1.
What service does the DNS protocol provide?
Correct Answer
C. User-friendly hostname resolution to an IP address
Explanation
The DNS protocol provides user-friendly hostname resolution to an IP address. This means that it translates human-readable domain names (such as www.example.com) into the corresponding IP addresses (such as 192.168.1.1) that computers use to communicate with each other over the internet. This allows users to easily access websites and other online services without needing to remember or input complex numerical IP addresses.
2.
Which one of the following options describes the protocol and port that is used by DNS?
Correct Answer
C. UDP 53 and TCP 53
Explanation
The correct answer is UDP 53 and TCP 53. DNS (Domain Name System) uses both UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) as transport protocols. UDP is used for regular DNS queries and responses, while TCP is used for larger DNS messages that exceed the maximum size allowed by UDP. Port 53 is the well-known port number assigned to DNS, and both UDP and TCP use this port for communication.
3.
Which ICMP message type is sent by the router if an IP packet TTL field reaches zero?
Correct Answer
B. ICMP Time-Exceeded
Explanation
When the Time to Live (TTL) field of an IP packet reaches zero, it means that the packet has exceeded its maximum number of hops and cannot be forwarded further. In this case, the router sends an ICMP Time-Exceeded message back to the source IP address to inform it of the issue. This message helps the source to determine that the packet did not reach its intended destination and allows for troubleshooting and error handling.
4.
What two types of ICMP messages are used by the ping command ? (Choose two.)
Correct Answer(s)
C. Echo Request
D. Echo Reply
Explanation
The correct answer is Echo Request and Echo Reply. The ping command uses Echo Request messages to send a request to a specific destination, such as a host or IP address. The destination then responds with an Echo Reply message to indicate that it has received the request. These ICMP messages are used to test the connectivity and response time of a network.
5.
Which one of the following protocols sends data in clear text?
Correct Answer
A. Telnet
Explanation
Telnet is the correct answer because it is a protocol that sends data in clear text. This means that the data being transmitted is not encrypted or secured, making it susceptible to interception and eavesdropping. Telnet is commonly used for remote access to devices and systems, but its lack of encryption makes it insecure for transmitting sensitive information. In contrast, HTTPS, SSH, and SCP are protocols that use encryption to secure the data being transmitted, making them more secure options for sending data over a network.
6.
To capture traffic that is not destined for the local machine, the network card must be placed into a special mode, referred to as which mode?
Correct Answer
A. Promiscuous
Explanation
Promiscuous mode is the correct answer because it refers to a special mode in which a network card captures and receives all network traffic, regardless of its destination. This mode allows the network card to monitor and capture traffic that is not intended for the local machine, which can be useful for network analysis and troubleshooting purposes. Transparent mode, monitor mode, and bypass mode do not accurately describe this specific functionality of capturing traffic not destined for the local machine.
7.
The main interface of Wireshark consists of what three components? (Choose three.)
Correct Answer(s)
A. Packet list
B. Packet details
C. Packet bytes
Explanation
The main interface of Wireshark consists of three components: packet list, packet details, and packet bytes. The packet list displays a list of captured packets, allowing users to select and analyze specific packets. The packet details provide in-depth information about the selected packet, including source and destination addresses, protocols, and timestamps. The packet bytes display the raw data of the selected packet, allowing users to view the actual contents of the captured packets. These three components together provide a comprehensive view of the captured network traffic for analysis and troubleshooting purposes.
8.
Which one of the following options is the syntax that Wireshark display filters use?
Correct Answer
D. Proprietary
Explanation
Wireshark display filters use a proprietary syntax, which means that it is a unique and specific syntax developed by the creators of Wireshark. This syntax is not based on any existing standard or widely used language like BPF (Berkeley Packet Filter), BSD (Berkeley Software Distribution), or YAML (YAML Ain't Markup Language). Therefore, the correct answer is proprietary.
9.
When using Wireshark and tcpdump together, which one of the following options are the filters that you would configure to reduce the amount of unnecessary data that was captured?
Correct Answer
C. Set tcpdump capture filters
Explanation
By setting tcpdump capture filters, you can configure specific criteria to capture only the necessary data, reducing the amount of unnecessary data that is captured. This allows you to focus on capturing the specific network traffic that you are interested in analyzing, rather than capturing all the traffic on the network.
10.
When a user opens a web browser to initiate an HTTP connection to the http://www.example.com web server, the first TCP packet that is sent to the web server will have which TCP flag set?
Correct Answer
E. SYN
Explanation
When a user opens a web browser to initiate an HTTP connection, the first TCP packet that is sent is the SYN packet. The SYN flag is set in this packet to establish a connection with the web server. This packet is sent from the client to the server to request a connection and synchronize sequence numbers.