Digital Forensics: Network Security Architecture Applied Scenarios
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
About this mock
This FACT-aligned mock test puts the network security architecture block of the digital forensics syllabus into applied form. Thirty scenario-style single-best-answer questions exercise IPSec selection between AH (RFC 4302), ESP (RFC 4303), and the combination, transport versus tunnel mode for site-to-site and remote-access deployments, and IKEv2 (RFC 7296) versus the deprecated IKEv1 Aggressive Mode. VPN selection between OpenVPN, WireGuard, and IPSec is tested against use-case constraints. Firewall design covers stateful inspection, application proxies, and next-generation firewalls when layer-7 inspection plus user identity are required. IDS versus IPS placement (passive tap versus inline) and the signature-versus-anomaly gap on zero-day traffic are explored alongside PEAP versus EAP-TLS choices given certificate-management realities, Kerberos AS-TGS-KDC troubleshooting under RFC 4120 error codes, X.509 chain validation, LDAP distinguished names, digital signature verification, CRL versus OCSP under RFC 5280 and RFC 6960, TLS 1.2 versus 1.3 handshake changes, HSTS preload reasoning, NAC 802.1X-MAB risk, TOTP versus HOTP versus FIDO2 selection, PKI bridge trust models, VLAN versus micro-segmentation under NIST SP 800-207, SIEM correlation tuning, and IPv6 SLAAC with Privacy Extensions versus stateful DHCPv6.
This medium-band paper is intended for MSc and BSc forensic science aspirants targeting the FACT entrance examination, and for working professionals preparing for CISSP, Security+, or CHFI. Indian PKI material under the Controller of Certifying Authorities and the IT Act 2000 informs the certificate questions, alongside CERT-In hardening advisories and NIST publications.
Topics covered:
- IPSec AH versus ESP versus combined, transport versus tunnel mode selection
- IKEv2 phases against IKEv1 Aggressive Mode deprecation
- VPN selection between OpenVPN, WireGuard, and IPSec for given constraints
- Firewall types: stateful, proxy, and NGFW with TLS decryption and user identity
- IDS passive tap versus IPS inline, and signature limits against zero-day traffic
- PEAP versus EAP-TLS, Kerberos error troubleshooting, X.509 chain failures
- LDAP DN versus RDN, digital signatures, CRL versus OCSP freshness trade-off
- TLS 1.3 handshake, HSTS preload, 802.1X-MAB risk, FIDO2 selection, micro-segmentation
Use this set as a calibration exercise before attempting full-length FACT digital forensics papers. Allow 30 minutes.
Sources & references
Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.
- cited in 3 questions
NIST SP 800-94
Guide to Intrusion Detection and Prevention Systems (IDPS), Section on Sensor Placement
Open source - cited in 2 questions
IETF RFC 7296
Internet Key Exchange Protocol Version 2 (IKEv2), Section on Initial Exchanges
Open source - cited in 2 questions
NIST SP 800-41 Revision 1
Guidelines on Firewalls and Firewall Policy (2009), Section on Firewall Types
Open source - cited in 2 questions
IETF RFC 4120
The Kerberos Network Authentication Service (V5), Section 5.9 on Error Messages
Open source - cited in 2 questions
Stallings, William
Cryptography and Network Security, 7th Edition, Chapter on Digital Signatures
- cited in 1 question
IETF RFC 4303
IP Encapsulating Security Payload (ESP), Section on Tunnel Mode and Integrity
Open source - cited in 1 question
- cited in 1 question
Microsoft Corporation
Protected Extensible Authentication Protocol (PEAP) Specification, MS-PEAP
Open source - cited in 1 question
IETF RFC 8981
Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6 (2021)
Open source - cited in 1 question
- cited in 1 question
IETF RFC 8446
The Transport Layer Security (TLS) Protocol Version 1.3, Section on Handshake Protocol
Open source - cited in 1 question
CERT/CC Vulnerability Note VU#886601
IKEv1 Aggressive Mode PSK Authentication Hash Disclosure
Open source - cited in 1 question
IEEE 802.1X-2020
Port-Based Network Access Control, Section on MAC Authentication Bypass and its risks
Open source - cited in 1 question
- cited in 1 question
- cited in 1 question
IETF RFC 5280
Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Section on Certification Path Construction
Open source - cited in 1 question
- cited in 1 question
- cited in 1 question
- cited in 1 question
- cited in 1 question
- cited in 1 question
- cited in 1 question
IETF RFC 4301
Security Architecture for the Internet Protocol, Section on Tunnel vs Transport Mode
Open source - cited in 1 question
NIST SP 800-92
Guide to Computer Security Log Management, Section on Correlation Rule Tuning
Open source
How our mocks are built
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.
Common questions
What does the Digital Forensics: Network Security Architecture Applied Scenarios mock cover?+
This FACT-aligned mock test puts the network security architecture block of the digital forensics syllabus into applied form. Thirty scenario-style single-best-answer questions exercise IPSec selection between AH (RFC 4302), ESP (RFC 4303), and the combination, transport versus tunnel mode for site-to-site and remote-access deployments, and IKEv2 (RFC 7296) versus the deprecated IKEv1 Aggressive Mode. VPN selection between OpenVPN, WireGuard, and IPSec is tested against use-case constraints. Fir
How many questions and how long is the test?+
30 multiple-choice questions, 30 minutes total. Difficulty: medium. Tier: Premium.
Who is this mock for?+
Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.
Are the questions reviewed?+
Each question carries a verified source citation. Faculty review for individual questions is in progress.
Do I need an account to take this mock?+
Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.