Question No. 1
Refer to the exhibit.
Which statement about this packet is correct?
The sender will open port 1026 for an FTP data connection.
This communication is generated by the "Blackjack" application.
The packet is a request to the target to open port 1026 for a new TCP connection.
The receive window size value indicates no additional data can be received on port 1025.
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 2
Which term defines an alias name used in DNS responses?
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 3
What is the most efficient method for saving non-contiguous packets in a trace file?
Mark the packets and choose to save the marked packets.
Apply a color filter for each packet and save all colored packets.
Right click and copy the packets individually to a new instance of Wireshark.
Open the packets in a new window and save them under the same file name.
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 4
Which display filter is used to display all DHCP traffic?
dhcp
bootp
tcp.port==68
udp.dst.port==67
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 5
Which protocol is used to locate the hardware address of a local target or local router?
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 6
You are performing a TCP scan on a target while capturing your traffic with Wireshark. Which
If you receive TCP Push responses, the target port is blocked.
If you receive ICMP responses, the target port is likely firewalled.
If only UDP responses are received, the target does not support TCP.
If a TCP RST response is received, the target is not currently powered up.
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 7
You are analyzing network traffic, but you only see ARP queries - you do not see any ARP responses.
Wireshark is not running in monitor mode.
You have applied an ip filter to the traffic.
You are filtering on IP addresses for another network.
You are connected to a switch port that is not spanned.
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 8
What is the purpose of creating Wireshark profiles?
create a customized method of name resolution
discover and test RSA keys for traffic decryption
customize Wireshark for more efficient analysis in specific environments
create a manageable database of packets for use in third-party programs
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 9
Which Wireshark feature is used to make the process of following TCP Sequence/Acknowledgment
sequence number flagging
sequence number prediction
relative sequence numbering
actual sequence number interpretations
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 10
How do you quickly spot large gaps in time between packets in a trace file containing 6,000 packets?
Open and examine Wireshark's Expert Infos window.
Look for packets colorized based on Wireshark's default coloring rule for high delta times.
Set the Time column to Seconds Since Beginning of Capture and scroll through the trace file.
Set the Time column to Seconds Since Previously Displayed Packet and sort the Time column.
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 11
Which statement about TCP sequence and acknowledgment numbering is correct?
The sequence number always increments by 1 for each data packet transmitted.
Both sides of a TCP connection must agree on an Initial Sequence Number value.
Starting Sequence Numbers cannot be larger than 65,535 because this is a 2-byte field.
The Acknowledgment Number field indicates the next sequence number expected from the other
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 12
Which statement about the TCP recovery process is true?
Packet loss recovery is always started by the client.
The window size field is used in the packet loss recovery process.
TCP hosts attempt three retransmissions before terminating the connection.
Retransmitted packets use the same sequence number as the original lost packet.
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 13
Which network problem may cause packet loss, queuing, or throttling of possible throughput
smaller packet sizes
minimum receive window sizes
congestion along a network path
an overloaded TCP connection table
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 14
Refer to the exhibit.
Which statement about the highlighted capture filter is correct?
This filter will generate an error.
This filter will capture gratuitous ARP pack"*
This filter will capture DNS PTR queries using port 53.
This filter will capture DNS packets that use non-standard port numbers.
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
Question No. 15
Which function provides host name-to-IP address resolution services?
Reveal Solution Select one option, then reveal solution.
View discussion (0 Comments)
