CISCO Cyberops Security Fundamentals Section 01: TCP/IP Protocol Suite (Q 41-50)

1. Which one of the following options describes the protocol and port that is used by DNS?

TCP 53

UDP 53

UDP 53 and TCP 53

Any registered port

The correct answer is UDP 53 and TCP 53. DNS (Domain Name System) uses both UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) as transport protocols. UDP is used for regular DNS queries and responses, while TCP is used for larger DNS messages that exceed the maximum size allowed by UDP. Port 53 is the well-known port number assigned to DNS, and both UDP and TCP use this port for communication.

Explanation

The correct answer is UDP 53 and TCP 53. DNS (Domain Name System) uses both UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) as transport protocols. UDP is used for regular DNS queries and responses, while TCP is used for larger DNS messages that exceed the maximum size allowed by UDP. Port 53 is the well-known port number assigned to DNS, and both UDP and TCP use this port for communication.

2. What service does the DNS protocol provide?

Points to a website proxy device

Resolve IP addresses to MAC addresses

User-friendly hostname resolution to an IP address

Resolves a NetBIOS hostname to a MAC Address

The DNS protocol provides user-friendly hostname resolution to an IP address. This means that it translates human-readable domain names (such as www.example.com) into the corresponding IP addresses (such as 192.168.1.1) that computers use to communicate with each other over the internet. This allows users to easily access websites and other online services without needing to remember or input complex numerical IP addresses.

Explanation

The DNS protocol provides user-friendly hostname resolution to an IP address. This means that it translates human-readable domain names (such as www.example.com) into the corresponding IP addresses (such as 192.168.1.1) that computers use to communicate with each other over the internet. This allows users to easily access websites and other online services without needing to remember or input complex numerical IP addresses.

3. Which one of the following protocols sends data in clear text?

Telnet

HTTPS

SSH

SCP

Telnet is the correct answer because it is a protocol that sends data in clear text. This means that the data being transmitted is not encrypted or secured, making it susceptible to interception and eavesdropping. Telnet is commonly used for remote access to devices and systems, but its lack of encryption makes it insecure for transmitting sensitive information. In contrast, HTTPS, SSH, and SCP are protocols that use encryption to secure the data being transmitted, making them more secure options for sending data over a network.

Explanation

Telnet is the correct answer because it is a protocol that sends data in clear text. This means that the data being transmitted is not encrypted or secured, making it susceptible to interception and eavesdropping. Telnet is commonly used for remote access to devices and systems, but its lack of encryption makes it insecure for transmitting sensitive information. In contrast, HTTPS, SSH, and SCP are protocols that use encryption to secure the data being transmitted, making them more secure options for sending data over a network.

4. What two types of ICMP messages are used by the ping command ? (Choose two.)

Whois Request

Destination Unreachable

Echo Request

Echo Reply

The correct answer is Echo Request and Echo Reply. The ping command uses Echo Request messages to send a request to a specific destination, such as a host or IP address. The destination then responds with an Echo Reply message to indicate that it has received the request. These ICMP messages are used to test the connectivity and response time of a network.

Explanation

The correct answer is Echo Request and Echo Reply. The ping command uses Echo Request messages to send a request to a specific destination, such as a host or IP address. The destination then responds with an Echo Reply message to indicate that it has received the request. These ICMP messages are used to test the connectivity and response time of a network.

Submit

5. To capture traffic that is not destined for the local machine, the network card must be placed into a special mode, referred to as which mode?

Promiscuous

Transparent

Monitor

Bypass

Promiscuous mode is the correct answer because it refers to a special mode in which a network card captures and receives all network traffic, regardless of its destination. This mode allows the network card to monitor and capture traffic that is not intended for the local machine, which can be useful for network analysis and troubleshooting purposes. Transparent mode, monitor mode, and bypass mode do not accurately describe this specific functionality of capturing traffic not destined for the local machine.

Explanation

Promiscuous mode is the correct answer because it refers to a special mode in which a network card captures and receives all network traffic, regardless of its destination. This mode allows the network card to monitor and capture traffic that is not intended for the local machine, which can be useful for network analysis and troubleshooting purposes. Transparent mode, monitor mode, and bypass mode do not accurately describe this specific functionality of capturing traffic not destined for the local machine.

6. The main interface of Wireshark consists of what three components? (Choose three.)

Packet list

Packet details

Packet bytes

Interface statistics

Protocol hierarchy

The main interface of Wireshark consists of three components: packet list, packet details, and packet bytes. The packet list displays a list of captured packets, allowing users to select and analyze specific packets. The packet details provide in-depth information about the selected packet, including source and destination addresses, protocols, and timestamps. The packet bytes display the raw data of the selected packet, allowing users to view the actual contents of the captured packets. These three components together provide a comprehensive view of the captured network traffic for analysis and troubleshooting purposes.

Explanation

The main interface of Wireshark consists of three components: packet list, packet details, and packet bytes. The packet list displays a list of captured packets, allowing users to select and analyze specific packets. The packet details provide in-depth information about the selected packet, including source and destination addresses, protocols, and timestamps. The packet bytes display the raw data of the selected packet, allowing users to view the actual contents of the captured packets. These three components together provide a comprehensive view of the captured network traffic for analysis and troubleshooting purposes.

Submit

7. When a user opens a web browser to initiate an HTTP connection to the https://www.example.com web server, the first TCP packet that is sent to the web server will have which TCP flag set?

RST

URG

PSH

ACK

SYN

When a user opens a web browser to initiate an HTTP connection, the first TCP packet that is sent is the SYN packet. The SYN flag is set in this packet to establish a connection with the web server. This packet is sent from the client to the server to request a connection and synchronize sequence numbers.

Explanation

When a user opens a web browser to initiate an HTTP connection, the first TCP packet that is sent is the SYN packet. The SYN flag is set in this packet to establish a connection with the web server. This packet is sent from the client to the server to request a connection and synchronize sequence numbers.

8. Which ICMP message type is sent by the router if an IP packet TTL field reaches zero?

Destination Unreachable

ICMP Time-Exceeded

Echo Reply

Echo Request

When the Time to Live (TTL) field of an IP packet reaches zero, it means that the packet has exceeded its maximum number of hops and cannot be forwarded further. In this case, the router sends an ICMP Time-Exceeded message back to the source IP address to inform it of the issue. This message helps the source to determine that the packet did not reach its intended destination and allows for troubleshooting and error handling.

Explanation

When the Time to Live (TTL) field of an IP packet reaches zero, it means that the packet has exceeded its maximum number of hops and cannot be forwarded further. In this case, the router sends an ICMP Time-Exceeded message back to the source IP address to inform it of the issue. This message helps the source to determine that the packet did not reach its intended destination and allows for troubleshooting and error handling.

9. When using Wireshark and tcpdump together, which one of the following options are the filters that you would configure to reduce the amount of unnecessary data that was captured?

Turn off promiscuous mode on the interface

Turn on promiscuous mode on the interface

Set tcpdump capture filters

Disable the monitor interface mode

By setting tcpdump capture filters, you can configure specific criteria to capture only the necessary data, reducing the amount of unnecessary data that is captured. This allows you to focus on capturing the specific network traffic that you are interested in analyzing, rather than capturing all the traffic on the network.

Explanation

By setting tcpdump capture filters, you can configure specific criteria to capture only the necessary data, reducing the amount of unnecessary data that is captured. This allows you to focus on capturing the specific network traffic that you are interested in analyzing, rather than capturing all the traffic on the network.

10. Which one of the following options is the syntax that Wireshark display filters use?

BPF

BSD

YAML

Proprietary

Wireshark display filters use a proprietary syntax, which means that it is a unique and specific syntax developed by the creators of Wireshark. This syntax is not based on any existing standard or widely used language like BPF (Berkeley Packet Filter), BSD (Berkeley Software Distribution), or YAML (YAML Ain't Markup Language). Therefore, the correct answer is proprietary.

Explanation

Wireshark display filters use a proprietary syntax, which means that it is a unique and specific syntax developed by the creators of Wireshark. This syntax is not based on any existing standard or widely used language like BPF (Berkeley Packet Filter), BSD (Berkeley Software Distribution), or YAML (YAML Ain't Markup Language). Therefore, the correct answer is proprietary.

CISCO Cyberops Security Fundamentals Section 01: TCP/IP Protocol Suite (Q 41-50)

1. Which one of the following options describes the protocol and port that is used by DNS?

2.

What first name or nickname would you like us to use?

2. What service does the DNS protocol provide?

3. Which one of the following protocols sends data in clear text?

4. What two types of ICMP messages are used by the ping command ? (Choose two.)

5. To capture traffic that is not destined for the local machine, the network card must be placed into a special mode, referred to as which mode?

6. The main interface of Wireshark consists of what three components? (Choose three.)

7. When a user opens a web browser to initiate an HTTP connection to the https://www.example.com web server, the first TCP packet that is sent to the web server will have which TCP flag set?

8. Which ICMP message type is sent by the router if an IP packet TTL field reaches zero?

9. When using Wireshark and tcpdump together, which one of the following options are the filters that you would configure to reduce the amount of unnecessary data that was captured?

10. Which one of the following options is the syntax that Wireshark display filters use?