Chapter 8. Capturing Traffic for Advanced Analysis Flashcards
1.Which engine is responsible for analyzing traffic in a threat defense?
A. ASA engine.
B. Snort engine.
C. Lina engine.
D. All of these answers are correct.
D. All of these answers are correct. A threat defense analyzes packets with the help of the Snort engine as well as the ASA and Lina engines.
2.Which of the following statements is true?
A. Capturing traffic can increase the CPU utilization of a threat defense.
B. A threat defense is designed to capture traffic only for troubleshooting purposes.
C. You can use the management center GUI to capture traffic from the threat defense interfaces.
D. All of these answers are correct.
D. All of these answers are correct. Capturing traffic can increase the CPU utilization of a threat defense. A threat defense is designed to capture traffic only for troubleshooting purposes, and you can use the management center GUI to capture traffic from the threat defense interfaces.
3.What does the Stop When Full option do?
A. It stops a threat defense from further packet inspection.
B. It stops a threat defense from capturing traffic when the database is full.
C. It stops a threat defense from capturing traffic when the buffer is full.
D. It stops a threat defense from filling up the buffer when excessive traffic is in interfaces.
C. It stops a threat defense from capturing traffic when the buffer is full.
4.Which of the following statements is true about captured packets?
A. You can store captured packets into a file directly using the management center.
B. You can store the traces of captured packets in a cleartext format.
C. Packets that are seen live by the threat defense interfaces can be viewed offline.
D. All of these answers are correct.
D. All of these answers are correct. You can store captured packets into a file directly using the management center. You can store the traces of captured packets into a cleartext format. Packets that are seen live by the threat defense interfaces can be viewed offline.
