Digital Forensics: Computer Networking Applied Scenarios for Investigators
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
About this mock
Applied scenario drill for the FACT digital forensics paper, focused on the computer networking knowledge investigators have to apply at a real scene: subnet arithmetic on /27, /28, and /29 blocks; supernetting and CIDR overlap detection; OSPF cost from interface bandwidth; BGP route-hijack identification from AS-PATH signatures; Spanning Tree Protocol root election; 802.1Q VLAN tagging on trunk versus access ports; ARP storm and switching loop diagnosis; ICMP type and code distinctions covering ping, traceroute, port unreachable, administratively prohibited, and redirect; TCP three-way handshake reading from a pcap snippet; DNS over UDP, TCP, DoT 853, and DoH 443; Wi-Fi 5 versus Wi-Fi 6 capture considerations; WPA2 versus WPA3 SAE handshake; client isolation on a guest SSID; bandwidth-delay product window sizing; jitter versus latency in a VoIP investigation; longest-prefix match in a routing table; carrier-grade NAT shared address space at 100.64.0.0/10 against RFC 1918 private space; NAT traversal versus direct exposure for a residential server.
This mock is for forensic science postgraduates and FACT aspirants who have crossed the definition stage and now need to apply networking facts to investigation scenarios. It is calibrated to the medium band, where every question forces a choice between near-neighbour options that share most attributes and differ on one parameter the investigator has to know cold. The mock is equally useful for UGC-NET Paper II networking-section preparation, NFSU MSc digital forensics, and entry-level GCFA or CHFI revision.
Topics covered:
- Subnet arithmetic and broadcast addresses on /27, /28, /29
- Supernetting, CIDR aggregation, and prefix overlap detection
- OSPF interface cost and BGP route-hijack signatures
- Spanning Tree Protocol root election and switching-loop diagnosis
- 802.1Q VLAN tagging on trunk and access ports
- ICMP type and code distinctions across ping, traceroute, redirect
- TCP three-way handshake from pcap and Path MTU Discovery black holes
- DNS over UDP, TCP, DoT 853, DoH 443, plus EDNS0 buffer sizing
- Wi-Fi 4, 5, 6 standards, WPA3 SAE, and client isolation
- Bandwidth-delay product, jitter versus latency, CGNAT and NAT traversal
Sit the mock under timed conditions, mark the explanation references, and revisit any RFC citations after each session.
Allow 30 minutes.
Sources & references
Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.
- cited in 4 questions
RFC 4632
Classless Inter-Domain Routing (Fuller and Li, 2006), Section on Prefix Aggregation and Subsumption
Open source - cited in 3 questions
- cited in 1 question
- cited in 1 question
RFC 6996 and RFC 6480
Autonomous System Reservation for Private Use; Infrastructure to Support Secure BGP Routing
Open source - cited in 1 question
- cited in 1 question
Wi-Fi Alliance WPA3 Specification and IEEE 802.11-2020
Simultaneous Authentication of Equals (SAE) and Dragonfly Key Exchange
- cited in 1 question
- cited in 1 question
Cisco LAN Switching Configuration Guide
Broadcast Storm Control and Spanning Tree Loop Diagnosis
- cited in 1 question
- cited in 1 question
Wi-Fi Alliance Generational Brand Specification and IEEE 802.11-2020
Wi-Fi 4, Wi-Fi 5, Wi-Fi 6, Wi-Fi 6E, and Wi-Fi 7 marketing names
- cited in 1 question
IEEE 802.11-2020 and Wi-Fi Alliance Wi-Fi 6 Specification
High-Efficiency Wireless (HEW) Amendment and OFDMA Resource Units
Open source - cited in 1 question
- cited in 1 question
Cisco IOS Security Configuration Guide
Access Control List Processing Order and First-Match Semantics
- cited in 1 question
- cited in 1 question
- cited in 1 question
- cited in 1 question
- cited in 1 question
- cited in 1 question
IEEE 802.1D and Cisco LAN Switching Troubleshooting Guide
Spanning Tree Protocol State Inspection during Layer 2 Loops
Open source - cited in 1 question
- cited in 1 question
Forouzan, Behrouz A.
Data Communications and Networking, 5th Edition (McGraw-Hill, 2012), Chapter 19: IPv4 Addressing
- cited in 1 question
RFC 1812 and RFC 792
Requirements for IP Version 4 Routers, and Internet Control Message Protocol codes
Open source - cited in 1 question
RFC 3550 and ITU-T G.114
RTP: A Transport Protocol for Real-Time Applications, and One-Way Transmission Time recommendation
Open source - cited in 1 question
Tanenbaum, Andrew S.
Computer Networks, 5th Edition (Pearson, 2010), Chapter on Network Layer Forwarding
- cited in 1 question
Cisco Wireless LAN Controller Configuration Guide
Peer-to-Peer Blocking and Guest SSID Client Isolation
How our mocks are built
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.
Common questions
What does the Digital Forensics: Computer Networking Applied Scenarios for Investigators mock cover?+
Applied scenario drill for the FACT digital forensics paper, focused on the computer networking knowledge investigators have to apply at a real scene: subnet arithmetic on /27, /28, and /29 blocks; supernetting and CIDR overlap detection; OSPF cost from interface bandwidth; BGP route-hijack identification from AS-PATH signatures; Spanning Tree Protocol root election; 802.1Q VLAN tagging on trunk versus access ports; ARP storm and switching loop diagnosis; ICMP type and code distinctions covering
How many questions and how long is the test?+
30 multiple-choice questions, 30 minutes total. Difficulty: medium. Tier: Premium.
Who is this mock for?+
Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.
Are the questions reviewed?+
Each question carries a verified source citation. Faculty review for individual questions is in progress.
Do I need an account to take this mock?+
Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.