Skip to content
Digital Forensicsmedium Premium

Digital Forensics: Network Security Architecture Applied Scenarios

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

20 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

This FACT-aligned mock test puts the network security architecture block of the digital forensics syllabus into applied form. Thirty scenario-style single-best-answer questions exercise IPSec selection between AH (RFC 4302), ESP (RFC 4303), and the combination, transport versus tunnel mode for site-to-site and remote-access deployments, and IKEv2 (RFC 7296) versus the deprecated IKEv1 Aggressive Mode. VPN selection between OpenVPN, WireGuard, and IPSec is tested against use-case constraints. Firewall design covers stateful inspection, application proxies, and next-generation firewalls when layer-7 inspection plus user identity are required. IDS versus IPS placement (passive tap versus inline) and the signature-versus-anomaly gap on zero-day traffic are explored alongside PEAP versus EAP-TLS choices given certificate-management realities, Kerberos AS-TGS-KDC troubleshooting under RFC 4120 error codes, X.509 chain validation, LDAP distinguished names, digital signature verification, CRL versus OCSP under RFC 5280 and RFC 6960, TLS 1.2 versus 1.3 handshake changes, HSTS preload reasoning, NAC 802.1X-MAB risk, TOTP versus HOTP versus FIDO2 selection, PKI bridge trust models, VLAN versus micro-segmentation under NIST SP 800-207, SIEM correlation tuning, and IPv6 SLAAC with Privacy Extensions versus stateful DHCPv6.

This medium-band paper is intended for MSc and BSc forensic science aspirants targeting the FACT entrance examination, and for working professionals preparing for CISSP, Security+, or CHFI. Indian PKI material under the Controller of Certifying Authorities and the IT Act 2000 informs the certificate questions, alongside CERT-In hardening advisories and NIST publications.

Topics covered:

  • IPSec AH versus ESP versus combined, transport versus tunnel mode selection
  • IKEv2 phases against IKEv1 Aggressive Mode deprecation
  • VPN selection between OpenVPN, WireGuard, and IPSec for given constraints
  • Firewall types: stateful, proxy, and NGFW with TLS decryption and user identity
  • IDS passive tap versus IPS inline, and signature limits against zero-day traffic
  • PEAP versus EAP-TLS, Kerberos error troubleshooting, X.509 chain failures
  • LDAP DN versus RDN, digital signatures, CRL versus OCSP freshness trade-off
  • TLS 1.3 handshake, HSTS preload, 802.1X-MAB risk, FIDO2 selection, micro-segmentation

Use this set as a calibration exercise before attempting full-length FACT digital forensics papers. Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • NIST SP 800-94

    Guide to Intrusion Detection and Prevention Systems (IDPS), Section on Sensor Placement

    Open source
    cited in 3 questions
  • IETF RFC 7296

    Internet Key Exchange Protocol Version 2 (IKEv2), Section on Initial Exchanges

    Open source
    cited in 2 questions
  • NIST SP 800-41 Revision 1

    Guidelines on Firewalls and Firewall Policy (2009), Section on Firewall Types

    Open source
    cited in 2 questions
  • IETF RFC 4120

    The Kerberos Network Authentication Service (V5), Section 5.9 on Error Messages

    Open source
    cited in 2 questions
  • Stallings, William

    Cryptography and Network Security, 7th Edition, Chapter on Digital Signatures

    cited in 2 questions
  • IETF RFC 4303

    IP Encapsulating Security Payload (ESP), Section on Tunnel Mode and Integrity

    Open source
    cited in 1 question
  • IETF RFC 6960

    X.509 Internet PKI Online Certificate Status Protocol (OCSP)

    Open source
    cited in 1 question
  • Microsoft Corporation

    Protected Extensible Authentication Protocol (PEAP) Specification, MS-PEAP

    Open source
    cited in 1 question
  • IETF RFC 8981

    Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6 (2021)

    Open source
    cited in 1 question
  • NIST SP 800-207

    Zero Trust Architecture, Section on Micro-Segmentation

    Open source
    cited in 1 question
  • IETF RFC 8446

    The Transport Layer Security (TLS) Protocol Version 1.3, Section on Handshake Protocol

    Open source
    cited in 1 question
  • CERT/CC Vulnerability Note VU#886601

    IKEv1 Aggressive Mode PSK Authentication Hash Disclosure

    Open source
    cited in 1 question
  • IEEE 802.1X-2020

    Port-Based Network Access Control, Section on MAC Authentication Bypass and its risks

    Open source
    cited in 1 question
  • IETF RFC 4302

    IP Authentication Header (AH), Section on Integrity Coverage

    Open source
    cited in 1 question
  • IETF RFC 8996

    Deprecating TLS 1.0 and TLS 1.1 (2021)

    Open source
    cited in 1 question
  • IETF RFC 5280

    Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Section on Certification Path Construction

    Open source
    cited in 1 question
  • Chromium Project

    HSTS Preload Submission Requirements at hstspreload.org

    Open source
    cited in 1 question
  • IETF RFC 5216

    The EAP-TLS Authentication Protocol

    Open source
    cited in 1 question
  • World Wide Web Consortium

    Web Authentication (WebAuthn) Level 2 Recommendation

    Open source
    cited in 1 question
  • NIST SP 800-77 Revision 1

    Guide to IPSec VPNs (2020), Section on Authentication Methods

    Open source
    cited in 1 question
  • IETF RFC 4514

    LDAP: String Representation of Distinguished Names

    Open source
    cited in 1 question
  • Donenfeld, Jason

    WireGuard: Next Generation Kernel Network Tunnel, NDSS 2017

    Open source
    cited in 1 question
  • IETF RFC 4301

    Security Architecture for the Internet Protocol, Section on Tunnel vs Transport Mode

    Open source
    cited in 1 question
  • NIST SP 800-92

    Guide to Computer Security Log Management, Section on Correlation Rule Tuning

    Open source
    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Digital Forensics: Network Security Architecture Applied Scenarios mock cover?+

This FACT-aligned mock test puts the network security architecture block of the digital forensics syllabus into applied form. Thirty scenario-style single-best-answer questions exercise IPSec selection between AH (RFC 4302), ESP (RFC 4303), and the combination, transport versus tunnel mode for site-to-site and remote-access deployments, and IKEv2 (RFC 7296) versus the deprecated IKEv1 Aggressive Mode. VPN selection between OpenVPN, WireGuard, and IPSec is tested against use-case constraints. Fir

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: medium. Tier: Premium.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.