Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Protocol Analysis WCNA - Wireshark Certified Network Analyst Practice Exam

Protocol Analysis WCNA Premium Access     Download Demo    
Page: 1 / 3
Total 100 questions

How do you determine which Profile is in use while you are capturing traffic?

A.

Examine the Wireshark Title Bar.

B.

Lookin the Status Bar Profile column.

C.

Right-click on the Packet Summary pane.

D.

Open the Preferences | Interface information.

Applications may override the default port value defined in the TCP/IP stack services file.

A.

True

B.

False

Display filters areapplied to decrease the time required to identify the cause of poor network performance, unusual network traffic patterns or other traffic of interest.

A.

True

B.

False

You can identify compromised hosts that are communicating with Command and Control (C&C) servers by capturing traffic close to the network egress point and filtering on the IP addresses of the suspect C&C servers.

A.

True

B.

False

Which Wireshark feature is used to make the process of following TCP Sequence/Acknowledgment numbers easier to interpret?

A.

sequence number flagging

B.

sequence number prediction

C.

relative sequence numbering

D.

actual sequence number interpretations

You are analyzing network traffic, but you only see ARP queries - you do not see any ARP responses. What could cause this situation?

A.

Wireshark is not running in monitor mode.

B.

You have applied an ip filter to the traffic.

C.

You are filtering on IP addresses for another network.

D.

You are connected to a switch port that is not spanned.

DNS can onlyresolve IP addresses to host names.

A.

True

B.

False

Which traffic characteristic is often seen when analyzing database applications that transfer individual records across the network?

A.

small packet sizes

B.

multicast responses

C.

large delays between transmissions

D.

separate connections for each record

What might be the purpose of thistraffic?

A.

scan to identify active hosts on a network

B.

scan to determine open TCP ports on a target

C.

scan to determine open UDP ports on a target

D.

scan to discover IP-based protocols on a target

A host has just booted up. This host is allowed to send ARP queries for the MAC address of thelocal DNS server before sending gratuitous ARPs to test for duplicate IP addresses on the network.

A.

True

B.

False