Module H1: Network Analysis Tools

Question 1

A _____ is a standard procedure for regulating data transmission between computers.

Answer 1

protocol

Question 2

What type of tool analyzes streams of protocol data and displays bits in a structured format?

Protocol Analyzer
Bit Analyzer
Protocol Debugger
Frame Sniffer

Answer 2

Protocol Analyzer

Question 3

Which tool classification helps you solve problems based on past behaviors that you know already exist?

Proactive
Reactive
Active
Passive

Answer 3

Reactive

Question 4

Local traffic analysis is the process of capturing \local network traffic that your interface sees.

True
False

Answer 4

True

Question 5

1. Which of the following would be considered a good baseline for your organization?

• A updated network configuration in anticipation of new threats.
• The default out of the box configuration for your infrastructure.
• A snapshot of the current known good configurations
• A network configuration you found on the internet.

Answer 5

A snapshot of the current known good configurations

Question 6

Baselines are necessary to capture “normal” so that changes or abnormalities can be identified later.

True

False

Answer 6

True

Question 7

________ _____________ is the process of gathering log data so that network developers can track resource use, bugs, availability, and other reportable issues.

• Server Performance
• Command Climate Survey
• Network Ping Test
• Application monitoring

Answer 7

Application monitoring

Question 8

Load Balancing Metrics are used to evenly distribute the amount of data and information being sent and received over a network.

True

False

Answer 8

True

Question 9

Packet _______ is typically done through packet capture programs which actually ‘capture’ the packets going across the networks.

Answer 9

analysis

Question 10

A sniffer captures and logs all packets that pass through it for analysis or storage.

True

False

Answer 10

True

Question 11

Which flag for the command “dumpcap” will print statistics for each interface every second?

Answer 11

-S

Question 12

Which of the following switches in TCPDump is used to show the packet’s content in Hex and ASCII?

• D
• l
• X
• v

Answer 12

-X

Question 13

What is the correct TCPDump syntax to write to a file named CBTC and analyzing port 80?

Answer 13

tcpdump port 80 -w CBTC

Question 14

In a BPF, the second number behind the colon represents what?

• The length of the field
• The value of the field
• The start byte
• None of the above

Answer 14

The length of the field

Question 15

Which of the following protocol headers cannot be used with BPFs?

• Ether
• ARP
• DHCP
• IPv6

Answer 15

DHCP

Question 16

If you are looking for ICMP traffic, what is the correct TCPdump syntax?

Answer 16

tcpdump icmp

Question 17

What is the correct TCPdump syntax to filter for traffic by source address with the following IP, 10.50.1.1?

Answer 17

tcpdump src 10.50.1.1

Question 18

To filter using tcpdump on interface eth0, what is the correct syntax?

Answer 18

tcpdump -i eth0

Question 19

What is the correct syntax to filter for traffic going to and from host 192.168.50.24?

Answer 19

tcpdump host 192.168.50.24

Question 20

What tool is a command line tool used to capture and display contents of a packet traversing a network interface?

• TCPdump
• Microsoft Network Monitor
• Tshark
• Wireshark

Answer 20

TCPdump

Question 21

Which function in Wireshark provides you with the computers that are talking to each other?

Answer 21

conversations

Question 22

Which protocol analyzer analyzes data from the wire or a packet capture?

Answer 22

wireshark

Question 23

Which function in Wireshark tells you the most used protocols?

Answer 23

protocol hierarchy