312-49V11 · Question #7
312-49V11 Question #7: Real Exam Question with Answer & Explanation
The correct answer is A. Provides insights on network traffic, device connections, and security incidents.. This question aligns with CHFI v11 objectives under Network and Web Attacks and Network Log Analysis. In digital forensics, network infrastructure logs are critical sources of evidence for detecting, analyzing, and reconstructing network-based attacks. CHFI v11 specifically empha
Question
Options
- AProvides insights on network traffic, device connections, and security incidents.
- BTracks website visits and browser history exclusively.
- CNot pertinent to digital forensics.
- DDetails user activities within the local network.
Explanation
This question aligns with CHFI v11 objectives under Network and Web Attacks and Network Log Analysis. In digital forensics, network infrastructure logs are critical sources of evidence for detecting, analyzing, and reconstructing network-based attacks. CHFI v11 specifically emphasizes the forensic value of logs generated by network devices such as Cisco switches, VPN gateways, and DNS servers. Cisco switch logs provide information about device connections, port activity, MAC address mappings, VLAN assignments, and potential unauthorized access within the internal network. VPN logs reveal details about remote connections, including authentication attempts, user identities, IP addresses, session durations, and encrypted tunnel activity--crucial for identifying compromised credentials or unauthorized remote access. DNS server logs record domain name queries and responses, which help investigators detect command-and-control communication, data exfiltration attempts, malware beaconing, and access to malicious domains.
Community Discussion
No community discussion yet for this question.