Securing your Network Week 2

Question 1

Which Wireshark feature allows you to selectively capture network traffic based on predefined criteria before it is captured?

Answer 1

Capture Filters

Capture filters in Wireshark enable the selective capturing of network traffic based on predefined criteria.

Question 2

The NOC team primarily interacts with end clients, while the help desk manages enterprise-level IT communications.

Answer 2

False

The NOC is responsible for managing enterprise-level IT communications, while the help desk typically interacts with end clients, providing user support and assistance.

Question 3

What key statistical categories does Wireshark Statistics encompass?

Answer 3

Conversations
Protocol Hierarchy
Capture File Properties
Endpoints

Wireshark Statistics includes categories like conversations, capture file properties, protocol hierarchy, and Endpoints, providing insights into captured packets.

Question 4

Shallow Packet Inspection (SPI) primarily examines the content within data packets rather than their headers.

Answer 4

False

Shallow Packet Inspection (SPI) primarily examines the packet headers for routing information, not the content within the data packets.

Question 5

SNMPv3 added View, Groups, and Users to enhance its security features.

Answer 5

True

SNMPv3 introduced security enhancements like encryption and authentication, along with features like View, Groups, and Users.

Question 6

Zeek generates logs categorized based on network activity or protocols such as HTTP, DNS, and SSL.

Answer 6

True

Zeek creates structured logs categorized by network activity and protocol types, which helps with organized analysis and effective monitoring of network traffic, aiding in identifying anomalies or suspicious activities within the network.

Question 7

What is the primary purpose of SNMP sniffing?

Answer 7

Unauthorized interception and analysis of SNMP traffic.

SNMP sniffing involves intercepting and analyzing SNMP traffic, which can pose security risks.

Question 8

What is the primary purpose of NetFlow?

Answer 8

To monitor network performance and optimize resource allocation.

Question 9

What is the primary function of tcpdump in network analysis?

Answer 9

Capturing network traffic.

The primary function of tcpdump is to capture and analyze network traffic in real-time or offline by utilizing command-line interfaces.

Question 10

NetworkMiner is primarily designed for deeper packet analysis than Wireshark.

Answer 10

False

NetworkMiner is not primarily designed for in-depth packet analysis. Its primary function is to simplify the extraction of files from captured traffic.