Chapter 2 - Protocol Analysis

Question 1

What is the best reason to have dedicated adapters for each of the protocol analysis programs you are using?
a. it allows you to capture frames across different PHYS
b. it allows you to capture frames across different channels
c. repeatedly capturing with the same adapters can cause corrupted frames
d. repeatedly changing the adapter driver can cause hardware to stop working

Answer 1

repeatedly changing the adapter driver can cause hardware to stop working

Question 2

What is one of the concerns faced when conducting a frame capture using the infrastructure method?
a. the capture will only be on a single channel
b. the AP radio used may support different technology than the stations
c. the AP radio will not be able to support clients while acting as a sensor
d. the capture will gather too much information since you are using an AP

Answer 2

AP radio will not be able to support clients while acting as a sensor

Question 3

What is the best reason to use multiple adapters locked on different channels when conducting protocol analysis?
a. to make it easier to diagnose roaming issues
b. to capture the desired traffic faster
c. to capture traffic from MIMO devices
d. to capture information transmitted in the SIFS

Answer 3

to make it easier to diagnose roaming issues

Question 4

When using a mobile protocol analysis solution, a laptop, what are the two most important things you must consider?
a. the OS support and the adapter support
b. the screen size and the installation time
c. the battery life and the hard drive space
d. the PHY and MIMO support of the adapter

Answer 4

the OS support and the adapter support

Question 5

What is the largest advantage using a distributed or an infrastructure-based method of protocol analysis has over using a mobile method?
a. they cost less than a mobile based method
b. they reduce truck rolls and save time
c. they require less training to use than mobile methods
d. they capture more information than mobile methods

Answer 5

they reduce trucks rolls and save time

Question 6

What can be used to allow you to see only the frames transmitted by a specific station in your analysis?
a. MAC locking
b. IP locking
c. Display filtering
d. Packet segregation

Answer 6

display filtering

Question 7

You are looking through a frame capture for the beacon frames sent by a specific AP to which users are connected. You see data and control frames from the AP but you are not able to see any beacon frames from that AP. What is the most likely cause of this problem?
a. user traffic is taking all of the airtime and the AP is unable to beacon
b. the AP is configured not to transmit beacon frames
c. you have a misconfigured display filter
d. the beacon interval on the AP is set to too great a value

Answer 7

you have a misconfigured display filter

Question 8

In addition to display filters, what do protocol analyzers offer to make finding frames of different types easier?
a. highlighting or colorization
b. PHY structure recognition
c. MIMO decoding
d. Frame regeneration

Answer 8

highlighting and colorization

Question 9

True or false: the duration for which an infrastructure-based protocol analyzer remains on a single channel is not changeable when scanning multiple channels

Answer 9

False (dwell time)

Question 10

What is an advantage to using an expert view in a protocol analysis tool?
a. ensuring only professionals see the important information
b. finding network problems faster
c. creating a complex deliverable for your customer
d. presenting only the information needed in the interface

Answer 10

finding network problems faster