NVCC ITN 263 Final Exam Study Guide 2023 with
complete solution
Which of the following statements is true regarding Wireshark?
Wireshark is probably the most widely used packet capture and analysis software in the
world.
The main screen of Wireshark includes several shortcuts. Which shortcut
category displays a list of the network interfaces, or machines, that Wireshark
has identified, and from which packets can be captured and analyzed?
Capture
Which of the following enables Wireshark to capture packets destined to any host
on the same subnet or virtual LAN (VLAN)?
Promiscuous mode
The top pane of the Wireshark window, referred to as the __________, contains all
of the packets that Wireshark has captured, in time order, and provides a
summary of the contents of the packet in a format close to English.
frame summary
The middle pane of the Wireshark window, referred to as the __________, is used
to display the packet structure and contents of fields within the packet.
frame detail
The bottom pane of the Wireshark window, referred to as the __________,
displays all of the information in the packet in hexadecimal and in decimal when
possible.
data summary
Wireshark can be used in a variety of ways; however, the most common
configuration for Wireshark, and the configuration that you ran in the lab, has the
software running:
on a local host
In the simplest terms, Wireshark is used to capture all packets:
to and from a computer workstation and the server.
Which of the following statements is true regarding how Wireshark works?
By running the Wireshark software on the same computer that generates the packets,
the capture is specific to that machine.
Which of the following statements is true regarding how Wireshark handles time?
Clock time may or may not be the same as the system time of the device or devices
used to run Wireshark and capture packets.
When examining a frame header, a difference between bytes on the wire and
bytes captured can indicate that:
partial or malformed packets might be captured.
In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was Intel Core hardware.
source
In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was Internet Protocol (IP).
type of traffic carried in the next layer
,In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was IPv4 multicast.
destination
The __________ IP address is the IP address of the local IP host (workstation)
from which Wireshark captures packets.
destination
Which of the following statements is true regarding filtering packets in
Wireshark?
Filters allow a complex set of criteria to be applied to the captured packets and only the
result is displayed.
Selecting a TCP flow in the Flow Graph Analysis tool tells Wireshark that you
wanted to see all of the elements in a TCP three-way handshake, which are:
SYN, SYN-ACK, and ACK.
In the center pane of the __________, the direction of each arrow indicates the
direction of the TCP traffic, and the length of the arrow indicates between which
two addresses the interaction is taking place.
Flow Graph Analysis results
Within the frame detail pane, what does it mean when the DNS Flags detail
specifies that recursion is desired?
DNS will continue to query higher level DNSs until it is able to resolve the address.
Within the frame detail pane, the DNS Flags detail response to the query for
issaseries.org was "No such name," indicating that the:
issaseries.org is not known to any of the Domain Name Servers that were searched.
Which of the following characteristics relates to a demilitarized zone (DMZ)?
A type of perimeter network used to host resources designated as accessible by the
public from the Internet
Which of the following refers to a host on a network that supports user
interaction with the network?
Client
Which of the following refers to filtering traffic as it attempts to leave a network,
which can include monitoring for spoofed addresses, malformed packets,
unauthorized ports and protocols, and blocked destinations?
Egress filtering
Which of the following is the name given to unauthorized access to a system?
Backdoor
Which of the following describes caching?
Retention of Internet content by a proxy server
Which of the following characteristics relates to access control?
The process or mechanism of granting or denying use of resources; typically applied to
users or generic network traffic
Which term describes an object, computer, program, piece of data, or other
logical or physical component you use in a business process to accomplish a
business task?
Asset
Which name is given to the security service of preventing access to resources by
unauthorized users while supporting access to authorized users?
, Confidentiality
Which term describes when a system is usable for its intended purpose?
Availability
Which of the following describes authentication?
The process of confirming the identity of a user
Which of the following describes a blacklist?
A type of filtering in which all activities or entities are permitted except those identified
When conducting an audit, the auditor should be which of the following?
An external person who is independent of the organization under audit
Which term is used to describe a network service that maintains a searchable
index or database of network hosts and shared resources?
Directory Service
Which of the following refers to a form of attack that attempts to compromise
availability?
Denial of service (DoS)
Which term describes a network device that forwards traffic between networks
based on the MAC address of the Ethernet frame?
bridge
Which of the following refers to a software firewall installed on a client or server?
Host firewall
Which of the following refers to a type of software product that is pre-compiled
and whose source code is undisclosed?
closed source
Which term describes the cumulative value of an asset based on both tangible
and intangible values?
asset value (AV)
Which malicious software program is distributed by hackers to take control of
victims' computers?
Bots
Which of the following is not a consideration when placing firewalls on the
network?
where hackers are located
Which of the following is a malicious software program distributed by a hacker to
take control of a victim's computers?
agent
Which of the following refers to a type of firewall that filters on a specific
application's content and session information?
application firewall
Ingress and egress filtering can expand beyond protection against spoofing and
include a variety of investigations on inbound and outbound traffic. Which of the
following is not one of the ways ingress and egress filtering expand beyond
protection against spoofing?
Dynamic packet filtering
Which of the following describes an appliance firewall?
A hardened hardware firewall
complete solution
Which of the following statements is true regarding Wireshark?
Wireshark is probably the most widely used packet capture and analysis software in the
world.
The main screen of Wireshark includes several shortcuts. Which shortcut
category displays a list of the network interfaces, or machines, that Wireshark
has identified, and from which packets can be captured and analyzed?
Capture
Which of the following enables Wireshark to capture packets destined to any host
on the same subnet or virtual LAN (VLAN)?
Promiscuous mode
The top pane of the Wireshark window, referred to as the __________, contains all
of the packets that Wireshark has captured, in time order, and provides a
summary of the contents of the packet in a format close to English.
frame summary
The middle pane of the Wireshark window, referred to as the __________, is used
to display the packet structure and contents of fields within the packet.
frame detail
The bottom pane of the Wireshark window, referred to as the __________,
displays all of the information in the packet in hexadecimal and in decimal when
possible.
data summary
Wireshark can be used in a variety of ways; however, the most common
configuration for Wireshark, and the configuration that you ran in the lab, has the
software running:
on a local host
In the simplest terms, Wireshark is used to capture all packets:
to and from a computer workstation and the server.
Which of the following statements is true regarding how Wireshark works?
By running the Wireshark software on the same computer that generates the packets,
the capture is specific to that machine.
Which of the following statements is true regarding how Wireshark handles time?
Clock time may or may not be the same as the system time of the device or devices
used to run Wireshark and capture packets.
When examining a frame header, a difference between bytes on the wire and
bytes captured can indicate that:
partial or malformed packets might be captured.
In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was Intel Core hardware.
source
In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was Internet Protocol (IP).
type of traffic carried in the next layer
,In the lab, the Ethernet II detail of the provided packet capture file indicated that
Wireshark had determined that the __________ was IPv4 multicast.
destination
The __________ IP address is the IP address of the local IP host (workstation)
from which Wireshark captures packets.
destination
Which of the following statements is true regarding filtering packets in
Wireshark?
Filters allow a complex set of criteria to be applied to the captured packets and only the
result is displayed.
Selecting a TCP flow in the Flow Graph Analysis tool tells Wireshark that you
wanted to see all of the elements in a TCP three-way handshake, which are:
SYN, SYN-ACK, and ACK.
In the center pane of the __________, the direction of each arrow indicates the
direction of the TCP traffic, and the length of the arrow indicates between which
two addresses the interaction is taking place.
Flow Graph Analysis results
Within the frame detail pane, what does it mean when the DNS Flags detail
specifies that recursion is desired?
DNS will continue to query higher level DNSs until it is able to resolve the address.
Within the frame detail pane, the DNS Flags detail response to the query for
issaseries.org was "No such name," indicating that the:
issaseries.org is not known to any of the Domain Name Servers that were searched.
Which of the following characteristics relates to a demilitarized zone (DMZ)?
A type of perimeter network used to host resources designated as accessible by the
public from the Internet
Which of the following refers to a host on a network that supports user
interaction with the network?
Client
Which of the following refers to filtering traffic as it attempts to leave a network,
which can include monitoring for spoofed addresses, malformed packets,
unauthorized ports and protocols, and blocked destinations?
Egress filtering
Which of the following is the name given to unauthorized access to a system?
Backdoor
Which of the following describes caching?
Retention of Internet content by a proxy server
Which of the following characteristics relates to access control?
The process or mechanism of granting or denying use of resources; typically applied to
users or generic network traffic
Which term describes an object, computer, program, piece of data, or other
logical or physical component you use in a business process to accomplish a
business task?
Asset
Which name is given to the security service of preventing access to resources by
unauthorized users while supporting access to authorized users?
, Confidentiality
Which term describes when a system is usable for its intended purpose?
Availability
Which of the following describes authentication?
The process of confirming the identity of a user
Which of the following describes a blacklist?
A type of filtering in which all activities or entities are permitted except those identified
When conducting an audit, the auditor should be which of the following?
An external person who is independent of the organization under audit
Which term is used to describe a network service that maintains a searchable
index or database of network hosts and shared resources?
Directory Service
Which of the following refers to a form of attack that attempts to compromise
availability?
Denial of service (DoS)
Which term describes a network device that forwards traffic between networks
based on the MAC address of the Ethernet frame?
bridge
Which of the following refers to a software firewall installed on a client or server?
Host firewall
Which of the following refers to a type of software product that is pre-compiled
and whose source code is undisclosed?
closed source
Which term describes the cumulative value of an asset based on both tangible
and intangible values?
asset value (AV)
Which malicious software program is distributed by hackers to take control of
victims' computers?
Bots
Which of the following is not a consideration when placing firewalls on the
network?
where hackers are located
Which of the following is a malicious software program distributed by a hacker to
take control of a victim's computers?
agent
Which of the following refers to a type of firewall that filters on a specific
application's content and session information?
application firewall
Ingress and egress filtering can expand beyond protection against spoofing and
include a variety of investigations on inbound and outbound traffic. Which of the
following is not one of the ways ingress and egress filtering expand beyond
protection against spoofing?
Dynamic packet filtering
Which of the following describes an appliance firewall?
A hardened hardware firewall
