Digital Forensics: Network Threats and Network Attacks
Published:
Questions
30
Duration
30 min
Faculty-reviewed
0
Updated
20 May 2026
About this mock
This FACT-aligned mock practice test covers the network-attack section of the digital forensics paper in thirty timed questions. The set runs across the wire from passive eavesdropping in promiscuous mode through Wireshark and tcpdump captures, ARP cache poisoning under RFC 826, DNS cache poisoning and the DNSSEC mitigation from RFC 4033, IP source-address forgery and BCP 38 ingress filtering from RFC 2827, BGP prefix hijacking with the 2010 China Telecom incident as the worked example, MAC spoofing on Linux through the ip link command and macchanger, web-jacking through DNS hijack and certificate compromise, and the OWASP Top 10 (2021) ordering with Broken Access Control at the top.
Wireless coverage spans WEP IV-reuse and RC4 keystream attacks through aircrack-ng, the WPA2 four-way handshake capture used for offline dictionary attacks, the 2017 KRACK paper by Vanhoef and Piessens, WPA3 with the SAE Dragonfly handshake, evil twin rogue access points, and 802.11 deauthentication frame spoofing fixed by 802.11w. Denial-of-service coverage runs from SYN flood and UDP flood through DNS amplification reflection. Application-layer coverage closes with SSL stripping from Moxie Marlinspike sslstrip and the HSTS mitigation in RFC 6797, plus authentication factors, IEEE 802.1X with EAP and EAPOL, zero-day terminology, wireless rogue-AP detection, typosquatting, and the named subtypes of social engineering. The mock complements the cyber-crime mock by focusing on what a network forensicator sees on the wire rather than the legal category of the offence.
The set suits MSc and BSc forensic-science students preparing for the FACT entrance, NFSU MSc digital forensics entrance, and CCFP, GCIH, and CHFI question banks. It also works for VAPT and information-security audit aspirants who want a refresher on the L2-to-L7 attack surface in one sitting.
Topics covered:
- Eavesdropping, packet sniffing and Wireshark
- ARP, DNS and routing-table poisoning
- IP and MAC spoofing
- Cross-site scripting, SQL injection and OWASP Top 10
- WEP, WPA2, WPA3 and rogue access points
- DoS, DDoS, SYN flood and amplification
- MITM, SSL strip and HSTS
- Authentication factors, 802.1X, zero-day and social engineering
Time the attempt to mirror exam conditions. Allow 30 minutes.
Sources & references
Questions in this mock are written and verified against the following sources. Citations are recorded per question and shown in the explanation after submission.
- cited in 4 questions
Kurose, James F.; Ross, Keith W.
Computer Networking: A Top-Down Approach, 7th Edition (Pearson), Chapter 8: Security in Computer Networks
- cited in 3 questions
OWASP Foundation
OWASP Top 10 (2021): A03 Injection and the Cross-Site Scripting Prevention Cheat Sheet
Open source - cited in 2 questions
- cited in 2 questions
Tanenbaum, Andrew S.
Computer Networks, 5th Edition (Pearson), Chapter 4: The Medium Access Control Sublayer
- cited in 2 questions
Stallings, William
Cryptography and Network Security: Principles and Practice, 7th Edition, Chapter on Denial-of-Service Attacks
- cited in 1 question
NIST Special Publication 800-63B
Digital Identity Guidelines: Authentication and Lifecycle Management
Open source - cited in 1 question
RFC 4033: DNS Security Introduction and Requirements
Internet Engineering Task Force, 2005
Open source - cited in 1 question
RFC 2827 (BCP 38): Network Ingress Filtering
Ferguson and Senie, Internet Engineering Task Force, May 2000
Open source - cited in 1 question
Nelson, Bill; Phillips, Amelia; Steuart, Christopher
Guide to Computer Forensics and Investigations, 6th Edition (Cengage), Chapter on Network Forensics Tools
- cited in 1 question
IEEE 802.11i-2004 and Fluhrer, Mantin, Shamir (2001)
Weaknesses in the Key Scheduling Algorithm of RC4, Selected Areas in Cryptography 2001
- cited in 1 question
- cited in 1 question
IEEE 802.11w-2009 / 802.11-2020
IEEE Standard for Information Technology, Management Frame Protection
- cited in 1 question
- cited in 1 question
Wi-Fi Alliance and CWNP
Certified Wireless Security Professional (CWSP) Study Guide on Wireless IDS / IPS
Open source - cited in 1 question
RFC 3748: Extensible Authentication Protocol (EAP)
Internet Engineering Task Force, 2004, and IEEE 802.1X-2010
Open source - cited in 1 question
Hadnagy, Christopher
Social Engineering: The Science of Human Hacking, 2nd Edition (Wiley), Chapter on Pretexting
- cited in 1 question
Linux man pages: ip-link(8) and macchanger(1)
Linux ip-link(8) and macchanger(1) reference pages
Open source - cited in 1 question
- cited in 1 question
US-China Economic and Security Review Commission
2010 Annual Report to Congress, section on BGP route diversion
Open source - cited in 1 question
Vanhoef, Mathy; Piessens, Frank
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, ACM CCS 2017
Open source - cited in 1 question
- cited in 1 question
How our mocks are built
Questions are written and edited by the ForensicSpot team and cited from peer-reviewed forensic textbooks, official syllabi and primary case law. Each one is verified before publishing. Detailed explanations show after you submit, so the test stays a real test. See a mistake? Tell us.
Common questions
What does the Digital Forensics: Network Threats and Network Attacks mock cover?+
This FACT-aligned mock practice test covers the network-attack section of the digital forensics paper in thirty timed questions. The set runs across the wire from passive eavesdropping in promiscuous mode through Wireshark and tcpdump captures, ARP cache poisoning under RFC 826, DNS cache poisoning and the DNSSEC mitigation from RFC 4033, IP source-address forgery and BCP 38 ingress filtering from RFC 2827, BGP prefix hijacking with the 2010 China Telecom incident as the worked example, MAC spoo
How many questions and how long is the test?+
30 multiple-choice questions, 30 minutes total. Difficulty: easy. Tier: Premium.
Who is this mock for?+
Forensic science students and aspirants who want timed, exam-style practice with explanations and verified source citations on Digital Forensics, FACT. Useful for postgraduate entrance preparation and for BSc / MSc forensic students testing their recall under time.
Are the questions reviewed?+
Each question carries a verified source citation. Faculty review for individual questions is in progress.
Do I need an account to take this mock?+
Yes, a free ForensicSpot account is required to start a timed attempt — this lets you save progress, see per-question explanations after submission, and track your topic-level performance over time.