• Tutorials
  • Courses
  • Tracks

Cyber Quiz 17

Last Updated :
Discuss
Comments

Question 1

In Wireshark, which filter type is used to limit the captured traffic before it is recorded?

  • Display filter

  • Live analysis filter

  • Protocol display filter

  • Capture filter

Discuss it

Question 2

. Which Wireshark filter captures only packets originating from the host with IP 192.168.1.1?

  • ip.addr == 192.168.1.1

  • ip.dst == 192.168.1.1

  • ip.src == 192.168.1.1

  • host 192.168.1.1

Discuss it

Question 3

Which Wireshark feature analyzes packet content at all layers to reveal both header and payload information?

  • Deep Packet Inspection (DPI)

  • Payload Filtering

  • Full Packet Decoding

  • Content Parsing

Discuss it

Question 4

The main function of Wireshark “Display Filters” is to…

  • Restrict packets recorded during capture

  • Limit the packets shown after capture based on criteria

  • Stop specific protocols from being decoded

  • Block unwanted traffic from the network

Discuss it

Question 5

Which display filter shows only TCP packets going to destination IP 192.168.1.1?

  • ip.src == 192.168.1.1 && tcp

  • tcp.dst == 192.168.1.1

  • tcp && ip.dst == 192.168.1.11

  • ip.dst == 192.168.1.1 && tcp

Discuss it

Question 6

What type of detection flags traffic deviating from normal patterns?

  • Signature-based detection

  • Policy-based detection

  • Anomaly-based detection

  • Pattern-matching detection

Discuss it

Question 7

In promiscuous mode, Wireshark will

  • Capture only broadcast traffic

  • Capture all packets visible to the network interface

  • Capture only unicast packets to the host

  • Capture packets for a specific VLAN only

Discuss it

Question 8

The Wireshark filter tcp.flags.syn == 1 shows

  • TCP packets with the SYN flag set, starting a connection

  • TCP packets with SYN cleared

  • TCP packets with both SYN and ACK flags set

  • All packets containing SYN in payload

Discuss it

Question 9

To capture all traffic within the network 192.168.1.0/24, use

  • net 192.168.1.0/24

  • ip.addr == 192.168.1.0/24

  • ip.src == 192.168.1.0/24

  • ip.net == 192.168.1.0/24

Discuss it

Question 10

Which is a key advantage of flow-based tools like NetFlow or sFlow?

  • They perform packet payload inspection

  • They capture only specific protocols

  • They analyze traffic patterns, bandwidth, and communication flows

  • They block malicious packets in real time

Discuss it

There are 10 questions to complete.

Take a part in the ongoing discussion