Computer Hacking Forensic Investigator (CHFI v10) — Question 489

You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

Answer options

• A. Network
• B. Transport
• C. Data Link
• D. Session

Correct answer: A

Explanation

The correct answer is A, Network, as you are capturing traffic that involves routing and addressing. The Transport layer (B) deals with end-to-end communication and does not focus on the routing of packets, while the Data Link layer (C) manages node-to-node data transfer, not the routing itself. The Session layer (D) is responsible for managing sessions between applications, which is not relevant in this context.