25.3.8 Check Your Understanding – Identify the Security Technology from the Data Description Answers

1. What is used to generate and view full packet captures?

  • NetFlow
  • tcpdump
  • Proxy Logs
  • Syslog

Explanation: tcpdump is used to generate and view full packet captures. Wireshark is a GUI built around TCP dump.

2. What two values are part of all NetFlow flow records? (Choose two.)

  • beginning timestamp
  • full packet details
  • ending timestamp
  • DNS server requests
  • application identifiers

Explanation: All NetFlow flows are timestamped with their beginning timestamps and end timestamps so that flow duration can be calculated.

3. What does Application Visibility and Control (AVC) use to discover the applications that are responsible for network traffic?

  • NBAR2
  • full packet captures
  • DNS logs
  • NetFlow flow records
  • firewall packet logs

Explanation: NBAR2 is used by AVC to determine the applications that originate network traffic.

4. Which two devices will create logs of suspicious content that has been detected in application traffic? (Choose two.)

  • NetFlow
  • Email security appliance
  • Web security appliance
  • tcpdump
  • NBAR2

Explanation: Email and web security appliances will generate logs of suspicious content that has been removed from application traffic.

Notify of

Inline Feedbacks
View all comments