Digital Forensic Certification Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Digital Forensic Certification Exam. Study with interactive quizzes, detailed explanations, and expert resources to boost your confidence and ensure success on exam day!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What command does Edwin use to retrieve the routing table and verify persistent routes in a cyber investigation?

  1. netstat [options]

  2. route print

  3. ipconfig /all

  4. netstat -p

The correct answer is: netstat [options]

The command that retrieves the routing table and verifies persistent routes is "route print." This command provides information on the current network routing table on Windows operating systems, displaying both active and persistent routes, which are essential in a cyber investigation to analyze how data packets are directed through the network. In investigations, understanding the routing paths can be critical for tracing potential data exfiltration or identifying network anomalies. This command gives investigators a clear picture of network communication flows by listing the destination networks, subnet masks, gateways, and more. While other commands such as "netstat" provide useful network information, they are more focused on network connections and listening ports rather than the routing table specifically. "ipconfig /all" gives comprehensive details about the network configuration, but it doesn’t show the routing table. Therefore, "route print" is the most appropriate command for the task of retrieving and verifying the routing table in this context.

More Questions Like This