducting an investigation on Type 2 hypervisors, in addition to searching for network adapters, you need to determine whether ? have been attached to the host True T/F: VMs can be nested in other VMs snapshots Live acquisitions of VMs include ?, which records the state of a VM at a particular moment True T/F: FTK imager and OSForensics are other VM examination methods that can mount VMs as an external drive False - they can T/F: Investigators cannot use VMs to run forensic tools stored on USB drives network intrusions or attacks Live acquisitions are especially useful when you're dealing active ? Order of Volatility (OOV) how long a piece of information lasts on a system Network forensics process of collecting and analyzing raw network data and tracking network traffic to ascertain how an attack was carried out or how an event occurred on a network Network attacks DDoS, IP spoofing, Man-in-the-Middle attack, social engineering Layered network defense strategy sets up layer of protection to hide the most vulnerable data at the innermost part of the network Defense in Depth (DiD) similar approach to layered network defense strategy, includes people, technology, and operations as protection modes malware Working on an isolated system prevents ? from affecting other systems Sysinternals a collection of free tools for examining Windows products pcap (packet capture) Most network tools follow the ? format Honeypot developed to make information widely available in attempt to thwart Internet and network hackers, provides information about latest intrusion techniques attack method Distributed denial of service attacks (DDOS) a major threat that may go through other organization's networks not just yours or your ISP's volatile items Live acquisitions are necessary to retrieve ?, such a RAM and running processes geotagging allows people to associate GPS coordinates or other location data with their posts. Riley vs. California case that stated a search warrant is required before an arresting officer can begin examining a phone's content False - no single standard exists T/F: A single standard exists for how and where phones store messages Time division multiple access (TDMA) Global systems for mobile communications (GSM) uses the ? technique where multiple phones take turns sharing a channel True T/F: 4G can use the Orthangonal frequency division multiplexing (OFDM) and LTE base transceiver station (Bts) made up of radio transceiver equipment that defines cells and communicates with mobile phones base station controller (bsc) manages bts's and assigns channels by connecting to the mobile switching center mobile switching center (Msc) connects calls by routing digital packets for the network and relies on a database to support customers ROM (non volatile memory) OS's are stored in ? EEPROM (electronically erasable programmable read only memory) Phones store data in SIM cards found most commonly in GSM phones, consist of microprocessor and internal memory, necessary for mobile equipment to work