Skip to content
Digital Forensicseasy Premium

Digital Forensics: Network Threats and Network Attacks

Published:

Questions

30

Duration

30 min

Faculty-reviewed

0

Updated

20 May 2026

Score, per-question explanations and topic breakdown shown right after you submit.

About this mock

This FACT-aligned mock practice test covers the network-attack section of the digital forensics paper in thirty timed questions. The set runs across the wire from passive eavesdropping in promiscuous mode through Wireshark and tcpdump captures, ARP cache poisoning under RFC 826, DNS cache poisoning and the DNSSEC mitigation from RFC 4033, IP source-address forgery and BCP 38 ingress filtering from RFC 2827, BGP prefix hijacking with the 2010 China Telecom incident as the worked example, MAC spoofing on Linux through the ip link command and macchanger, web-jacking through DNS hijack and certificate compromise, and the OWASP Top 10 (2021) ordering with Broken Access Control at the top.

Wireless coverage spans WEP IV-reuse and RC4 keystream attacks through aircrack-ng, the WPA2 four-way handshake capture used for offline dictionary attacks, the 2017 KRACK paper by Vanhoef and Piessens, WPA3 with the SAE Dragonfly handshake, evil twin rogue access points, and 802.11 deauthentication frame spoofing fixed by 802.11w. Denial-of-service coverage runs from SYN flood and UDP flood through DNS amplification reflection. Application-layer coverage closes with SSL stripping from Moxie Marlinspike sslstrip and the HSTS mitigation in RFC 6797, plus authentication factors, IEEE 802.1X with EAP and EAPOL, zero-day terminology, wireless rogue-AP detection, typosquatting, and the named subtypes of social engineering. The mock complements the cyber-crime mock by focusing on what a network forensicator sees on the wire rather than the legal category of the offence.

The set suits MSc and BSc forensic-science students preparing for the FACT entrance, NFSU MSc digital forensics entrance, and CCFP, GCIH, and CHFI question banks. It also works for VAPT and information-security audit aspirants who want a refresher on the L2-to-L7 attack surface in one sitting.

Topics covered:

  • Eavesdropping, packet sniffing and Wireshark
  • ARP, DNS and routing-table poisoning
  • IP and MAC spoofing
  • Cross-site scripting, SQL injection and OWASP Top 10
  • WEP, WPA2, WPA3 and rogue access points
  • DoS, DDoS, SYN flood and amplification
  • MITM, SSL strip and HSTS
  • Authentication factors, 802.1X, zero-day and social engineering

Time the attempt to mirror exam conditions. Allow 30 minutes.

Sources & references

Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.

  • Kurose, James F.; Ross, Keith W.

    Computer Networking: A Top-Down Approach, 7th Edition (Pearson), Chapter 8: Security in Computer Networks

    cited in 4 questions
  • OWASP Foundation

    OWASP Top 10 (2021): A03 Injection and the Cross-Site Scripting Prevention Cheat Sheet

    Open source
    cited in 3 questions
  • CERT-In

    Advisories on phishing, typosquatting, and lookalike domains

    Open source
    cited in 2 questions
  • Tanenbaum, Andrew S.

    Computer Networks, 5th Edition (Pearson), Chapter 4: The Medium Access Control Sublayer

    cited in 2 questions
  • Stallings, William

    Cryptography and Network Security: Principles and Practice, 7th Edition, Chapter on Denial-of-Service Attacks

    cited in 2 questions
  • NIST Special Publication 800-63B

    Digital Identity Guidelines: Authentication and Lifecycle Management

    Open source
    cited in 1 question
  • RFC 4033: DNS Security Introduction and Requirements

    Internet Engineering Task Force, 2005

    Open source
    cited in 1 question
  • RFC 2827 (BCP 38): Network Ingress Filtering

    Ferguson and Senie, Internet Engineering Task Force, May 2000

    Open source
    cited in 1 question
  • Nelson, Bill; Phillips, Amelia; Steuart, Christopher

    Guide to Computer Forensics and Investigations, 6th Edition (Cengage), Chapter on Network Forensics Tools

    cited in 1 question
  • IEEE 802.11i-2004 and Fluhrer, Mantin, Shamir (2001)

    Weaknesses in the Key Scheduling Algorithm of RC4, Selected Areas in Cryptography 2001

    cited in 1 question
  • Marlinspike, Moxie

    New Tricks for Defeating SSL in Practice, Black Hat USA 2009

    Open source
    cited in 1 question
  • IEEE 802.11w-2009 / 802.11-2020

    IEEE Standard for Information Technology, Management Frame Protection

    cited in 1 question
  • RFC 4271: A Border Gateway Protocol 4 (BGP-4)

    Internet Engineering Task Force, 2006

    Open source
    cited in 1 question
  • Wi-Fi Alliance and CWNP

    Certified Wireless Security Professional (CWSP) Study Guide on Wireless IDS / IPS

    Open source
    cited in 1 question
  • RFC 3748: Extensible Authentication Protocol (EAP)

    Internet Engineering Task Force, 2004, and IEEE 802.1X-2010

    Open source
    cited in 1 question
  • Hadnagy, Christopher

    Social Engineering: The Science of Human Hacking, 2nd Edition (Wiley), Chapter on Pretexting

    cited in 1 question
  • Linux man pages: ip-link(8) and macchanger(1)

    Linux ip-link(8) and macchanger(1) reference pages

    Open source
    cited in 1 question
  • RFC 826: An Ethernet Address Resolution Protocol

    Internet Engineering Task Force, 1982

    Open source
    cited in 1 question
  • US-China Economic and Security Review Commission

    2010 Annual Report to Congress, section on BGP route diversion

    Open source
    cited in 1 question
  • Vanhoef, Mathy; Piessens, Frank

    Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, ACM CCS 2017

    Open source
    cited in 1 question
  • Wi-Fi Alliance

    WPA3 Specification and Simultaneous Authentication of Equals (SAE)

    Open source
    cited in 1 question
  • RFC 6797: HTTP Strict Transport Security (HSTS)

    Internet Engineering Task Force, 2012

    Open source
    cited in 1 question

How our mocks are built

Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.

Common questions

What does the Digital Forensics: Network Threats and Network Attacks mock cover?+

This FACT-aligned mock practice test covers the network-attack section of the digital forensics paper in thirty timed questions. The set runs across the wire from passive eavesdropping in promiscuous mode through Wireshark and tcpdump captures, ARP cache poisoning under RFC 826, DNS cache poisoning and the DNSSEC mitigation from RFC 4033, IP source-address forgery and BCP 38 ingress filtering from RFC 2827, BGP prefix hijacking with the 2010 China Telecom incident as the worked example, MAC spoo

How many questions and how long is the test?+

30 multiple-choice questions, 30 minutes total. Difficulty: easy. Tier: Premium.

Who is this mock for?+

Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.

Are the questions reviewed?+

Each question carries a verified source citation. Faculty review for individual questions is in progress.

Do I need an account to take this mock?+

Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.