WCNA Wireshark Exam

Document Content and Description Below

WCNA Wireshark Exam From which timer are Wireshark timestamps taken? - ANS - from the computer time What is the delta time in Wireshark? - ANS - the time spent for a packet to go from the source to ... the destination and then back. T/F: the time format is fixed and can not be adjusted in Wireshark - ANS - False. "T/F: There are only two types of timestamps: related time, absolute time - ANS - False In which measurement unit are Wireshark timestamps? - ANS - in millisecond T/F: Measurement unit of Wireshark timestamps can be changed to nanoseconds - ANS - True. What are some types of timestamps in Wireshark? - ANS - absolute time, related time, time from last captured packet, time from last displayed packet, time from the beginning of the capture T/F: Capture filters and display filters create the same amount of captured packets. - ANS - False. With capture filters we have less packets because we tell Wireshark to capture only the packets that correspond to the filter. A display filter prevents packets from being displayed; The capture itself is intact. T/F: Capture filters are predefined and can not be modified. - ANS - False. Users can define new capture filters T/F: Configuration profiles are not flexible. - ANS - False. A network administrator can add as may configuration profiles as needed. T/F: Coloring in Wireshark can only be temporary - ANS - False. There are both possibilites: temporary coloring, and permanent coloring with Coloring Rules T/F: There is a mode in Wireshark called "specialist" - ANS - False. It is called "expert mode" What is the best network location to place a wireshark station? - ANS - as close to the source of packets as possible. How to switch between Configuration Profiles in Wireshark? - ANS - Edit -> Configuration Profiles What are the steps of a Wireshark troubleshooting session? - ANS - plan, capture, analyse, repeat What are the steps of a Wireshark security analysis? - ANS - plan, capture, analyse, secure, document. True/False: Wireshark can not help in identifying network devices queuing delays - ANS - False. What is the recommended format when saving Wireshark traces and why? - ANS - pcapng, because it allows to save packet comments. What must a network analysist consider in terms of law? - ANS - that some companies require an explicitly written permission to analyse their network, because it may contain sensitive or confidential data. Which of these network devices do change the MAC address source and/or destination of an Ethernet frame header: router, switch, firewall? - ANS - router, firewall. When a packet arrives to a network devices, what is the first thing that the device performs? - ANS - calculate and compare the checksum. If values do not match, the packet is dopped. What are some application tasks for a network analyst? - ANS - - analyse application bandwidth requirements - determine application protocols and ports in use - validate application secure data traversal What are some security tasks for a network analyst? - ANS - - identify and define malicious traffic signatures - perform intrusion detection - test firewall blocking rules - passively discover hosts, OSs and services - validate secure login and data traversal What are some optimization tasks for a network analyst? - ANS - - evaluate current bandiwdth usage - analyse response times on the network - evaluate efficient use of packet sizes in a data transfer application What are some troubleshooting tasks for a network analyst? - ANS - - identify network errors and service refusals - evaluate high delays in a network path - graph queuing delays - locate points of packet loss - identify device and software misconfigurations - locate faulty network devices. Define the purpose of network analysis - ANS - insight into network communications to identify performance problems, identify security breaches, evaluate application behaviour, perform capacity planning. What is the name of the link-layer interface in Wireshark that captures packets on a Windows machine? - ANS - Winpcap What is the name of the link-layer interface in Wireshark that captures packets on a *NIX machine? - ANS - Libpcap What is the name of the link-layer interface in Wireshark that captures WLAN packets on a Windows machine? - ANS - Airpcap What is the name of the Wireshark component that allows to open traces from various types and softwares like Sniffer, NI Observer, *NIX tcpdump, etc.? - ANS - Wireshark Wiretap Library What are Dissectors in Wireshark? - ANS - The software component that reads into captured packets and dissects the fields of each layer 2 frame, IP packet, TCP/UDP segment, etc. How are shortcut keys in Wireshark called? - ANS - Accelerator keys What are the information levels in the Expert mode and what colors do they have? - ANS - Error-> red, Warning-> yellow, Chat -> blue, Comment-> green, Notes-> cyan True/False: In the status bar, the color of the Expert information defines the highest information level, which does not exclude lower information levels - ANS - True True/False: It is possible to mark many packets at once - ANS - true, while pressing CTRL-C. True/False: Packet marking is permanent. - ANS - False. It is deleted when reloading the trace or reopening Wireshark. True/False: Ignoring a packet is not permanent - ANS - True. True/False: we can ignore many packets at once - ANS - True. What does Time Reference do? - ANS - sets a particular packet as the time reference, and calculates the time of the following packets in relation to that packet. T/F: only one packet at a time can be commented - ANS - True. When selecting multiple packets for commenting, the comment option under the Edit menu is greyed out. What does the Wireshark service file do? - ANS - It contains mappings of ports and their services. T/F: Wireshark service file can be manually edited - ANS - True. But it is not recommended. What are the types of name resolution in Wireshark? - ANS - Network resolution, port resolution, MAC resolution. How can a network analyst find out all packet comments? - ANS - by opening the trace file and clicking on the pen in the status bar. [Show More]

Last updated: 2 years ago

Preview 1 out of 5 pages