NVCC ITN 263 UPDATED Exam
Questions and CORRECT Answers
Which of the following statements is true regarding Wireshark? - CORRECT ANSWER-
Wireshark is probably the most widely used packet capture and analysis software in the
world.
The main screen of Wireshark includes several shortcuts. Which shortcut category displays a
list of the network interfaces, or machines, that Wireshark has identified, and from which
packets can be captured and analyzed? - CORRECT ANSWER- Capture
Which of the following enables Wireshark to capture packets destined to any host on the
same subnet or virtual LAN (VLAN)? - CORRECT ANSWER- Promiscuous mode
The top pane of the Wireshark window, referred to as the __________, contains all of the
packets that Wireshark has captured, in time order, and provides a summary of the contents of
the packet in a format close to English. - CORRECT ANSWER- frame summary
The middle pane of the Wireshark window, referred to as the __________, is used to display
the packet structure and contents of fields within the packet. - CORRECT ANSWER- frame
detail
The bottom pane of the Wireshark window, referred to as the __________, displays all of the
information in the packet in hexadecimal and in decimal when possible. - CORRECT
ANSWER- data summary
Wireshark can be used in a variety of ways; however, the most common configuration for
Wireshark, and the configuration that you ran in the lab, has the software running: -
CORRECT ANSWER- on a local host
In the simplest terms, Wireshark is used to capture all packets: - CORRECT ANSWER- to
and from a computer workstation and the server.
Which of the following statements is true regarding how Wireshark works? - CORRECT
ANSWER- By running the Wireshark software on the same computer that generates the
packets, the capture is specific to that machine.
,Which of the following statements is true regarding how Wireshark handles time? -
CORRECT ANSWER- Clock time may or may not be the same as the system time of the
device or devices used to run Wireshark and capture packets.
When examining a frame header, a difference between bytes on the wire and bytes captured
can indicate that: - CORRECT ANSWER- partial or malformed packets might be captured.
In the lab, the Ethernet II detail of the provided packet capture file indicated that Wireshark
had determined that the __________ was Intel Core hardware. - CORRECT ANSWER-
source
In the lab, the Ethernet II detail of the provided packet capture file indicated that Wireshark
had determined that the __________ was Internet Protocol (IP). - CORRECT ANSWER-
type of traffic carried in the next layer
In the lab, the Ethernet II detail of the provided packet capture file indicated that Wireshark
had determined that the __________ was IPv4 multicast. - CORRECT ANSWER- destination
The __________ IP address is the IP address of the local IP host (workstation) from which
Wireshark captures packets. - CORRECT ANSWER- destination
Which of the following statements is true regarding filtering packets in Wireshark? -
CORRECT ANSWER- Filters allow a complex set of criteria to be applied to the captured
packets and only the result is displayed.
Selecting a TCP flow in the Flow Graph Analysis tool tells Wireshark that you wanted to see
all of the elements in a TCP three-way handshake, which are: - CORRECT ANSWER- SYN,
SYN-ACK, and ACK.
In the center pane of the __________, the direction of each arrow indicates the direction of
the TCP traffic, and the length of the arrow indicates between which two addresses the
interaction is taking place. - CORRECT ANSWER- Flow Graph Analysis results
,Within the frame detail pane, what does it mean when the DNS Flags detail specifies that
recursion is desired? - CORRECT ANSWER- DNS will continue to query higher level DNSs
until it is able to resolve the address.
Within the frame detail pane, the DNS Flags detail response to the query for issaseries.org
was "No such name," indicating that the: - CORRECT ANSWER- issaseries.org is not known
to any of the Domain Name Servers that were searched.
Which of the following characteristics relates to a demilitarized zone (DMZ)? - CORRECT
ANSWER- A type of perimeter network used to host resources designated as accessible by
the public from the Internet
Which of the following refers to a host on a network that supports user interaction with the
network? - CORRECT ANSWER- Client
Which of the following refers to filtering traffic as it attempts to leave a network, which can
include monitoring for spoofed addresses, malformed packets, unauthorized ports and
protocols, and blocked destinations? - CORRECT ANSWER- Egress filtering
Which of the following is the name given to unauthorized access to a system? - CORRECT
ANSWER- Backdoor
Which of the following describes caching? - CORRECT ANSWER- Retention of Internet
content by a proxy server
Which of the following characteristics relates to access control? - CORRECT ANSWER- The
process or mechanism of granting or denying use of resources; typically applied to users or
generic network traffic
Which term describes an object, computer, program, piece of data, or other logical or
physical component you use in a business process to accomplish a business task? -
CORRECT ANSWER- Asset
Which name is given to the security service of preventing access to resources by
unauthorized users while supporting access to authorized users? - CORRECT ANSWER-
Confidentiality
, Which term describes when a system is usable for its intended purpose? - CORRECT
ANSWER- Availability
Which of the following describes authentication? - CORRECT ANSWER- The process of
confirming the identity of a user
Which of the following describes a blacklist? - CORRECT ANSWER- A type of filtering in
which all activities or entities are permitted except those identified
When conducting an audit, the auditor should be which of the following? - CORRECT
ANSWER- An external person who is independent of the organization under audit
Which term is used to describe a network service that maintains a searchable index or
database of network hosts and shared resources? - CORRECT ANSWER- Directory Service
Which of the following refers to a form of attack that attempts to compromise availability? -
CORRECT ANSWER- Denial of service (DoS)
Which term describes a network device that forwards traffic between networks based on the
MAC address of the Ethernet frame? - CORRECT ANSWER- bridge
Which of the following refers to a software firewall installed on a client or server? -
CORRECT ANSWER- Host firewall
Which of the following refers to a type of software product that is pre-compiled and whose
source code is undisclosed? - CORRECT ANSWER- closed source
Which term describes the cumulative value of an asset based on both tangible and intangible
values? - CORRECT ANSWER- asset value (AV)
Which malicious software program is distributed by hackers to take control of victims'
computers? - CORRECT ANSWER- Bots
Questions and CORRECT Answers
Which of the following statements is true regarding Wireshark? - CORRECT ANSWER-
Wireshark is probably the most widely used packet capture and analysis software in the
world.
The main screen of Wireshark includes several shortcuts. Which shortcut category displays a
list of the network interfaces, or machines, that Wireshark has identified, and from which
packets can be captured and analyzed? - CORRECT ANSWER- Capture
Which of the following enables Wireshark to capture packets destined to any host on the
same subnet or virtual LAN (VLAN)? - CORRECT ANSWER- Promiscuous mode
The top pane of the Wireshark window, referred to as the __________, contains all of the
packets that Wireshark has captured, in time order, and provides a summary of the contents of
the packet in a format close to English. - CORRECT ANSWER- frame summary
The middle pane of the Wireshark window, referred to as the __________, is used to display
the packet structure and contents of fields within the packet. - CORRECT ANSWER- frame
detail
The bottom pane of the Wireshark window, referred to as the __________, displays all of the
information in the packet in hexadecimal and in decimal when possible. - CORRECT
ANSWER- data summary
Wireshark can be used in a variety of ways; however, the most common configuration for
Wireshark, and the configuration that you ran in the lab, has the software running: -
CORRECT ANSWER- on a local host
In the simplest terms, Wireshark is used to capture all packets: - CORRECT ANSWER- to
and from a computer workstation and the server.
Which of the following statements is true regarding how Wireshark works? - CORRECT
ANSWER- By running the Wireshark software on the same computer that generates the
packets, the capture is specific to that machine.
,Which of the following statements is true regarding how Wireshark handles time? -
CORRECT ANSWER- Clock time may or may not be the same as the system time of the
device or devices used to run Wireshark and capture packets.
When examining a frame header, a difference between bytes on the wire and bytes captured
can indicate that: - CORRECT ANSWER- partial or malformed packets might be captured.
In the lab, the Ethernet II detail of the provided packet capture file indicated that Wireshark
had determined that the __________ was Intel Core hardware. - CORRECT ANSWER-
source
In the lab, the Ethernet II detail of the provided packet capture file indicated that Wireshark
had determined that the __________ was Internet Protocol (IP). - CORRECT ANSWER-
type of traffic carried in the next layer
In the lab, the Ethernet II detail of the provided packet capture file indicated that Wireshark
had determined that the __________ was IPv4 multicast. - CORRECT ANSWER- destination
The __________ IP address is the IP address of the local IP host (workstation) from which
Wireshark captures packets. - CORRECT ANSWER- destination
Which of the following statements is true regarding filtering packets in Wireshark? -
CORRECT ANSWER- Filters allow a complex set of criteria to be applied to the captured
packets and only the result is displayed.
Selecting a TCP flow in the Flow Graph Analysis tool tells Wireshark that you wanted to see
all of the elements in a TCP three-way handshake, which are: - CORRECT ANSWER- SYN,
SYN-ACK, and ACK.
In the center pane of the __________, the direction of each arrow indicates the direction of
the TCP traffic, and the length of the arrow indicates between which two addresses the
interaction is taking place. - CORRECT ANSWER- Flow Graph Analysis results
,Within the frame detail pane, what does it mean when the DNS Flags detail specifies that
recursion is desired? - CORRECT ANSWER- DNS will continue to query higher level DNSs
until it is able to resolve the address.
Within the frame detail pane, the DNS Flags detail response to the query for issaseries.org
was "No such name," indicating that the: - CORRECT ANSWER- issaseries.org is not known
to any of the Domain Name Servers that were searched.
Which of the following characteristics relates to a demilitarized zone (DMZ)? - CORRECT
ANSWER- A type of perimeter network used to host resources designated as accessible by
the public from the Internet
Which of the following refers to a host on a network that supports user interaction with the
network? - CORRECT ANSWER- Client
Which of the following refers to filtering traffic as it attempts to leave a network, which can
include monitoring for spoofed addresses, malformed packets, unauthorized ports and
protocols, and blocked destinations? - CORRECT ANSWER- Egress filtering
Which of the following is the name given to unauthorized access to a system? - CORRECT
ANSWER- Backdoor
Which of the following describes caching? - CORRECT ANSWER- Retention of Internet
content by a proxy server
Which of the following characteristics relates to access control? - CORRECT ANSWER- The
process or mechanism of granting or denying use of resources; typically applied to users or
generic network traffic
Which term describes an object, computer, program, piece of data, or other logical or
physical component you use in a business process to accomplish a business task? -
CORRECT ANSWER- Asset
Which name is given to the security service of preventing access to resources by
unauthorized users while supporting access to authorized users? - CORRECT ANSWER-
Confidentiality
, Which term describes when a system is usable for its intended purpose? - CORRECT
ANSWER- Availability
Which of the following describes authentication? - CORRECT ANSWER- The process of
confirming the identity of a user
Which of the following describes a blacklist? - CORRECT ANSWER- A type of filtering in
which all activities or entities are permitted except those identified
When conducting an audit, the auditor should be which of the following? - CORRECT
ANSWER- An external person who is independent of the organization under audit
Which term is used to describe a network service that maintains a searchable index or
database of network hosts and shared resources? - CORRECT ANSWER- Directory Service
Which of the following refers to a form of attack that attempts to compromise availability? -
CORRECT ANSWER- Denial of service (DoS)
Which term describes a network device that forwards traffic between networks based on the
MAC address of the Ethernet frame? - CORRECT ANSWER- bridge
Which of the following refers to a software firewall installed on a client or server? -
CORRECT ANSWER- Host firewall
Which of the following refers to a type of software product that is pre-compiled and whose
source code is undisclosed? - CORRECT ANSWER- closed source
Which term describes the cumulative value of an asset based on both tangible and intangible
values? - CORRECT ANSWER- asset value (AV)
Which malicious software program is distributed by hackers to take control of victims'
computers? - CORRECT ANSWER- Bots
