WCNA Wireshark Exam Questions and Answers

From which timer are Wireshark timestamps taken? - from the computer time What is the delta time in Wireshark? - the time spent for a packet to go from the source to the destination and then back. T/F: the time format is fixed and can not be adjusted in Wireshark - False. "T/F: There are only two types of timestamps: related time, absolute time - False In which measurement unit are Wireshark timestamps? - in millisecond T/F: Measurement unit of Wireshark timestamps can be changed to nanoseconds - True. What are some types of timestamps in Wireshark? - absolute time, related time, time from last captured packet, time from last displayed packet, time from the beginning of the capture T/F: Capture filters and display filters create the same amount of captured packets. - False. With capture filters we have less packets because we tell Wireshark to capture only the packets that correspond to the filter. A display filter prevents packets from being displayed; The capture itself is intact. T/F: Capture filters are predefined and can not be modified. - False. Users can define new capture filters T/F: Configuration profiles are not flexible. - False. A network administrator can add as may configuration profiles as needed. T/F: Coloring in Wireshark can only be temporary - False. There are both possibilites: temporary coloring, and permanent coloring with Coloring Rules T/F: There is a mode in Wireshark called "specialist" - False. It is called "expert mode" What is the best network location to place a wireshark station? - as close to the source of packets as possible. How to switch between Configuration Profiles in Wireshark? - Edit -> Configuration Profiles What are the steps of a Wireshark troubleshooting session? - plan, capture, analyse, repeat What are the steps of a Wireshark security analysis? - plan, capture, analyse, secure, document. True/False: Wireshark can not help in identifying network devices queuing delays - False. What is the recommended format when saving Wireshark traces and why? - pcapng, because it allows to save packet comments. What must a network analysist consider in terms of law? - that some companies require an explicitly written permission to analyse their network, because it may contain sensitive or confidential data. Which of these network devices do change the MAC address source and/or destination of an Ethernet frame header: router, switch, firewall? - router, firewall. When a packet arrives to a network devices, what is the first thing that the device performs? - calculate and compare the checksum. If values do not match, the packet is dopped. What are some application tasks for a network analyst? - - analyse application bandwidth requirements - determine application protocols and ports in use - validate application secure data traversal What are some security tasks for a network analyst? - - identify and define malicious traffic signatures - perform intrusion detection - test firewall blocking rules - passively discover hosts, OSs and services - validate secure login and data traversal What are some optimization tasks for a network analyst? - - evaluate current bandiwdth usage - analyse response times on the network - evaluate efficient use of packet sizes in a data transfer application What are some troubleshooting tasks for a network analyst? - - identify network errors and service refusals - evaluate high delays in a network path - graph queuing delays - locate points of packet loss - identify device and software misconfigurations