Total No. of Questions = 20

1. On a switch, each switchport represents a ____________.

  • A) VLAN
  • B) Broadcast domain
  • C) Host
  • D) Collision domain

Show Answer

The Correct Answer is:- D

2. Wireless access points function as a ____________.

  • A) Hub
  • B) Bridge
  • C) Router
  • D) Repeater

Show Answer

The Correct Answer is:- A

3. What mode must be configured to allow an NIC to capture all traffic on the wire?

  • A) Extended mode
  • B) 10/100
  • C) Monitor mode
  • D) Promiscuous mode

Show Answer

The Correct Answer is:- D

4. Which of the following prevents ARP poisoning?

  • A) ARP Ghost
  • B) IP DHCP Snooping
  • C) IP Snoop
  • D) DNSverf

Show Answer

The Correct Answer is:- B

5. Jennifer is a system administrator who is researching a technology that will secure network traffic from potential sniffing by unauthorized machines. Jennifer is not concerned with the future impact on legitimate troubleshooting. What technology can Jennifer implement?

  • A) SNMP
  • B) LDAP
  • C) SSH
  • D) FTP

Show Answer

The Correct Answer is:- C

6. MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?

  • A) The MAC address doesn’t map to a manufacturer.
  • B) The MAC address is two digits too long.
  • C) A reverse ARP request maps to two hosts.
  • D) The host is receiving its own traffic.

Show Answer

The Correct Answer is:- C

7. Bob is attempting to sniff a wired network in his first pen test contract. He sees only traffic from the segment he is connected to. What can Bob do to gather all switch traffic?

  • A) MAC flooding
  • B) MAC spoofing
  • C) IP spoofing
  • D) DOS attack

Show Answer

The Correct Answer is:- A

8. What technique funnels all traffic back to a single client, allowing sniffing from all connected hosts?

  • A) ARP redirection
  • B) ARP poisoning
  • C) ARP flooding
  • D) ARP partitioning

Show Answer

The Correct Answer is:- B

9. Which Wireshark filter displays only traffic from 192.168.1.1?

  • A) ip.addr =! 192.168.1.1
  • B) ip.addr ne 192.168.1.1
  • C) ip.addr == 192.168.1.1
  • D) ip.addr – 192.168.1.1

Show Answer

The Correct Answer is:- C

10. What common tool can be used for launching an ARP poisoning attack?

  • A) Cain & Abel
  • B) Nmap
  • C) Scooter
  • D) Tcpdump

Show Answer

The Correct Answer is:- A

11. Which command launches a CLI version of Wireshark?

  • A) Wireshk
  • B) dumpcap
  • C) tshark
  • D) editcap

Show Answer

The Correct Answer is:- C

12. Jennifer is using tcpdump to capture traffic on her network. She would like to save the capture for later review. What command can Jennifer use?

  • A) tcpdump –r capture.log
  • B) tcpdump –l capture.log
  • C) tcpdump –t capture.log
  • D) tcpdump –w capture.log

Show Answer

The Correct Answer is:- D

13. What is the generic syntax of a Wireshark filter?

  • A) protocol.field operator value
  • B) field.protocol operator value
  • C) operator.protocol value field
  • D) protocol.operator value field

Show Answer

The Correct Answer is:- A

14. Tiffany is analyzing a capture from a client’s network. She is particularly interested in NetBIOS traffic. What port does Tiffany filter for?

  • A) 123
  • B) 139
  • C) 161
  • D) 110

Show Answer

The Correct Answer is:- B

15. Based on the packet capture shown in the graphic, what is contained in the highlighted section of the packet?


  • A) The frame value of the packet
  • B) The MAC address of the sending host
  • C) Source and destination IP addresses
  • D) The routed protocol value

Show Answer

The Correct Answer is:- C

16. Jennifer is using tcpdump to capture traffic on her network. She would like to review a capture log gathered previously. What command can Jennifer use?

  • A) tcpdump –r capture.log
  • B) tcpdump – l capture.log
  • C) tcpdump –t capture.log
  • D) tcpdump –w capture.log

Show Answer

The Correct Answer is:- A

17. Wireshark requires a network card to be able to enter which mode to sniff all network traffic?

  • A) Capture mode
  • B) Promiscuous mode
  • C) Pcap mode
  • D) Gather mode

Show Answer

The Correct Answer is:- B

18. Which network device can block sniffing to a single network collision domain, create VLANs, and make use of SPAN ports and port mirroring?

  • A) Hub
  • B) Switch
  • C) Router
  • D) Bridge

Show Answer

The Correct Answer is:- B

19. What device will neither limit the flow of traffic nor have an impact on the effectiveness of sniffing?

  • A) Hub
  • B) Router
  • C) Switch
  • D) Gateway

Show Answer

The Correct Answer is:- A

20. The command-line equivalent of WinDump is known as what?

  • A) Wireshark
  • B) Tcpdump
  • C) WinDump
  • D) Netstat

Show Answer

The Correct Answer is:- B