Exam 200-201 topic 1 question 68 discussion

It is BE

B and E is the better answer

BE is the correct answer. About B: Packet capture enables teams to deal with complex network issues with ease and efficiency. - https://www.solarwinds.com/resources/it-glossary/pcap

BD Not only are network protocol analyzers used for security analysis. They are also very useful for network troubleshooting, software and protocol development, and education. For instance, in security forensics, a security analyst may attempt to reconstruct an incident from relevant packet captures.

B and E for me

agree it is BE

The two characteristics of full packet captures are: B. Troubleshooting the cause of security and performance issues. E. Providing a historical record of a network transaction. Options A, C, and D are not characteristics of full packet captures

Option C is not necessarily wrong, but it is not one of the two characteristics of full packet captures that the question is asking for. Reassembling fragmented traffic from raw data is a capability of full packet capture and can be useful for analyzing and understanding network traffic. However, the question is specifically asking for the two main characteristics of full packet capture.

Let's start from the word itself. "Characterstics" Characteristics - a feature or quality belonging typically to a person, place, or thing and serving to identify it. >>Characteristics<< - Reassembling fragmented traffic from raw data. - Providing a historical record of a Network Transaction. >>Use cases or Diagnostics<< - Identifying network loops and Collision Domains. - Troubleshooting the cause of security and performance issues. - Detecting common hardware faults and identify faulty assets.

Clearly bc we are here for cybersecurity, the other answers can be for net engineers.

BE for right answer.

C & E seems to be the correct answer .

It is BE. The question is about full packet capture and not about packet analysers. "Full Packet Capture (FPC) provides a network defender an after-the-fact investigative capability that other security tools cannot provide. Uses include capturing malware samples, network exploits and determining if data exfiltration has occurred. Full packet captures are a valuable troubleshooting tool for operations and security teams alike." https://sansorg.egnyte.com/dl/v6XafdW96e

correct it can ressamble the data that in the same session

C and E seem me correct answers. I don't exclude B because for Troubleshooting often use Wireshark. ops .. but this is third.

I agreee with anonymous1966. I think that correct answer is CE. C. Reassembling fragmented traffic from raw data. There is reassembly feature in Wireshark. https://wiki.wireshark.org/IP_Reassembly# E. Providing a historical record of a network transaction. Packet captures provide a full historical record of a network transaction or an attack. It is important to recognize that no other data source offers this level of detail. From Book:Omar Santos - Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

"C" is correct. IP Reassembly IP Reassembly is a feature in Wireshark and TShark to automatically reassemble all fragmented IP Datagrams into a full IP packet before calling the higher layer dissector. Ref: https://wiki.wireshark.org/IP_Reassembly This feature will require a lot of extra memory to be consumed by wireshark in order to store the reassembly buffers and is disabled by default. "E" is correct. By the book: Packet captures provide a full historical record of a network transaction or an attack. It is important to recognize that no other data source offers this level of detail. There are many study of cases of using Wireshark to troubleshooting the cause of security and performance issues. So, "B" would also be right. But the other options are more direct.