05

Question 1

The ________ function is sent as the hexadecimal characters __________ and ____________

Answer 1

EOL, 0x0d0a, 0x0d

Question 2

_____ Host - mapping FQDN to IPv4 address (Forward Lookup)

Answer 2

A1

Question 3

_____ Canonical Name, Mapping, Alias (commonly used for web servers)

Answer 3

Cname5

Question 4

____ Mail Exchanger (email servers)

Answer 4

MX15

Question 5

_____ Pointer – mapping IP to FQDN (Reverse Lookup)

Answer 5

PTR12

Question 6

____ Start of authority - best source of information for this domain.

Answer 6

SOA6

Question 7

____ Service Location - locate servers hosting services for a specific
domain. SRV records allow for built-in load balancing of multiple
servers using the priority and weight values in the records.

Answer 7

SRV33

Question 8

____ Host – mapping FQDN to IPv6 host addresse

Answer 8

AAAA28

Question 9

____ Zone transfer - transfers of DNS cache/database

Answer 9

AXFR252

Question 10

___________ involves an individual or malicious software (malware) gathering and
transmitting information by placing information at the beginning of a valid FQDN.

Answer 10

DNS Exfiltration

Question 11

How do I see all dns header traffic? How do i see more of it?

Answer 11

dns

udp.port == 53

Question 12

How do I see all valid responses from a server?

Answer 12

dns.a

Question 13

How do I find specific query types?

Answer 13

dns.qry.type == 1

Question 14

How do I find all queries/responses specified with a FQDN?

Answer 14

dns.qry.name == “FQDN”

Question 15

How do I see all dns responses/requests?

Answer 15

dns.flags gt 8000 responses
dns.flags lt 8000
requests

Question 16

________ A request for information about the communications options available on the
request/response chain.

Answer 16

OPTIONS

Question 17

_______ A request to retrieve whatever information is identified.

Answer 17

GET

Question 18

_________ Identical to GET, except the server MUST NOT return a message-body in the
response. This is used to obtain meta information about the requested item
without transferring the item itself, i.e., testing a hyperlink without actually
receiving the next web page.

Answer 18

HEAD

Question 19

_______ Used to request that the server accept the enclosed item from client as a new
subordinate of the server resource identified in the request.

Answer 19

POST

Question 20

How do i see all the http request methods in a capture?

How do I see alll tcp traffic everything

Answer 20

http.request.method

tcp.port == 80

Question 21

How do I see all referers in a capture?

Answer 21

http.referer

Question 22

What http response code is information?

Answer 22

1xx

Question 23

What http response code is Success

Answer 23

2xx

Question 24

What http response code is Redirect

Answer 24

3xx

Question 25

What http response code is Client Error

Answer 25

4xx

Question 26

What http response code is Server Error

Answer 26

5xx

Question 27

________ is an IETF application-layer control/signaling protocol for creating, modifying, and terminating sessions with one or more participants that uses TCP or UDP ports _______ and __________

Answer 27

SIP 5060 5061

Question 28

______________ is a data transfer protocol designed specifically to exchange real-time sensitive, audio-visual data on IP-based networks.

Answer 28

RTP

Question 29

How do I see all sip/rtp sessions?

Answer 29

sip rtp

Question 30

________ carries statistical and control data, while RTP delivers the data.

Answer 30

RTCP

Question 31

:_______ filter shows all telnet application layer packets. How do I see every layers telnet packets?

Answer 31

telnet tcp.port == 23

Question 32

How do I pick out specific data from a telnet packet?

Answer 32

telnet.data === data

Question 33

What ports does snmp use?

Answer 33

udp 161 request 162 trap

Question 34

How do I see all snmp application layer packets?

Answer 34

snmp

Question 35

How do I see all snmp request messages?

Answer 35

snmp.port == 161

Question 36

How do I see all snmp trap messages?

Answer 36

snmp.port == 162

Question 37

How do I find specific data from a snmp packet?

Answer 37

snmp.data ==