What is the use of HTTP GET method?
- A . To send data to a server to create/update a resource
- B . To request data from a specified resource
- C . To collect data from managed devices on IP networks.
- D . Used for electronic mail transmission
Which of the following interfaces can not be used as a capture interface in Wireshark?
- A . Bluetooth
- B . Ethernet
- C . Wifi
- D . HDMI
Wireshark can decrypt SSL traffic without any decryption key.
- A . True
- B . False
What is the purpose of Network Analysis?
- A . To identify performance problems
- B . To locate security breaches
- C . Both A & B
- D . None of the above
Choose a troubleshooting task performed by a Network Analyst?
- A . Analysis
- B . Verifying the configuration
- C . Upgrade system networks
- D . All of the above
Which interface is showing traffic as per below image of Wireshark software?
- A . Local Area Connection 9
- B . Bluetooth Network Connection
- C . Ethernet
- D . None of the above
Which link should be tapped to access and monitor a network?
- A . Link between two routers
- B . Link between routers and monitoring probe
- C . Link between switch and Network Packet Broker
- D . Link between two monitoring probes
What is the purpose of installing a tap in the network?
- A . Filtering of the traffic
- B . Mirrors the traffic
- C . Provides copy of the network traffic without compromising network integrity
- D . Load balance the traffic
Automatic packet capture to one or more files feature is available in Wireshark
- A . True
- B . False
Choose a correct filter expression to filter packets with source port 21 for below image
- A . udpsrcport ==21
- B . tcpsrcport = 21
- C . udpdst port == 21
- D . tcp.srcport == 21
Identify the capture filter for ipv4 address 192.168.0.104
- A . ip == 192.168.0.104
- B . ip.dst == 192.168.0.104
- C . host 192.168.0.104
- D . ip6 192.168.0.104
Mark the capture filter for HTTP traffic
- A . http
- B . tcp.port == 80
- C . udpport ==80
- D . tcp port http
What should be the correct capture filter for ‘non HTTPS & non POP3 traffic’ to/from www.google.com?
- A . not https && not pop3 and www.google.com
- B . not https and not pop3 and www.google.com
- C . not port 443 and not port 25 and host www.google.com
- D . not port 443 and not port 110 and host www.google.com
There is a filter expression for displaying packets having IP address 192.168.0.104 with TCP Port 80, find the masked/hidden operator for applied filter expression in below image:-
- A . or
- B . and
- C . &&
- D . ==
What is the use of ARP protocol in the network?
- A . responsible for gathering various information required for internet communication.
- B . mapping of an IP address to the underlying Ethernet address.
- C . routing protocol for Internet Protocol (IP) networks.
- D . communications protocol between two routers directly without any host or any other networking in between.
Which function in Wireshark provides the summary of IPv4 and IPv6 packets?
- A . Analyze
- B . Capture
- C . Telephony
- D . Statistics
Which of the following attributes does not belong to TCP?
- A . Rearranges data packets in the order specified
- B . Flow Control
- C . Used by VOIP
- D . Error checking and error recovery
What is the purpose of using Display Filters in Wireshark?
- A . Capture desired packets only
- B . Show desired packets only
- C . None of the above
- D . Both A & B
What is the significance of || operator in a display filter expression in Wireshark?
- A . And
- B . Not
- C . or
- D . Equal to
Where can you find this information in Wireshark which is shown in below image?
- A . TCP Stream Graphs
- B . Expert Information
- C . Colorize Packet List
- D . Colorize conversation
Identify an Application layer protocol in the below image
- A . BT-uTP
- B . Skype
- C . GVSP
- D . All of the above
What is the role of RTP protocol?
- A . Carries signaling packets
- B . Carries user packets
- C . Initiates session between two endpoints
- D . Controls multimedia communication sessions
Identify a private IP in this image
- A . 192.168.10.116
- B . 74.125.8.41
- C . 195.178.174
- D . None of the above
Which UDP Port in below image belongs to user traffic of a VoIP session?
- A . 60977
- B . 5060
- C . Both A & B
- D . None of the above
Choose a display filter expression for the packets displayed in the below image
- A . sip.method == "ACK"
- B . sip.method == invite
- C . sip.Method == "INVITE"
- D . sip ==INVITE
Identify the protocol in the below image which allows Internet users and network devices discover websites using human-readable hostnames, instead of numeric IP addresses.
- A . DNS
- B . TCP
- C . ARP
- D . None of the above
What is the transport layer protocol and port used by Telnet?
- A . TCP 100
- B . UDP 23
- C . UDP 25
- D . TCP 23
Where can you find ‘Expert Information’ function in Wireshark?
- A . Analyze
- B . Tools
- C . Statistics
- D . Capture
If the Client initiates the Data connection, the FTP connection is
- A . Active
- B . Passive
- C . Can be Active or Passive
- D . None of the above
What is the type of IP addresses in the below image?
- A . IPv4
- B . IPv6
- C . IPv4 & IPv6 mixed
- D . None of the above
Session Description Protocol belongs to which layer?
- A . Network Layer
- B . Application Layer
- C . Presentation Layer
- D . Transport Layer
Ethertype 0x86dd belongs to which type of packets?
- A . IPv6
- B . IPv4
- C . ARP
- D . GRE
What is the destination MAC address in below image:
- A . ff02::16
- B . 08:00:27:0b:17:ba
- C . 33:33:00:00:00:16
- D . Fe80::3831:dca3:3317:c4f7
What signaling protocol is used by Skype?
- A . SIP
- B . RTP
- C . Proprietary
- D . None of the above
What is the purpose of DHCP Protocol?
- A . To send error messages and operational information indicating success or failure when communicating with another IP address.
- B . Dynamic assignment of an IP address and other network configuration parameters.
- C . Transfer of computer files between a client and server on a computer network.
- D . Clock synchronization between computer systems over packet-switched, variable-latency data networks.
What is the HTTP error code for ‘forbidden’?
- A . 400
- B . 500
- C . 403
- D . 402
What is the usual TCP header size?
- A . 3 Bytes
- B . 20 Bytes
- C . 64 Bytes
- D . 10 Bytes
Where we can find URI for a VoIP call?
- A . SIP Packets
- B . RTP Packets
- C . SDP Packets
- D . STUN Packets
Where can we do protocol specific settings in Wireshark?
- A . Preferences
- B . Configuration Profiles
- C . Protocol Hierarchy
- D . Conversations
What is the purpose of IP?
- A . Establishes the Internet
- B . control traffic on the internet
- C . to send and relay an email message between email servers.
- D . decides how data gets from one place to another on the Internet
Where can we find the details of malformed packets in Wireshark?
- A . View
- B . Tools
- C . Capture
- D . Expert Information
Where can we find the details of Dropped Packets in Wireshark?
- A . Endpoints
- B . Capture file properties
- C . Conversations
- D . IPv4 statistics
What Time Display Formats are available in Wireshark?
- A . Date and Time of the Day
- B . Time of Day
- C . Seconds since beginning of Capture
- D . All of the above
What size of address space is supported by IPv6?
- A . 32 Bit
- B . 64 Bit
- C . 128 Bit
- D . 100 Bit
What’s the terminal based Wireshark called?
- A . Webshark
- B . Terminalshark
- C . Dshark
- D . Tshark
What does Type 5 indicate in below image?
- A . Echo Reply
- B . Destination Unreachable
- C . Redirect
- D . Alternate Host Address
What is the impact of congestion in a network?
- A . Data Packet Loss
- B . Blocking of new connections
- C . Deterioration of network service quality
- D . All of the above
What is a network baseline?
- A . Packet capture during abnormal network conditions
- B . Packet capture during normal network conditions
- C . Both A & B
- D . None of the above
What can be the length of payload for packet no. 19 in below image?
- A . 46 bytes
- B . 32 bytes
- C . 39 bytes
- D . 93 bytes
Which capture mode can be used to limit the maximum disk usage by keeping the latest captured data?
- A . Single temporary file
- B . Single named file
- C . Multiple files, continuous
- D . Multiple files, ring buffer
Each fragment of a fragmented IP Packet has different identification value.
- A . True
- B . False
Which of the following is not a part of Wireshark’s command line tools?
- A . DXCap
- B . Capinfos
- C . Dumpcap
- D . Editcap
How many handshakes are involved while establishing a TCP connection?
- A . 5
- B . 3
- C . 1
- D . 6
This OS fingerprinting includes sending traffic to the system in question.
- A . Passive
- B . Active
- C . Both A&B
- D . None of the above
What are unassigned IP addresses also called?
- A . Black IP addresses
- B . Dim IP addresses
- C . Unlighted IP addresses
- D . Dark addresses
Specify the count of Bytes for an unknown protocol from the below image.
- A . 201
- B . 304
- C . 4
- D . 15495
Active OS Fingerprinting can be done with Wireshark.
- A . True
- B . False
This is a key parameter for TraceRoute, Identify this parameter.
- A . DSCP
- B . TTL
- C . Flags
- D . None of the above
Which protocol is used by Traceroute?
- A . ICMP
- B . UDP
- C . TCP
- D . All of the above
What is the default protocol used by linux traceroute program?
- A . ICMP
- B . HTTP
- C . IP
- D . None of the above
Which pane of Wireshark displays information in the HEX and ASCII format for each packet?
- A . Packet List
- B . Packet Details
- C . Packet Bytes
- D . None of the above
How many layers are there in TCP/IP model?
- A . 4
- B . 5
- C . 7
- D . 8
The performance of Wireshark capture is directly proportional to size of the packets.
- A . True
- B . False
There is no impact of packet loss and jitter on the quality of a VoIP call.
- A . True
- B . False
Which of the following is not a type of HTTP response codes?
- A . 1xx Informational
- B . 5xx Server Error
- C . 6xx User Error
- D . 3xx Redirection
Choose a correct syntax for filtering and displaying a TCP packet having word "string"
- A . Packet contains string
- B . tcp contains string
- C . tcp equals string
- D . tcp packet contains string
Which method is used by Wireshark to detect TCP re-transmission?
- A . Sequence and Acknowledgment Numbers
- B . Windows size shifts
- C . Delta time delay
- D . Hop counts
Slow start was implemented to optimize TCP performance as it relates to
- A . Error rate
- B . Congestion control
- C . Latency
- D . Bandwidth
TTL is a field in IPv4, what is the corresponding field to TTL in IPv6?
- A . Time to expire
- B . Time to die
- C . Hop limit
- D . Hop along
DDoS attacks and HTTP Flood are characterized by a SYN flood
- A . True
- B . False
Which IP addresses are routed on the internet?
- A . Private IP address
- B . Public IP address
- C . loopback address
- D . None of the above