NVCC ITN 263 FINAL EXAM STUDY
GUIDE WITH COMPLETE
SOLUTIONS
Which of the following statements is true regarding Wireshark? - ANSWER-
Wireshark is probably the most widely used packet capture and analysis software in
the world.
The main screen of Wireshark includes several shortcuts. Which shortcut category
displays a list of the network interfaces, or machines, that Wireshark has identified,
and from which packets can be captured and analyzed? - ANSWER-Capture
Which of the following enables Wireshark to capture packets destined to any host on
the same subnet or virtual LAN (VLAN)? - ANSWER-Promiscuous mode
The top pane of the Wireshark window, referred to as the __________, contains all
of the packets that Wireshark has captured, in time order, and provides a summary
of the contents of the packet in a format close to English. - ANSWER-frame
summary
The middle pane of the Wireshark window, referred to as the __________, is used to
display the packet structure and contents of fields within the packet. - ANSWER-
frame detail
The bottom pane of the Wireshark window, referred to as the __________, displays
all of the information in the packet in hexadecimal and in decimal when possible. -
ANSWER-data summary
Wireshark can be used in a variety of ways; however, the most common
configuration for Wireshark, and the configuration that you ran in the lab, has the
software running: - ANSWER-on a local host
In the simplest terms, Wireshark is used to capture all packets: - ANSWER-to and
from a computer workstation and the server.
Which of the following statements is true regarding how Wireshark works? -
ANSWER-By running the Wireshark software on the same computer that generates
the packets, the capture is specific to that machine.
Which of the following statements is true regarding how Wireshark handles time? -
ANSWER-Clock time may or may not be the same as the system time of the device
or devices used to run Wireshark and capture packets.
When examining a frame header, a difference between bytes on the wire and bytes
captured can indicate that: - ANSWER-partial or malformed packets might be
captured.
,In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was Intel Core hardware. -
ANSWER-source
In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was Internet Protocol (IP). -
ANSWER-type of traffic carried in the next layer
In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was IPv4 multicast. - ANSWER-
destination
The __________ IP address is the IP address of the local IP host (workstation) from
which Wireshark captures packets. - ANSWER-destination
Which of the following statements is true regarding filtering packets in Wireshark? -
ANSWER-Filters allow a complex set of criteria to be applied to the captured packets
and only the result is displayed.
Selecting a TCP flow in the Flow Graph Analysis tool tells Wireshark that you wanted
to see all of the elements in a TCP three-way handshake, which are: - ANSWER-
SYN, SYN-ACK, and ACK.
In the center pane of the __________, the direction of each arrow indicates the
direction of the TCP traffic, and the length of the arrow indicates between which two
addresses the interaction is taking place. - ANSWER-Flow Graph Analysis results
Within the frame detail pane, what does it mean when the DNS Flags detail specifies
that recursion is desired? - ANSWER-DNS will continue to query higher level DNSs
until it is able to resolve the address.
Within the frame detail pane, the DNS Flags detail response to the query for
issaseries.org was "No such name," indicating that the: - ANSWER-issaseries.org is
not known to any of the Domain Name Servers that were searched.
Which of the following characteristics relates to a demilitarized zone (DMZ)? -
ANSWER-A type of perimeter network used to host resources designated as
accessible by the public from the Internet
Which of the following refers to a host on a network that supports user interaction
with the network? - ANSWER-Client
Which of the following refers to filtering traffic as it attempts to leave a network,
which can include monitoring for spoofed addresses, malformed packets,
unauthorized ports and protocols, and blocked destinations? - ANSWER-Egress
filtering
Which of the following is the name given to unauthorized access to a system? -
ANSWER-Backdoor
, Which of the following describes caching? - ANSWER-Retention of Internet content
by a proxy server
Which of the following characteristics relates to access control? - ANSWER-The
process or mechanism of granting or denying use of resources; typically applied to
users or generic network traffic
Which term describes an object, computer, program, piece of data, or other logical or
physical component you use in a business process to accomplish a business task? -
ANSWER-Asset
Which name is given to the security service of preventing access to resources by
unauthorized users while supporting access to authorized users? - ANSWER-
Confidentiality
Which term describes when a system is usable for its intended purpose? -
ANSWER-Availability
Which of the following describes authentication? - ANSWER-The process of
confirming the identity of a user
Which of the following describes a blacklist? - ANSWER-A type of filtering in which
all activities or entities are permitted except those identified
When conducting an audit, the auditor should be which of the following? - ANSWER-
An external person who is independent of the organization under audit
Which term is used to describe a network service that maintains a searchable index
or database of network hosts and shared resources? - ANSWER-Directory Service
Which of the following refers to a form of attack that attempts to compromise
availability? - ANSWER-Denial of service (DoS)
Which term describes a network device that forwards traffic between networks based
on the MAC address of the Ethernet frame? - ANSWER-bridge
Which of the following refers to a software firewall installed on a client or server? -
ANSWER-Host firewall
Which of the following refers to a type of software product that is pre-compiled and
whose source code is undisclosed? - ANSWER-closed source
Which term describes the cumulative value of an asset based on both tangible and
intangible values? - ANSWER-asset value (AV)
Which malicious software program is distributed by hackers to take control of victims'
computers? - ANSWER-Bots
GUIDE WITH COMPLETE
SOLUTIONS
Which of the following statements is true regarding Wireshark? - ANSWER-
Wireshark is probably the most widely used packet capture and analysis software in
the world.
The main screen of Wireshark includes several shortcuts. Which shortcut category
displays a list of the network interfaces, or machines, that Wireshark has identified,
and from which packets can be captured and analyzed? - ANSWER-Capture
Which of the following enables Wireshark to capture packets destined to any host on
the same subnet or virtual LAN (VLAN)? - ANSWER-Promiscuous mode
The top pane of the Wireshark window, referred to as the __________, contains all
of the packets that Wireshark has captured, in time order, and provides a summary
of the contents of the packet in a format close to English. - ANSWER-frame
summary
The middle pane of the Wireshark window, referred to as the __________, is used to
display the packet structure and contents of fields within the packet. - ANSWER-
frame detail
The bottom pane of the Wireshark window, referred to as the __________, displays
all of the information in the packet in hexadecimal and in decimal when possible. -
ANSWER-data summary
Wireshark can be used in a variety of ways; however, the most common
configuration for Wireshark, and the configuration that you ran in the lab, has the
software running: - ANSWER-on a local host
In the simplest terms, Wireshark is used to capture all packets: - ANSWER-to and
from a computer workstation and the server.
Which of the following statements is true regarding how Wireshark works? -
ANSWER-By running the Wireshark software on the same computer that generates
the packets, the capture is specific to that machine.
Which of the following statements is true regarding how Wireshark handles time? -
ANSWER-Clock time may or may not be the same as the system time of the device
or devices used to run Wireshark and capture packets.
When examining a frame header, a difference between bytes on the wire and bytes
captured can indicate that: - ANSWER-partial or malformed packets might be
captured.
,In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was Intel Core hardware. -
ANSWER-source
In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was Internet Protocol (IP). -
ANSWER-type of traffic carried in the next layer
In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was IPv4 multicast. - ANSWER-
destination
The __________ IP address is the IP address of the local IP host (workstation) from
which Wireshark captures packets. - ANSWER-destination
Which of the following statements is true regarding filtering packets in Wireshark? -
ANSWER-Filters allow a complex set of criteria to be applied to the captured packets
and only the result is displayed.
Selecting a TCP flow in the Flow Graph Analysis tool tells Wireshark that you wanted
to see all of the elements in a TCP three-way handshake, which are: - ANSWER-
SYN, SYN-ACK, and ACK.
In the center pane of the __________, the direction of each arrow indicates the
direction of the TCP traffic, and the length of the arrow indicates between which two
addresses the interaction is taking place. - ANSWER-Flow Graph Analysis results
Within the frame detail pane, what does it mean when the DNS Flags detail specifies
that recursion is desired? - ANSWER-DNS will continue to query higher level DNSs
until it is able to resolve the address.
Within the frame detail pane, the DNS Flags detail response to the query for
issaseries.org was "No such name," indicating that the: - ANSWER-issaseries.org is
not known to any of the Domain Name Servers that were searched.
Which of the following characteristics relates to a demilitarized zone (DMZ)? -
ANSWER-A type of perimeter network used to host resources designated as
accessible by the public from the Internet
Which of the following refers to a host on a network that supports user interaction
with the network? - ANSWER-Client
Which of the following refers to filtering traffic as it attempts to leave a network,
which can include monitoring for spoofed addresses, malformed packets,
unauthorized ports and protocols, and blocked destinations? - ANSWER-Egress
filtering
Which of the following is the name given to unauthorized access to a system? -
ANSWER-Backdoor
, Which of the following describes caching? - ANSWER-Retention of Internet content
by a proxy server
Which of the following characteristics relates to access control? - ANSWER-The
process or mechanism of granting or denying use of resources; typically applied to
users or generic network traffic
Which term describes an object, computer, program, piece of data, or other logical or
physical component you use in a business process to accomplish a business task? -
ANSWER-Asset
Which name is given to the security service of preventing access to resources by
unauthorized users while supporting access to authorized users? - ANSWER-
Confidentiality
Which term describes when a system is usable for its intended purpose? -
ANSWER-Availability
Which of the following describes authentication? - ANSWER-The process of
confirming the identity of a user
Which of the following describes a blacklist? - ANSWER-A type of filtering in which
all activities or entities are permitted except those identified
When conducting an audit, the auditor should be which of the following? - ANSWER-
An external person who is independent of the organization under audit
Which term is used to describe a network service that maintains a searchable index
or database of network hosts and shared resources? - ANSWER-Directory Service
Which of the following refers to a form of attack that attempts to compromise
availability? - ANSWER-Denial of service (DoS)
Which term describes a network device that forwards traffic between networks based
on the MAC address of the Ethernet frame? - ANSWER-bridge
Which of the following refers to a software firewall installed on a client or server? -
ANSWER-Host firewall
Which of the following refers to a type of software product that is pre-compiled and
whose source code is undisclosed? - ANSWER-closed source
Which term describes the cumulative value of an asset based on both tangible and
intangible values? - ANSWER-asset value (AV)
Which malicious software program is distributed by hackers to take control of victims'
computers? - ANSWER-Bots
