05 Flashcards

Question 1

Q

The ________ function is sent as the hexadecimal characters __________ and ____________

Answer

A

EOL, 0x0d0a, 0x0d

Question 2

Q

_____ Host - mapping FQDN to IPv4 address (Forward Lookup)

Question 3

Q

_____ Canonical Name, Mapping, Alias (commonly used for web servers)

Question 4

Q

____ Mail Exchanger (email servers)

Question 5

Q

_____ Pointer – mapping IP to FQDN (Reverse Lookup)

Question 6

Q

____ Start of authority - best source of information for this domain.

Question 7

Q

____ Service Location - locate servers hosting services for a specific
domain. SRV records allow for built-in load balancing of multiple
servers using the priority and weight values in the records.

Question 8

Q

____ Host – mapping FQDN to IPv6 host addresse

Question 9

Q

____ Zone transfer - transfers of DNS cache/database

Question 10

Q

___________ involves an individual or malicious software (malware) gathering and
transmitting information by placing information at the beginning of a valid FQDN.

Answer

A

DNS Exfiltration

Question 11

Q

How do I see all dns header traffic? How do i see more of it?

Answer

A

dns

udp.port == 53

Question 12

Q

How do I see all valid responses from a server?

Question 13

Q

How do I find specific query types?

Answer

A

dns.qry.type == 1

Question 14

Q

How do I find all queries/responses specified with a FQDN?

Answer

A

dns.qry.name == “FQDN”

Question 15

Q

How do I see all dns responses/requests?

Answer

A

dns.flags gt 8000 responses
dns.flags lt 8000
requests

Question 16

Q

________ A request for information about the communications options available on the
request/response chain.

Question 17

Q

_______ A request to retrieve whatever information is identified.

Question 18

Q

_________ Identical to GET, except the server MUST NOT return a message-body in the
response. This is used to obtain meta information about the requested item
without transferring the item itself, i.e., testing a hyperlink without actually
receiving the next web page.

Question 19

Q

_______ Used to request that the server accept the enclosed item from client as a new
subordinate of the server resource identified in the request.

Question 20

Q

How do i see all the http request methods in a capture?

How do I see alll tcp traffic everything

Answer

A

http.request.method

tcp.port == 80

Question 21

Q

How do I see all referers in a capture?

Answer

A

http.referer

Question 22

Q

What http response code is information?

Question 23

Q

What http response code is Success

Question 24

Q

What http response code is Redirect

Question 25

Q

What http response code is Client Error

Question 26

Q

What http response code is Server Error

Question 27

Q

________ is an IETF application-layer control/signaling protocol for
creating, modifying, and terminating sessions with one or more participants that uses TCP or
UDP ports _______ and __________

Answer

A

SIP
5060
5061

Question 28

Q

______________ is a data transfer protocol designed specifically to exchange
real-time sensitive, audio-visual data on IP-based networks.

Question 29

Q

How do I see all sip/rtp sessions?

Question 30

Q

________ carries statistical and control data, while RTP
delivers the data.

Question 31

Q

:_______ filter shows all telnet application layer packets. How do I see every layers telnet packets?

Answer

A

telnet
tcp.port == 23

Question 32

Q

How do I pick out specific data from a telnet packet?

Answer

A

telnet.data === data

Question 33

Q

What ports does snmp use?

Answer

A

udp
161 request
162 trap

Question 34

Q

How do I see all snmp application layer packets?

Question 35

Q

How do I see all snmp request messages?

Answer

A

snmp.port == 161

Question 36

Q

How do I see all snmp
trap messages?

Answer

A

snmp.port == 162

Question 37

Q

How do I find specific data from a snmp packet?

Answer

A

snmp.data == <data></data>

Brainscape's Knowledge GenomeTM

05 Flashcards

Brainscape's Knowledge Genome^TM