1. What is used to generate and view full packet captures?
- NetFlow
- tcpdump
- Proxy Logs
- Syslog
Explanation: tcpdump is used to generate and view full packet captures. Wireshark is a GUI built around TCP dump.
2. What two values are part of all NetFlow flow records? (Choose two.)
- beginning timestamp
- full packet details
- ending timestamp
- DNS server requests
- application identifiers
Explanation: All NetFlow flows are timestamped with their beginning timestamps and end timestamps so that flow duration can be calculated.
3. What does Application Visibility and Control (AVC) use to discover the applications that are responsible for network traffic?
- NBAR2
- full packet captures
- DNS logs
- NetFlow flow records
- firewall packet logs
Explanation: NBAR2 is used by AVC to determine the applications that originate network traffic.
4. Which two devices will create logs of suspicious content that has been detected in application traffic? (Choose two.)
- NetFlow
- Email security appliance
- Web security appliance
- tcpdump
- NBAR2
Explanation: Email and web security appliances will generate logs of suspicious content that has been removed from application traffic.