Why is integrating NetFlow analysis with log systems considered more effective in detecting exfiltration attempts?

It highlights unusual long-duration or large data flows leaving the network.

It captures application-level payloads.

It shows detailed MAC addresses of devices.

It automatically prevents outbound connections.

Which OWASP Top 10 vulnerability directly exploits insufficient logging and monitoring as a weakness?

Insufficient Logging & Monitoring

In Linux forensics, /var/log/kern.log is particularly valuable for investigating:

Hardware failures and kernel-level errors

Web application vulnerabilities

In vulnerability assessment, Nessus is particularly valuable for:

Compliance auditing and CVSS-based risk prioritization

Packet reconstruction and malware traffic analysis

Deep inspection of running processes in memory

Discovering logical flaws in custom applications

Which of the following best demonstrates Locard’s Principle of Exchange in digital forensics?

A USBSTOR registry entry revealing a connected device

An IDS alert with a false positive

A SIEM dashboard highlighting aggregated logs

A system reboot log entry after patching

Which scenario best illustrates the limitation of automated vulnerability scanners like OpenVAS?

Missing detection of outdated Apache versions

Failing to identify complex authentication bypass flaws

False positives due to outdated signature database

During incident response, an investigator finds an unusual outbound connection to an unknown IP at midnight. Which combination of tools/logs provides the most reliable evidence of data exfiltration?

Firewall logs + NetFlow analysis

Why is SIEM integration critical in modern log management?

It automates correlation and real-time detection of advanced persistent threats (APTs).

It ensures only text-based logs are stored.

It eliminates the need for forensic tools.

It guarantees 100% removal of false positives.

Digital Forensics Quiz

Authored by ANIKET PAUL

Computers

University

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In Windows forensics, which log type would most likely reveal evidence of privilege escalation attempts?

Application Log

Security Log

Setup Log

Forwarded Events

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An investigator detects unusual SSH login attempts on a Linux server. Which command provides the most targeted view of authentication-related events?

cat /var/log/messages

journalctl -u sshd

less /var/log/syslog

dmesg

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which log correlation scenario provides the strongest indication of a web server compromise?

Apache access.log shows multiple 404 errors from the same IP.

Apache error.log shows repeated PHP warnings.

Firewall logs show denied outbound traffic.

Apache access.log indicates a SQL injection payload followed by a database error in MySQL logs.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In the digital forensic workflow, why is hashing (MD5/SHA-256) applied immediately after evidence acquisition?

To compress evidence for storage efficiency.

To prove evidence integrity throughout investigation.

To encrypt the evidence against attackers.

To anonymize sensitive data during analysis.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which forensic artifact from the Windows Registry is most useful to confirm that a specific USB device was used for data exfiltration?

NTUSER.DAT RecentDocs

SYSTEM\MountedDevices

SYSTEM\CurrentControlSet\Enum\USBSTOR

SAM hive

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

During vulnerability assessment, a team discovers HTTP PUT enabled on a production server. What is the most critical risk this configuration introduces?

Unauthorized data deletion

Upload of malicious files such as web shells

Brute-force login attacks

Misconfigured TLS certificates

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which log management tool is best suited for real-time detection of insider threats by correlating user login anomalies across multiple systems?

Autopsy

Splunk

FTK Imager

Nikto

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Security Threats and Trust Boundaries

Quiz

•

University

15 questions

Round 2 Debug-The-Code

Quiz

•

University

20 questions

3°DS _AV2_R2 3TEC_PM_Programação Mobile _12_20 Quizizz

Quiz

•

11th Grade - University

20 questions

System and network support and management

Quiz

•

11th Grade - Professi...

15 questions

INTELLECTUAL REVOLUTIONS THAT DEFINED SOCIETY

Quiz

•

University

20 questions

Hashing

Quiz

•

University

20 questions

Linux Directory Structures

Quiz

•

10th Grade - University

20 questions

Computer Forensics Investigation Process

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

20 questions

CompTIA Network+ - Ports and Protocols

Quiz

•

University

Digital Forensics Quiz

In Windows forensics, which log type would most likely reveal evidence of privilege escalation attempts?

An investigator detects unusual SSH login attempts on a Linux server. Which command provides the most targeted view of authentication-related events?

Which log correlation scenario provides the strongest indication of a web server compromise?

In the digital forensic workflow, why is hashing (MD5/SHA-256) applied immediately after evidence acquisition?

Which forensic artifact from the Windows Registry is most useful to confirm that a specific USB device was used for data exfiltration?

During vulnerability assessment, a team discovers HTTP PUT enabled on a production server. What is the most critical risk this configuration introduces?

Which log management tool is best suited for real-time detection of insider threats by correlating user login anomalies across multiple systems?

A forensic analyst wants to reconstruct user browsing history after evidence of a malware infection. Which combination of tools and logs is most effective?

Why is integrating NetFlow analysis with log systems considered more effective in detecting exfiltration attempts?

Which OWASP Top 10 vulnerability directly exploits insufficient logging and monitoring as a weakness?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers