GCIH Network Forensics & Malware Analysis

Question 1

What is the first step in network forensics after detecting an incident?

Accepted Answer

Preserve evidence and create an incident timeline

Answer

Begin remediation efforts immediately.

Answer

Start analyzing the incident data.

Answer

Report the incident to external authorities.

Question 2

What is the main objective of malware analysis?

Accepted Answer

To understand the malware's behavior and origin

Answer

To find and eliminate the attacker.

Answer

To gather intelligence about the attacker.

Answer

To create defenses against future attacks.

Question 3

How can you identify suspicious network traffic during an incident?

Accepted Answer

By analyzing network traffic patterns and anomalies

Answer

By monitoring the firewall logs.

Answer

By focusing on web traffic only.

Answer

By inspecting system logs.

Question 4

Why is timestamp analysis important in network forensics?

Accepted Answer

To create a timeline of events in the attack

Answer

To determine the attacker's identity.

Answer

To assess the potential impact of the attack.

Answer

To track the attacker's IP address.

Question 5

What is the purpose of extracting artifacts from a compromised system?

Accepted Answer

To find evidence of attacker actions

Answer

To erase traces of the attack.

Answer

To protect the compromised system.

Answer

To lock the attacker out of the system.

Question 6

How can you detect malware using network traffic analysis?

Accepted Answer

By looking for traffic patterns associated with malicious activity

Answer

By monitoring the system's CPU usage.

Answer

By checking for abnormal file system modifications.

Answer

By scanning for suspicious email attachments.

Question 7

Why is analyzing payload data important in malware analysis?

Accepted Answer

To understand the malware's functionality

Answer

To block the malware from infecting other systems.

Answer

To identify the attacker.

Answer

To locate the source of the attack.

Question 8

What does network forensics primarily aim to achieve?

Accepted Answer

To understand the root cause of the incident.

Answer

To identify the attacker's location.

Answer

To fix the security flaws.

Answer

To close security gaps.

Question 9

How does malware analysis help incident handlers?

Accepted Answer

By identifying the malware's payload and functionality

Answer

By allowing them to track the malware's origin.

Answer

By preventing further infections.

Answer

By revealing the attacker’s identity.